Tag
#js
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Red Hat Security Advisory 2024-0530-03 - An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-0500-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Red Hat Security Advisory 2024-0399-03 - An update for gnutls is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-0397-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.
Red Hat Security Advisory 2024-0387-03 - An update for the php:8.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-0386-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.
### Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. ### Details Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. At least lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: <details> <summary>Example response</summary> ...
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.