Red Hat Security Advisory 2024-1346-03 - An update is now available for Red Hat OpenShift GitOps 1.11. Issues addressed include a cross site scripting vulnerability.

March 18^th 2024 at 14:19

Red Hat Security Advisory 2024-1348-03

Red Hat Security Advisory 2024-1348-03 - An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

March 18^th 2024 at 14:19

Ubuntu Security Notice USN-6696-1

Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

March 18^th 2024 at 14:19

Red Hat Security Advisory 2024-1345-03

Red Hat Security Advisory 2024-1345-03 - An update is now available for Red Hat OpenShift GitOps 1.10. Issues addressed include a cross site scripting vulnerability.

March 18^th 2024 at 14:18

Exploit-DB Updates
[webapps] Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)
March 16^th 2024 at 00:00

[webapps] Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

March 16^th 2024 at 00:00

[webapps] Karaf v4.4.3 Console - RCE

Karaf v4.4.3 Console - RCE

March 16^th 2024 at 00:00

Exploit-DB Updates
[local] LaborOfficeFree 19.10 - MySQL Root Password Calculator
March 16^th 2024 at 00:00

[local] LaborOfficeFree 19.10 - MySQL Root Password Calculator

LaborOfficeFree 19.10 - MySQL Root Password Calculator

March 16^th 2024 at 00:00

Exploit-DB Updates
[webapps] UPS Network Management Card 4 - Path Traversal
March 16^th 2024 at 00:00

[webapps] UPS Network Management Card 4 - Path Traversal

UPS Network Management Card 4 - Path Traversal

March 16^th 2024 at 00:00

[local] vm2 - sandbox escape

vm2 - sandbox escape

March 16^th 2024 at 00:00

Exploit-DB Updates
[webapps] Nokia BMC Log Scanner - Remote Code Execution
March 16^th 2024 at 00:00

[webapps] Nokia BMC Log Scanner - Remote Code Execution

Nokia BMC Log Scanner - Remote Code Execution

March 16^th 2024 at 00:00

Ubuntu Security Notice USN-6694-1

Ubuntu Security Notice 6694-1 - It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service.

March 15^th 2024 at 14:59

Debian Security Advisory 5632-1

Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.

March 15^th 2024 at 14:58

Red Hat Security Advisory 2024-1333-03

Red Hat Security Advisory 2024-1333-03 - Red Hat OpenShift Serverless version 1.32.0 is now available.

March 15^th 2024 at 14:53

Red Hat Security Advisory 2024-1334-03

Red Hat Security Advisory 2024-1334-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.

March 15^th 2024 at 14:53

Red Hat Security Advisory 2024-1335-03

Red Hat Security Advisory 2024-1335-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.

March 15^th 2024 at 14:53

Red Hat Security Advisory 2024-1327-03

Red Hat Security Advisory 2024-1327-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

March 15^th 2024 at 14:53

Ubuntu Security Notice USN-6695-1

Ubuntu Security Notice 6695-1 - It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that TeX Live allowed documents to make arbitrary network requests. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to exfiltrate sensitive information, or perform other network-related attacks. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

March 15^th 2024 at 14:53

Red Hat Security Advisory 2024-1328-03

Red Hat Security Advisory 2024-1328-03 - Red Hat Advanced Cluster Management for Kubernetes 2.9.3 General Availability release images, which fix bugs and update container images. Issues addressed include denial of service and traversal vulnerabilities.

March 15^th 2024 at 14:53

Red Hat Security Advisory 2024-1332-03

Red Hat Security Advisory 2024-1332-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

March 15^th 2024 at 14:53

Debian Security Advisory 5640-1

Debian Linux Security Advisory 5640-1 - Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service.

March 15^th 2024 at 14:52

Debian Security Advisory 5639-1

Debian Linux Security Advisory 5639-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

March 14^th 2024 at 13:47

Ubuntu Security Notice USN-6673-2

Ubuntu Security Notice 6673-2 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information.

March 14^th 2024 at 13:41

Hunting Down The HVCI Bug In UEFI

This post details the story and technical details of the non-secure Hypervisor-Protected Code Integrity (HVCI) configuration vulnerability disclosed and fixed with the January 9th update on Windows. This vulnerability, CVE-2024-21305, allowed arbitrary kernel-mode code execution, effectively bypassing HVCI within the root partition.

March 14^th 2024 at 13:38

Ubuntu Security Notice USN-6587-5

Ubuntu Security Notice 6587-5 - USN-6587-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the RRChangeOutputProperty and RRChangeProviderProperty APIs. An attacker could possibly use this issue to cause the X Server to crash, or obtain sensitive information.

March 14^th 2024 at 13:25

Apple Security Advisory 03-12-2024-1

Apple Security Advisory 03-12-2024-1 - GarageBand 10.4.11 addresses code execution and use-after-free vulnerabilities.

March 14^th 2024 at 13:21

Ubuntu Security Notice USN-6686-2

Ubuntu Security Notice 6686-2 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

March 14^th 2024 at 13:19

Apple Security Advisory 03-07-2024-7

Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.

March 14^th 2024 at 13:19

Apple Security Advisory 03-07-2024-6

Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

March 14^th 2024 at 13:11

Red Hat Security Advisory 2024-1323-03

Red Hat Security Advisory 2024-1323-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

March 14^th 2024 at 13:10

Apple Security Advisory 03-07-2024-4

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

March 14^th 2024 at 13:10

Apple Security Advisory 03-07-2024-5

Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

March 14^th 2024 at 13:10

Red Hat Security Advisory 2024-1314-03

Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

March 14^th 2024 at 13:09

Red Hat Security Advisory 2024-1315-03

Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

March 14^th 2024 at 13:09

Red Hat Security Advisory 2024-1321-03

Red Hat Security Advisory 2024-1321-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a remote SQL injection vulnerability.

March 14^th 2024 at 13:09

Red Hat Security Advisory 2024-1310-03

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

March 14^th 2024 at 13:07

Red Hat Security Advisory 2024-1311-03

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

March 14^th 2024 at 13:07

Red Hat Security Advisory 2024-1308-03

Red Hat Security Advisory 2024-1308-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

March 14^th 2024 at 13:07

Red Hat Security Advisory 2024-1309-03

Red Hat Security Advisory 2024-1309-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

March 14^th 2024 at 13:07

Apple Security Advisory 03-07-2024-2

Apple Security Advisory 03-07-2024-2 - macOS Sonoma 14.4 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and spoofing vulnerabilities.

March 14^th 2024 at 13:06

Apple Security Advisory 03-07-2024-3

Apple Security Advisory 03-07-2024-3 - macOS Ventura 13.6.5 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

March 14^th 2024 at 13:06

Red Hat Security Advisory 2024-1210-03

Red Hat Security Advisory 2024-1210-03 - Red Hat OpenShift Container Platform release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements.

March 14^th 2024 at 13:06

Red Hat Security Advisory 2024-1306-03

Red Hat Security Advisory 2024-1306-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

March 14^th 2024 at 13:06

Ubuntu Security Notice USN-6681-3

Ubuntu Security Notice 6681-3 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.