[webapps] Apache Superset 2.0.0 - Authentication Bypass

Red Hat Security Advisory 2023-3246-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3247-01

May 22^nd 2023 at 16:45

Red Hat Security Advisory 2023-3247-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-5900-2

May 22^nd 2023 at 16:45

Ubuntu Security Notice 5900-2 - USN-5900-1 fixed vulnerabilities in tar. This update fixes it to Ubuntu 23.04. It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3245-01

May 22^nd 2023 at 16:45

Red Hat Security Advisory 2023-3245-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6093-1

May 22^nd 2023 at 16:45

Ubuntu Security Notice 6093-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3243-01

May 22^nd 2023 at 16:44

Red Hat Security Advisory 2023-3243-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202305-25

May 22^nd 2023 at 16:44

Gentoo Linux Security Advisory 202305-25 - Multiple vulnerabilities have been discovered in ModSecurity Core Rule Set, the worst of which could result in bypassing the WAF. Versions greater than or equal to 3.3.4 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202305-27

May 22^nd 2023 at 16:44

Gentoo Linux Security Advisory 202305-27 - A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure. Versions greater than or equal to 1.8.3-r3 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202305-28

May 22^nd 2023 at 16:44

Gentoo Linux Security Advisory 202305-28 - Multiple vulnerabilities have been found in snakeyaml, the worst of which could result in denial of service. Versions greater than or equal to 1.33 are affected.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3248-01

May 22^nd 2023 at 16:44

Red Hat Security Advisory 2023-3248-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202305-24

May 22^nd 2023 at 16:43

Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.

Advisory Files ≈ Packet Storm

Gentoo Linux Security Advisory 202305-26

May 22^nd 2023 at 16:42

Gentoo Linux Security Advisory 202305-26 - Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service. Versions greater than or equal to 2.1.3-r7 are affected.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5406-1

May 22^nd 2023 at 16:41

Debian Linux Security Advisory 5406-1 - Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5407-1

May 22^nd 2023 at 16:41

Debian Linux Security Advisory 5407-1 - It was discovered that missing input sanitising in cups-filters, when using the Backend Error Handler (beh) backend to create an accessible network printer, may result in the execution of arbitrary commands.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5408-1

May 22^nd 2023 at 16:41

Debian Linux Security Advisory 5408-1 - Irvan Kurniawan discovered a double free in the libwebp image compression library which may result in denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6092-1

May 19^th 2023 at 14:55

Ubuntu Security Notice 6092-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3167-01

May 19^th 2023 at 14:53

Red Hat Security Advisory 2023-3167-01 - New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6091-1

May 19^th 2023 at 14:52

Ubuntu Security Notice 6091-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3229-01

May 19^th 2023 at 14:45

Red Hat Security Advisory 2023-3229-01 - An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include a bypass vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6090-1

May 19^th 2023 at 14:43

Ubuntu Security Notice 6090-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-0584-01

May 19^th 2023 at 14:41

Red Hat Security Advisory 2023-0584-01 - Secondary Scheduler Operator for Red Hat OpenShift 1.1.1. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6089-1

May 19^th 2023 at 14:41

Ubuntu Security Notice 6089-1 - It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3195-01

May 19^th 2023 at 14:41

Red Hat Security Advisory 2023-3195-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, information leakage, and insecure permissions vulnerabilities.

Advisory Files ≈ Packet Storm

WordPress Elementor Lite 5.7.1 Arbitrary Password Reset

May 18^th 2023 at 13:55

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access. Versions 5.7.1 and below are affected.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3220-01

May 18^th 2023 at 13:51

Red Hat Security Advisory 2023-3220-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Issues addressed include a bypass vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3221-01

May 18^th 2023 at 13:51

Red Hat Security Advisory 2023-3221-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Issues addressed include a bypass vulnerability.

Advisory Files ≈ Packet Storm

Debian Security Advisory 5405-1

May 18^th 2023 at 13:51

Debian Linux Security Advisory 5405-1 - It was discovered that missing input sanitizing in the implementation of the OIDCStripCookie option in mod_auth_openidc could result in denial of service.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3223-01

May 18^th 2023 at 13:50

Red Hat Security Advisory 2023-3223-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.4.0 serves as a replacement for Red Hat AMQ Streams 2.3.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service, deserialization, information leakage, memory exhaustion, and resource exhaustion vulnerabilities.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6087-1

May 18^th 2023 at 13:49

Ubuntu Security Notice 6087-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6086-1

May 18^th 2023 at 13:48

Ubuntu Security Notice 6086-1 - It was discovered that minimatch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6088-1

May 18^th 2023 at 13:48

Ubuntu Security Notice 6088-1 - It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. An attacker could possibly use this issue to bypass AppArmor, and potentially SELinux.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1325-01

May 18^th 2023 at 13:47

Red Hat Security Advisory 2023-1325-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, and information leakage vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3205-01

May 18^th 2023 at 13:47

Red Hat Security Advisory 2023-3205-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.0 images. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-2138-01

May 18^th 2023 at 13:47

Red Hat Security Advisory 2023-2138-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1329-01

May 18^th 2023 at 13:47

Red Hat Security Advisory 2023-1329-01 - Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built from the edge capabilities of Red Hat OpenShift. MicroShift is an application that is deployed on top of Red Hat Enterprise Linux devices at the edge, providing an efficient way to operate single-node clusters in these low-resource environments. This advisory contains the RPM packages for Red Hat build of MicroShift 4.13.0. Issues addressed include a man-in-the-middle vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1328-01

May 18^th 2023 at 13:46

Red Hat Security Advisory 2023-1328-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-1326-01

May 18^th 2023 at 13:46

Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3198-01

May 18^th 2023 at 13:46

Red Hat Security Advisory 2023-3198-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, information leakage, and insecure permissions vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3204-01

May 18^th 2023 at 13:46

Red Hat Security Advisory 2023-3204-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.0 RPMs. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-2695-01

May 18^th 2023 at 13:46

Red Hat Security Advisory 2023-2695-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.40.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6080-1

May 16^th 2023 at 17:12

Ubuntu Security Notice 6080-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6077-1

May 16^th 2023 at 17:12

Ubuntu Security Notice 6077-1 - Ben Smyth discovered that OpenJDK incorrectly handled half-duplex connections during TLS handshake. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. It was discovered that OpenJDK incorrectly handled certain inputs. An attacker could possibly use this issue to insert, edit or obtain sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6081-1

May 16^th 2023 at 17:11

Ubuntu Security Notice 6081-1 - Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information. Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6079-1

May 16^th 2023 at 17:11

Ubuntu Security Notice 6079-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6078-1

May 16^th 2023 at 17:11

Ubuntu Security Notice 6078-1 - Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-2883-01

May 16^th 2023 at 17:10

Red Hat Security Advisory 2023-2883-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include integer overflow and out of bounds write vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-2792-01

May 16^th 2023 at 17:10

Red Hat Security Advisory 2023-2792-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-3097-01

May 16^th 2023 at 17:10

Red Hat Security Advisory 2023-3097-01 - The gssntlmssp is a GSSAPI NTLM mechanism that allows to perform NTLM authentication in GSSAPI programs. Issues addressed include memory leak and out of bounds read vulnerabilities.