Packet Storm

Red Hat Security Advisory 2023-4624-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

BookingWizz version 6.0.1 suffers from an information leakage vulnerability.

E-commerce Growisei CMS version 2.0 appears to leave default credentials installed after installation.

DBCInfoTech CMS version 2.0 suffers from an unauthenticated administrator reinstall vulnerability.

Education Time Indonesian School CRM version 1.7 suffers from a cross site scripting vulnerability.

Eden CMS version 1.02 suffers from a cross site scripting vulnerability.

Ecommerce Responsive version 1.2 suffers from an insecure direct object reference vulnerability.

E-Biz CMS version 2.0 suffers from a cross site request forgery vulnerability.

EasyPX CMS version 06.02.04 suffers from a cross site scripting vulnerability.

Debian Linux Security Advisory 5475-1 - Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers. This mitigation requires updated CPU microcode provided in the intel-microcode package. Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered INCEPTION, also known as Speculative Return Stack Overflow (SRSO), a transient execution attack that leaks arbitrary data on all AMD Zen CPUs. An attacker can mis-train the CPU BTB to predict non-architectural CALL instructions in kernel space and use this to control the speculative target of a subsequent kernel RET, potentially leading to information disclosure via a speculative side-channel.