Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

July 27^th 2023 at 14:33

Ubuntu Security Notice USN-6259-1

Ubuntu Security Notice 6259-1 - Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior.

July 27^th 2023 at 14:33

Red Hat Security Advisory 2023-4226-01

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

July 27^th 2023 at 14:32

Debian Security Advisory 5460-1

Debian Linux Security Advisory 5460-1 - It was discovered that Curl performed incorrect file path handling when saving cookies to files, which could lead to the creation or overwriting of files.

July 27^th 2023 at 14:32

Red Hat Security Advisory 2023-4225-01

Red Hat Security Advisory 2023-4225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.6.

July 27^th 2023 at 14:32

Ubuntu Security Notice USN-5193-3

Ubuntu Security Notice 5193-3 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

July 27^th 2023 at 14:28

Ubuntu Security Notice USN-6258-1

Ubuntu Security Notice 6258-1 - It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. It was discovered that LLVM Toolchain did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted MLIR file, an attacker could possibly use this issue to cause LLVM Toolchain to crash, resulting in a denial of service. This issue only affected llvm-toolchain-15.

July 27^th 2023 at 14:27

Ubuntu Security Notice USN-6256-1

Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

July 27^th 2023 at 14:22

Ubuntu Security Notice USN-6257-1

Ubuntu Security Notice 6257-1 - It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

July 27^th 2023 at 14:22

Ubuntu Security Notice USN-6255-1

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

July 27^th 2023 at 14:19

Red Hat Security Advisory 2023-4290-01

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

July 27^th 2023 at 14:18

Red Hat Security Advisory 2023-4293-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

July 27^th 2023 at 14:17

Ubuntu Security Notice USN-6254-1

Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

July 27^th 2023 at 14:16

Red Hat Security Advisory 2023-4287-01

Red Hat Security Advisory 2023-4287-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

July 27^th 2023 at 14:08

Red Hat Security Advisory 2023-4286-01

Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

July 27^th 2023 at 14:08

Ubuntu Security Notice USN-6251-1

Ubuntu Security Notice 6251-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

July 27^th 2023 at 14:05

Ubuntu Security Notice USN-6252-1

Ubuntu Security Notice 6252-1 - It was discovered that the ext4 file system implementation in the Linux kernel contained a use-after-free vulnerability. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that the sound subsystem in the Linux kernel contained a race condition in some situations. A local attacker could use this to cause a denial of service.

July 27^th 2023 at 14:05

Ubuntu Security Notice USN-6253-1

Ubuntu Security Notice 6253-1 - It wad discovered that libvirt incorrectly handled locking when processing certain requests. A local attacker could possibly use this issue to cause libvirt to stop responding or crash, resulting in a denial of service.

July 27^th 2023 at 14:04

Red Hat Security Advisory 2023-4282-01

Red Hat Security Advisory 2023-4282-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.

July 26^th 2023 at 15:00

Red Hat Security Advisory 2023-4283-01

Red Hat Security Advisory 2023-4283-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.

July 26^th 2023 at 15:00

Debian Security Advisory 5459-1

Debian Linux Security Advisory 5459-1 - Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests.

July 26^th 2023 at 15:00

Ubuntu Security Notice USN-6250-1

Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

July 26^th 2023 at 14:33

Red Hat Security Advisory 2023-4276-01

Red Hat Security Advisory 2023-4276-01 - An update is now available for Red Hat DevWorkspace Operator. Red Hat Product Security has rated this update as having a security impact of Moderate.

July 26^th 2023 at 14:32

Debian Security Advisory 5458-1

Debian Linux Security Advisory 5458-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.

July 26^th 2023 at 14:21

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

July 26^th 2023 at 14:21

Full Disclosure
APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8
July 25^th 2023 at 13:46

APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-5 macOS Monterey 12.6.8

macOS Monterey 12.6.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213844.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Assets
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file system...

July 25^th 2023 at 13:46

Full Disclosure
APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9
July 25^th 2023 at 13:46

APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-6 macOS Big Sur 11.7.9

macOS Big Sur 11.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213845.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Assets
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file system...

July 25^th 2023 at 13:46

APPLE-SA-2023-07-24-7 tvOS 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-7 tvOS 16.6

tvOS 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213846.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: Apple TV 4K (all models) and Apple TV HD
Impact: An app may be able to execute arbitrary code with kernel...

July 25^th 2023 at 13:46

APPLE-SA-2023-07-24-8 watchOS 9.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-8 watchOS 9.6

watchOS 9.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213848.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: Apple Watch Series 4 and later
Impact: An app may be able to execute arbitrary code with kernel...

