APPLE-SA-2023-07-24-1 Safari 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The...

APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8

iOS 15.7.8 and iPadOS 15.7.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213842.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad
Pro...

APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6

iOS 16.6 and iPadOS 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213841.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad
Pro (3rd...

APPLE-SA-2023-07-24-1 Safari 16.6

Posted by Deven Kishore via Fulldisclosure on Jul 24

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The...

Red Hat Security Advisory 2023-4166-01

Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Debian Security Advisory 5457-1

Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Omnis Studio 10.22.00 Library Unlock

Omnis Studio version 10.22.00 suffers from a locked class bypass vulnerability.

Omnis Studio 10.22.00 Library Setting Bypass

Omnis Studio version 10.22.00 suffers from a private library access bypass vulnerability.

Red Hat Security Advisory 2023-4233-01

Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

[SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)

Posted by Matthias Deeg via Fulldisclosure on Jul 21

Advisory ID: SYSS-2023-006
Product: Omnis Studio
Manufacturer: Omnis Software Ltd.
Affected Version(s): 10.22.00
Tested Version(s): 10.22.00
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference:...

[SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)

Posted by Matthias Deeg via Fulldisclosure on Jul 21

Advisory ID: SYSS-2023-005
Product: Omnis Studio
Manufacturer: Omnis Software Ltd.
Affected Version(s): 10.22.00
Tested Version(s): 10.22.00
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference:...

Red Hat Security Advisory 2023-4241-01

Red Hat Security Advisory 2023-4241-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Ubuntu Security Notice USN-6232-1

Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.

Red Hat Security Advisory 2023-4159-01

Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4093-01

Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4178-01

Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4091-01

Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4090-01

Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.

Red Hat Security Advisory 2023-4238-01

Red Hat Security Advisory 2023-4238-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

[webapps] Perch v3.2 - Stored XSS

Perch v3.2 - Stored XSS

[webapps] Perch v3.2 - Remote Code Execution (RCE)

Perch v3.2 - Remote Code Execution (RCE)

Debian Security Advisory 5456-1

Debian Linux Security Advisory 5456-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6239-1

Ubuntu Security Notice 6239-1 - It was discovered that ECDSA Util did not properly verify certain signature values. An attacker could possibly use this issue to bypass signature verification.

Red Hat Security Advisory 2023-4158-01

Red Hat Security Advisory 2023-4158-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Ubuntu Security Notice USN-6237-2

Ubuntu Security Notice 6237-2 - USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service. It was discovered that curl incorrectly handled saving cookies to files. A local attacker could possibly use this issue to create or overwrite files. This issue only affected Ubuntu 22.10, and Ubuntu 23.04.

Red Hat Security Advisory 2023-4210-01

Red Hat Security Advisory 2023-4210-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4177-01

Red Hat Security Advisory 2023-4177-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4211-01

Red Hat Security Advisory 2023-4211-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4175-01

Red Hat Security Advisory 2023-4175-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4176-01

Red Hat Security Advisory 2023-4176-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4209-01

Red Hat Security Advisory 2023-4209-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4208-01

Red Hat Security Advisory 2023-4208-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4212-01

Red Hat Security Advisory 2023-4212-01 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4161-01

Red Hat Security Advisory 2023-4161-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4230-01

Red Hat Security Advisory 2023-4230-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-4170-01

Red Hat Security Advisory 2023-4170-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Gentoo Linux Security Advisory 202307-01

Gentoo Linux Security Advisory 202307-1 - Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could result in remote code execution. Versions less than 9.3_p2 are affected.

Red Hat Security Advisory 2023-4169-01

Red Hat Security Advisory 2023-4169-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4167-01

Red Hat Security Advisory 2023-4167-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4174-01

Red Hat Security Advisory 2023-4174-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Ubuntu Security Notice USN-6238-1

Ubuntu Security Notice 6238-1 - It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Andreas Schneider discovered that Samba incorrectly enforced SMB2 packet signing. A remote attacker could possibly use this issue to obtain or modify sensitive information. This issue only affected Ubuntu 23.04.

Red Hat Security Advisory 2023-4172-01

Red Hat Security Advisory 2023-4172-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4171-01

Red Hat Security Advisory 2023-4171-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4164-01

Red Hat Security Advisory 2023-4164-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-4168-01

Red Hat Security Advisory 2023-4168-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2023-4173-01

Red Hat Security Advisory 2023-4173-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

[webapps] pfSense v2.7.0 - OS Command Injection

pfSense v2.7.0 - OS Command Injection

[webapps] Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection

Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection

[webapps] RWS WorldServer 11.7.3 - Session Token Enumeration

RWS WorldServer 11.7.3 - Session Token Enumeration

[remote] Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.

Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.

[webapps] PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

[local] RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)

RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)

[webapps] Aures Booking & POS Terminal - Local Privilege Escalation

Aures Booking & POS Terminal - Local Privilege Escalation

[webapps] Webile v1.0.1 - Multiple Cross Site Scripting

Webile v1.0.1 - Multiple Cross Site Scripting

[webapps] Boom CMS v8.0.7 - Cross Site Scripting

Boom CMS v8.0.7 - Cross Site Scripting

Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2278

Release Date:
=============
2023-07-04

Vulnerability Laboratory ID (VL-ID):
====================================
2278

Common Vulnerability Scoring System:
====================================
5.4

Vulnerability Class:
====================
Script Code...

Boom CMS v8.0.7 - Cross Site Scripting Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Boom CMS v8.0.7 - Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2274

Release Date:
=============
2023-07-03

Vulnerability Laboratory ID (VL-ID):
====================================
2274

Common Vulnerability Scoring System:
====================================
5.3

Vulnerability Class:
====================
Cross Site Scripting -...

Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2276

Release Date:
=============
2023-07-05

Vulnerability Laboratory ID (VL-ID):
====================================
2276

Common Vulnerability Scoring System:
====================================
5

Vulnerability Class:
====================
Cross Site...

Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2317

Release Date:
=============
2023-07-04

Vulnerability Laboratory ID (VL-ID):
====================================
2317

Common Vulnerability Scoring System:
====================================
5.1

Vulnerability Class:
====================
Multiple...

PaulPrinting CMS - (Search Delivery) Cross Site Scripting Vulnerability

Posted by info () vulnerability-lab com on Jul 19

Document Title:
===============
PaulPrinting CMS - (Search Delivery) Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2286

Release Date:
=============
2023-07-17

Vulnerability Laboratory ID (VL-ID):
====================================
2286

Common Vulnerability Scoring System:
====================================
5.2

Vulnerability Class:
====================...