Red Hat Security Advisory 2023-3741-01

Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5435-1

Debian Linux Security Advisory 5435-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.

Red Hat Security Advisory 2023-3711-01

Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3715-01

Red Hat Security Advisory 2023-3715-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-3342-01

Red Hat Security Advisory 2023-3342-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3714-01

Red Hat Security Advisory 2023-3714-01 - PostgreSQL is an advanced object-relational database management system.

Red Hat Security Advisory 2023-3725-01

Red Hat Security Advisory 2023-3725-01 - The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.

Red Hat Security Advisory 2023-3723-01

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3708-01

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3722-01

Red Hat Security Advisory 2023-3722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer over-read and denial of service vulnerabilities.

[webapps] Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)

Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)

[remote] Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing

Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing

Re: OpenBSD kernel relinking is not transactional and a local exploit exists

Posted by pesco on Jun 21

C. W. Schech on Sat, Jun 17 2023:

By who? Which user ID specifically?

And clearly such checksums could not be tampered with?

PoC or GTFO.

rolling on the floor laughing

Re: OpenBSD kernel relinking is not transactional and a local exploit exists

Posted by jvoisin via Fulldisclosure on Jun 21

I'm unsure I understand the threat model here: an attacker with root
privileges is able to modify the kernel data about to be relinked?

You're also mentioning SLSA, but as you also said, OpenBSD doesn't have
reproducible builds and all the cool build hardening things(tm). So
having a cryptographic path to the resulting relinked kernel won't
really improve anything, given the current state of affairs.

OXAS-ADV-2023-0002: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Jun 21

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: MWB-1994
Type:...

Debian Security Advisory 5434-1

Debian Linux Security Advisory 5434-1 - A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code.

Ubuntu Security Notice USN-6182-1

Ubuntu Security Notice 6182-1 - It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6181-1

Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6180-1

Ubuntu Security Notice 6180-1 - It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Red Hat Security Advisory 2023-3705-01

Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6143-3

Ubuntu Security Notice 6143-3 - USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

Debian Security Advisory 5433-1

Debian Linux Security Advisory 5433-1 - Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service.

Ubuntu Security Notice USN-5948-2

Ubuntu Security Notice 5948-2 - USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies.

[webapps] HiSecOS 04.0.01 - Privilege Escalation

HiSecOS 04.0.01 - Privilege Escalation

[webapps] Super Socializer 7.13.52 - Reflected XSS

Super Socializer 7.13.52 - Reflected XSS

[webapps] WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

[webapps] SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

[remote] Nokia ASIKA 7.13.52 - Hard-coded private key disclosure

Nokia ASIKA 7.13.52 - Hard-coded private key disclosure

OpenBSD kernel relinking is not transactional and a local exploit exists

Posted by Schech, C. W. ("Connor") on Jun 19

The automatic and mandatory-by-default reordering of OpenBSD kernels
is NOT transactional and as a result, a local unpatched exploit exists
which allows tampering or replacement of the kernel. Arbitrary build
artifacts are cyclically relinked with no data integrity or provenance
being maintained or verified for the objects being consumed with
respect to the running kernel before and during the execution of the
mandatory kernel_reorder process in...

Polycom BToE Connector 4.4.0.0 Multiple Vulnerabilities

Posted by BUG on Jun 19

Microsoft® Lync™ Better Together over Ethernet (BToE) feature on
Polycom® VVX® business media. phones enables you to control phone
activity from your computer using your Lync client.
The BToE feature enables you to place, answer, and hold audio and video
calls from your Polycom VVX phone and your Lync client on your computer.

#### Title: Polycom BToE Connector 4.4.0.0 Multiple Vulnerabilities
#### Affected versions: 4.4.0.0
#### Tested...

[webapps] Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

[webapps] Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

[webapps] The Shop v2.5 - SQL Injection

The Shop v2.5 - SQL Injection

[webapps] Jobpilot v2.61 - SQL Injection

Jobpilot v2.61 - SQL Injection

[webapps] Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

[webapps] Groomify v1.0 - SQL Injection

Groomify v1.0 - SQL Injection

[webapps] WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

[webapps] Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)

[webapps] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

[webapps] Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)

Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Debian Security Advisory 5426-1

Debian Linux Security Advisory 5426-1 - An arbitrary file reads from malformed XML payload vulnerability was discovered in owslib, the Python client library for Open Geospatial (OGC) web services. This issue has been addressed by always using lxml as the XML parser with entity resolution disabled.

[webapps] Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] projectSend r1605 - Stored XSS

projectSend r1605 - Stored XSS

[webapps] Online Thesis Archiving System v1.0 - Multiple-SQLi

Online Thesis Archiving System v1.0 - Multiple-SQLi

[remote] Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak

Anevia Flamingo XL 3.2.9 - Remote Root Jailbreak

[webapps] projectSend r1605 - CSV injection

projectSend r1605 - CSV injection

[remote] Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution

Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution

[webapps] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)

[webapps] Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)

Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)

[remote] Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution

Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution

Ubuntu Security Notice USN-6160-1

Ubuntu Security Notice 6160-1 - It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Debian Security Advisory 5424-1

Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

Debian Security Advisory 5425-1

Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.

Ubuntu Security Notice USN-6159-1

Ubuntu Security Notice 6159-1 - It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.

Ubuntu Security Notice USN-6143-2

Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

Ubuntu Security Notice USN-6158-1

Ubuntu Security Notice 6158-1 - It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

Red Hat Security Advisory 2023-3495-01

Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.

Ubuntu Security Notice USN-6157-1

Ubuntu Security Notice 6157-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6156-1

Ubuntu Security Notice 6156-1 - It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.