Ubuntu Security Notice USN-6196-1

Ubuntu Security Notice 6196-1 - It was discovered that ReportLab incorrectly handled certain PDF files. An attacker could possibly use this issue to execute arbitrary code.

Ubuntu Security Notice USN-6195-1

Ubuntu Security Notice 6195-1 - It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

[webapps] GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] FuguHub 8.1 - Remote Code Execution

FuguHub 8.1 - Remote Code Execution

[webapps] WebsiteBaker v2.13.3 - Stored XSS

WebsiteBaker v2.13.3 - Stored XSS

[webapps] Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

[webapps] D-Link DAP-1325 - Broken Access Control

D-Link DAP-1325 - Broken Access Control

[webapps] WP AutoComplete 1.0.4 - Unauthenticated SQLi

WP AutoComplete 1.0.4 - Unauthenticated SQLi

[webapps] WebsiteBaker v2.13.3 - Directory Traversal

WebsiteBaker v2.13.3 - Directory Traversal

[webapps] WBCE CMS 1.6.1 - Open Redirect & CSRF

WBCE CMS 1.6.1 - Open Redirect & CSRF

[webapps] spip v4.1.10 - Spoofing Admin account

spip v4.1.10 - Spoofing Admin account

[dos] TP-Link TL-WR940N V4 - Buffer OverFlow

TP-Link TL-WR940N V4 - Buffer OverFlow

[webapps] Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

[webapps] Rukovoditel 3.4.1 - Multiple Stored XSS

Rukovoditel 3.4.1 - Multiple Stored XSS

[remote] Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)

[remote] Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

[webapps] Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

[webapps] Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

[webapps] PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

[webapps] POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

Debian Security Advisory 5444-1

Debian Linux Security Advisory 5444-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Security Advisory 5445-1

Debian Linux Security Advisory 5445-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Security Advisory 5443-1

Debian Linux Security Advisory 5443-1 - Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

Debian Security Advisory 5442-1

Debian Linux Security Advisory 5442-1 - It was discovered that in some conditions the Flask web framework may disclose a session cookie.

Red Hat Security Advisory 2023-3954-01

Red Hat Security Advisory 2023-3954-01 - This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, code execution, denial of service, information leakage, resource exhaustion, server-side request forgery, and traversal vulnerabilities.

Ubuntu Security Notice USN-6194-1

Ubuntu Security Notice 6194-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6193-1

Ubuntu Security Notice 6193-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Red Hat Security Advisory 2023-3947-01

Red Hat Security Advisory 2023-3947-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6192-1

Ubuntu Security Notice 6192-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-3950-01

Red Hat Security Advisory 2023-3950-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Debian Security Advisory 5441-1

Debian Linux Security Advisory 5441-1 - Two vulnerabilities were found in maradns, an open source domain name system (DNS) implementation, that may lead to denial of service and unintended domain name resolution.

Ubuntu Security Notice USN-6191-1

Ubuntu Security Notice 6191-1 - USN-6081-1, USN-6084-1, USN-6092-1 and USN-6095-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a spurious warning in the IPv6 subsystem. This update removes the undesired warning message.

Red Hat Security Advisory 2023-3936-01

Red Hat Security Advisory 2023-3936-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3932-01

Red Hat Security Advisory 2023-3932-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

WordPress Ultimate Member 2.6.6 Privilege Escalation

WordPress Ultimate Member plugin versions 2.6.6 and below suffer from a privilege escalation vulnerability.

Debian Security Advisory 5440-1

Debian Linux Security Advisory 5440-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Red Hat Security Advisory 2023-3948-01

Red Hat Security Advisory 2023-3948-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3946-01

Red Hat Security Advisory 2023-3946-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3923-01

Red Hat Security Advisory 2023-3923-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-3935-01

Red Hat Security Advisory 2023-3935-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3945-01

Red Hat Security Advisory 2023-3945-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3949-01

Red Hat Security Advisory 2023-3949-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3934-01

Red Hat Security Advisory 2023-3934-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Ubuntu Security Notice USN-6189-1

Ubuntu Security Notice 6189-1 - It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd.

Red Hat Security Advisory 2023-3885-01

Red Hat Security Advisory 2023-3885-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.4 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3892-01

Red Hat Security Advisory 2023-3892-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.4 serves as a replacement for Red Hat Single Sign-On 7.6.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, and deserialization vulnerabilities.

Ubuntu Security Notice USN-6190-1

Ubuntu Security Notice 6190-1 - Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3884-01

Red Hat Security Advisory 2023-3884-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.4 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3888-01

Red Hat Security Advisory 2023-3888-01 - Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.6.4 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.12 cloud computing Platform-as-a-Service for on-premise or private cloud deployments, aligning with the standalone product release. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3883-02

Red Hat Security Advisory 2023-3883-02 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.4 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3814-01

Red Hat Security Advisory 2023-3814-01 - Migration Toolkit for Runtimes 1.1.1 ZIP artifacts. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3853-01

Red Hat Security Advisory 2023-3853-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3813-01

Red Hat Security Advisory 2023-3813-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.

Red Hat Security Advisory 2023-3811-01

Red Hat Security Advisory 2023-3811-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3852-01

Red Hat Security Advisory 2023-3852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3810-01

Red Hat Security Advisory 2023-3810-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-3819-01

Red Hat Security Advisory 2023-3819-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3822-01

Red Hat Security Advisory 2023-3822-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2023-3815-01

Red Hat Security Advisory 2023-3815-01 - An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. Issues addressed include denial of service, information leakage, and traversal vulnerabilities.