July 25^th 2023 at 13:46

Full Disclosure
APPLE-SA-2023-07-24-4 macOS Ventura 13.5
July 25^th 2023 at 13:46

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-4 macOS Ventura 13.5

macOS Ventura 13.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213843.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel...

July 25^th 2023 at 13:46

Full Disclosure
Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload
July 25^th 2023 at 13:46

Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload

Posted by Andrey Stoykov on Jul 25

# Exploit Title: Availability Booking Calendar PHP - Multiple Issues
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Tested on: Ubuntu 20.04
# Blog: http://msecureltd.blogspot.com

XSS #1:

Steps to Reproduce:

1. Browse to Bookings
2. Select All Bookings
3. Edit booking and select Promo Code
4. Enter payload TEST"><script>alert(`XSS`)</script>

// HTTP POST request

POST...

July 25^th 2023 at 13:46

APPLE-SA-2023-07-24-1 Safari 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The...

July 25^th 2023 at 13:45

Full Disclosure
APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8
July 25^th 2023 at 13:45

APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-3 iOS 15.7.8 and iPadOS 15.7.8

iOS 15.7.8 and iPadOS 15.7.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213842.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad
Pro...

July 25^th 2023 at 13:45

Full Disclosure
APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6
July 25^th 2023 at 13:45

APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6

Posted by Apple Product Security via Fulldisclosure on Jul 25

APPLE-SA-2023-07-24-2 iOS 16.6 and iPadOS 16.6

iOS 16.6 and iPadOS 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213841.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later, iPad
Pro (3rd...

July 25^th 2023 at 13:45

APPLE-SA-2023-07-24-1 Safari 16.6

Posted by Deven Kishore via Fulldisclosure on Jul 24

APPLE-SA-2023-07-24-1 Safari 16.6

Safari 16.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213847.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to bypass Same Origin Policy
Description: The...

July 25^th 2023 at 04:22

Red Hat Security Advisory 2023-4166-01

Red Hat Security Advisory 2023-4166-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

July 24^th 2023 at 14:26

Debian Security Advisory 5457-1

Debian Linux Security Advisory 5457-1 - An anonymous researcher discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

July 24^th 2023 at 14:26

Omnis Studio 10.22.00 Library Unlock

Omnis Studio version 10.22.00 suffers from a locked class bypass vulnerability.

July 24^th 2023 at 14:21

Advisory Files ≈ Packet Storm
Omnis Studio 10.22.00 Library Setting Bypass
July 24^th 2023 at 14:16

Omnis Studio 10.22.00 Library Setting Bypass

Omnis Studio version 10.22.00 suffers from a private library access bypass vulnerability.

July 24^th 2023 at 14:16

Red Hat Security Advisory 2023-4233-01

Red Hat Security Advisory 2023-4233-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

July 24^th 2023 at 13:58

Full Disclosure
[SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)
July 21^st 2023 at 15:15

[SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)

Posted by Matthias Deeg via Fulldisclosure on Jul 21

Advisory ID: SYSS-2023-006
Product: Omnis Studio
Manufacturer: Omnis Software Ltd.
Affected Version(s): 10.22.00
Tested Version(s): 10.22.00
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference:...

July 21^st 2023 at 15:15

Full Disclosure
[SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)
July 21^st 2023 at 15:15

[SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)

Posted by Matthias Deeg via Fulldisclosure on Jul 21

Advisory ID: SYSS-2023-005
Product: Omnis Studio
Manufacturer: Omnis Software Ltd.
Affected Version(s): 10.22.00
Tested Version(s): 10.22.00
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference:...

July 21^st 2023 at 15:15

Red Hat Security Advisory 2023-4241-01

Red Hat Security Advisory 2023-4241-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

July 21^st 2023 at 14:50

Ubuntu Security Notice USN-6232-1

Ubuntu Security Notice 6232-1 - It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.

July 21^st 2023 at 14:50

Red Hat Security Advisory 2023-4159-01

Red Hat Security Advisory 2023-4159-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Issues addressed include denial of service and integer overflow vulnerabilities.

July 21^st 2023 at 14:46

Red Hat Security Advisory 2023-4093-01

Red Hat Security Advisory 2023-4093-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

July 21^st 2023 at 14:45

Red Hat Security Advisory 2023-4178-01

Red Hat Security Advisory 2023-4178-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an integer overflow vulnerability.

July 21^st 2023 at 14:45

Red Hat Security Advisory 2023-4091-01

Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

July 21^st 2023 at 14:40