Red Hat Security Advisory 2023-1790-01

April 17^th 2023 at 14:45

Red Hat Security Advisory 2023-1790-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1792-01

April 17^th 2023 at 14:45

Red Hat Security Advisory 2023-1792-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1791-01

April 17^th 2023 at 14:36

Red Hat Security Advisory 2023-1791-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Issues addressed include double free and file download vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6021-1

April 14^th 2023 at 15:47

Ubuntu Security Notice 6021-1 - It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6020-1

April 14^th 2023 at 15:47

Ubuntu Security Notice 6020-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6019-1

April 14^th 2023 at 15:46

Ubuntu Security Notice 6019-1 - It was discovered that Flask-CORS did not properly escape paths before evaluating resource rules. An attacker could possibly use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6018-1

April 14^th 2023 at 15:46

Ubuntu Security Notice 6018-1 - Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5388-1

April 14^th 2023 at 15:45

Debian Linux Security Advisory 5388-1 - It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this flaw to cause an information leak.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5387-1

April 14^th 2023 at 15:45

Debian Linux Security Advisory 5387-1 - David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is susceptible to denial of service via malformed IP packets.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6016-1

April 14^th 2023 at 15:39

Ubuntu Security Notice 6016-1 - It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6017-1

April 14^th 2023 at 15:39

Ubuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.

Exploit-DB Updates

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset

April 14^th 2023 at 00:00

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset

Exploit-DB Updates

[webapps] Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery

April 14^th 2023 at 00:00

Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery

Exploit-DB Updates

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

April 14^th 2023 at 00:00

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

Exploit-DB Updates

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP

April 14^th 2023 at 00:00

Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP

Exploit-DB Updates

[local] Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)

April 14^th 2023 at 00:00

Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)

Exploit-DB Updates

[webapps] Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password

April 14^th 2023 at 00:00

Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password

Exploit-DB Updates

[webapps] InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal

April 14^th 2023 at 00:00

InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal

Exploit-DB Updates

[remote] Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation

April 14^th 2023 at 00:00

Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation

Exploit-DB Updates

[webapps] Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

April 14^th 2023 at 00:00

Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

Exploit-DB Updates

[webapps] Bludit 4.0.0-rc-2 - Account takeover

April 14^th 2023 at 00:00

Bludit 4.0.0-rc-2 - Account takeover

Exploit-DB Updates

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

April 14^th 2023 at 00:00

Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

Exploit-DB Updates

[webapps] Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation

April 14^th 2023 at 00:00

Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1769-01

April 13^th 2023 at 15:44

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1765-01

April 13^th 2023 at 15:44

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6012-1

April 13^th 2023 at 15:44

Ubuntu Security Notice 6012-1 - It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1770-01

April 13^th 2023 at 15:44

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1766-01

April 13^th 2023 at 15:44

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6008-1

April 13^th 2023 at 15:43

Ubuntu Security Notice 6008-1 - It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6014-1

April 13^th 2023 at 15:43

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1747-01

April 13^th 2023 at 15:43

Red Hat Security Advisory 2023-1747-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6015-1

April 13^th 2023 at 15:43

Ubuntu Security Notice 6015-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Paul Menzel discovered that Thunderbird did not properly validate OCSP revocation status of recipient certificates when sending S/Mime encrypted email. An attacker could potentially exploits this issue to perform spoofing attack.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5386-1

April 13^th 2023 at 15:42

Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5385-1

April 13^th 2023 at 15:42

Debian Linux Security Advisory 5385-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6013-1

April 12^th 2023 at 17:36

Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1656-01

April 12^th 2023 at 17:33

Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6011-1

April 12^th 2023 at 17:31

Ubuntu Security Notice 6011-1 - It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed quotes. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service. It was discovered that Json-smart incorrectly handled memory when processing input containing unclosed brackets. A remote attacker could possibly use this issue to cause applications using Json-smart to crash, leading to a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1655-01

April 12^th 2023 at 17:29

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6010-1

April 12^th 2023 at 17:26

Ubuntu Security Notice 6010-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage fullscreen notifications using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. An attacker could potentially exploit this issue to perform spoofing attacks.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1744-01

April 12^th 2023 at 17:21

Red Hat Security Advisory 2023-1744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1743-01

April 12^th 2023 at 17:21

Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1663-01

April 12^th 2023 at 17:19

Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6009-1

April 12^th 2023 at 17:16

Ubuntu Security Notice 6009-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1664-01

April 12^th 2023 at 17:15

Red Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1742-01

April 12^th 2023 at 16:57

Red Hat Security Advisory 2023-1742-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1703-01

April 12^th 2023 at 16:56

Red Hat Security Advisory 2023-1703-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1691-01

April 12^th 2023 at 16:54

Red Hat Security Advisory 2023-1691-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6005-1

April 12^th 2023 at 16:54

Ubuntu Security Notice 6005-1 - Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed.

Advisory Files ≈ Packet Storm

Apple Security Advisory 2023-04-10-3

April 11^th 2023 at 14:26

Apple Security Advisory 2023-04-10-3 - macOS Big Sur 11.7.6 addresses code execution and out of bounds write vulnerabilities.

Advisory Files ≈ Packet Storm

Apple Security Advisory 2023-04-10-2

April 11^th 2023 at 14:25

Apple Security Advisory 2023-04-10-2 - macOS Monterey 12.6.5 addresses code execution and out of bounds write vulnerabilities.

Advisory Files ≈ Packet Storm

Apple Security Advisory 2023-04-10-1

April 11^th 2023 at 14:25

Apple Security Advisory 2023-04-10-1 - iOS 15.7.5 and iPadOS 15.7.5 addresses code execution, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Apple Security Advisory 2023-04-07-3

April 11^th 2023 at 14:24

Apple Security Advisory 2023-04-07-3 - Safari 16.4.1 addresses code execution and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Apple Security Advisory 2023-04-07-1

April 11^th 2023 at 14:23

Apple Security Advisory 2023-04-07-1 - iOS 16.4.1 and iPadOS 16.4.1 addresses code execution, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Apple Security Advisory 2023-04-07-2

April 11^th 2023 at 14:23

Apple Security Advisory 2023-04-07-2 - macOS Ventura 13.3.1 addresses code execution, out of bounds write, and use-after-free vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1646-01

April 11^th 2023 at 14:20

Red Hat Security Advisory 2023-1646-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.11. Issues addressed include a denial of service vulnerability.