Online Pizza Ordering System version 1.0 suffers from an ignored default credential vulnerability.

**Online Pizza Ordering System 1.0 Insecure Settings**

Posted Sep 6, 2024

Authored by indoushka

Online Pizza Ordering System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | ea183be601d90798e6a525ee32f1811b36b16ef45e82b7172ff7fd9dada60b8e

Download | Favorite | View

**Online Pizza Ordering System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Online Pizza Ordering System v1.0 Insecure Settings Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

Online Pizza Ordering System 1.0 Insecure Settings

File Management System version 1.0 suffers from an insecure direct object reference vulnerability.

**File Management System 1.0 Insecure Direct Object Reference**

Posted Sep 6, 2024

Authored by indoushka

File Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 80d45521f02111223db9c15921f68ebb49c243151cc2e7da343578636283f910

Download | Favorite | View

**File Management System 1.0 Insecure Direct Object Reference**

    =============================================================================================================================================| # Title     : File Management System 1.0 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/file-management-system-in-php-mysql-source-code/?wpdmdl=7992&refresh=66bba3bd946da1723573181                           |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Payload enables deletion of uploaded files from admin control panel without login.[+] use payload : /Private_Dashboard/delete.php?ID=5[+] 127.0.0.1/demo/Private_Dashboard/delete.php?ID=5Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

File Management System 1.0 Insecure Direct Object Reference

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk.
The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
In

Cryptocurrency / APT Attack

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk.

The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.

In mid-July, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The Shadowserver Foundation said it detected exploitation attempts against its honeypot sensors starting July 9, 2024.

According to Fortinet FortiGuard Labs, the flaw has been observed to deliver GOREVERSE, a reverse proxy server designed to establish a connection with a command-and-control (C2) server for post-exploitation activity.

These attacks are said to target IT service providers in India, technology companies in the U.S., government entities in Belgium, and telecommunications companies in Thailand and Brazil.

The GeoServer server has also served as a conduit for Condi and a Mirai botnet variant dubbed JenX, and at least four types of cryptocurrency miners, one of which is retrieved from a fake website that impersonates the Institute of Chartered Accountants of India (ICAI).

Perhaps the most notable of the attack chains leveraging the flaw is the one that propagates an advanced Linux backdoor called SideWalk, which is attributed to a Chinese threat actor tracked as APT41.

The starting point is a shell script that's responsible for downloading the ELF binaries for ARM, MIPS, and X86 architectures, which, in turn, extracts the C2 server from an encrypted configuration, connects to it, and receives further commands for execution on the compromised device.

This includes running a legitimate tool known as Fast Reverse Proxy (FRP) to evade detection by creating an encrypted tunnel from the host to the attacker-controlled server, allowing for persistent remote access, data exfiltration, and payload deployment.

"The primary targets appear to be distributed across three main regions: South America, Europe, and Asia," security researchers Cara Lin and Vincent Li said.

"This geographical spread suggests a sophisticated and far-reaching attack campaign, potentially exploiting vulnerabilities common to these diverse markets or targeting specific industries prevalent in these areas."

The development comes as CISA this week added to its KEV catalog two flaws found in 2021 in DrayTek VigorConnect (CVE-2021-20123 and CVE-2021-20124, CVSS scores: 7.5) that could be exploited to download arbitrary files from the underlying operating system with root privileges.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

The funds from Germany's Sovereign Tech Fund will be used to integrate zero-trust capabilities, tools for software bill of materials, and other security features.

Source: Les Polders via Alamy Stock Photo

The health of the global Internet and digital infrastructure relies heavily on volunteer-maintained open source projects. Various organizations and initiatives now provide funding to make security fixes or improve features for some of these projects.

Last week, the FreeBSD Foundation announced a €686,400 (approximately $762,540) investment from Germany's Sovereign Tech Fund. The foundation drives development and maintenance of the FreeBSD operating system, a Unix-based operating system similar to Linux. The funding from STF is intended to cover work for the rest of 2024 and extend into 2025 and will focus on security features and improvements.

STF is supported by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) and is hosted by the German Federal Agency for Disruptive Innovation (SPRIND). The fund has actively supported open source projects that are important components of the global digital infrastructure, such as €1 million ($1.1 million) for GNOME (a widely used desktop application for Linux operating systems) development at the end of last year and €203,000 ($225,487) to GStreamer (a multimedia framework used widely in streaming apps, embedded devices, and browsers) earlier this year. Several of STF's recent investments are tied to security improvements, such as making the encrypted home directory a GNOME feature and rewriting GStreamer's various Web and networking protocols (RTP/RTCP, RTSP, and WebRTC) from C to Rust to eliminate recurring memory-based vulnerabilities.

The FreeBSD investment will also focus on several security initiatives, such as zero-trust builds, continuous integration/continuous delivery (CI/CD) automation, reducing technical debt, enhancing security controls, and improving tools related to the software bill of materials. Reducing technical debt is important since many vulnerabilities linger on in years-old components that are no longer being maintained or even looked at.

Zero-trust builds refer to the ability to prove where all the source code and tooling used in FreeBSD came from and are trusted. This is necessary to ensure that the tools used (such as compilers) are not introducing backdoors or malware into the code.

The focus on CI/CD automation is necessary to streamlining software delivery and operations. It will allow for constantly running security tests to ensure that changes have not introduced vulnerabilities and fixing them as they are found.

"This investment in critical digital infrastructure will accelerate modernization of FreeBSD, enhance security hygiene, and improve developer experiences," said Fiona Krakenbürger, co-founder of STF, in a statement.

STF has supported a slew of other open source projects, including curl, FFmpeg, Rustls (a TLS library written in Rust), and Coreutils uutils (the coreutils library with basic file, shell, and text functions rewritten in Rust).

FreeBSD Gets €686,400 to Boost Security Features

While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.

Friday, September 6, 2024 06:00

*   Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code. 
*   While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported to the vendor in April 2024.  
*   Cisco Talos researchers have confirmed that WeChat versions up to 8.0.42 (the latest version on the Google Play store for Android devices before June 14, 2024) were vulnerable to this issue. However, due to the dynamic WebView loading mechanism, Talos cannot confirm if it’s patched on all versions. 
*   Talos reported the vulnerability to Tencent WeChat on April 30, 2024, and continued our investigation in the following weeks and months. 

**Vulnerability overview **

WeChat is an instant messenger application with a large user base in China. It also offers users the ability to pay for certain products through the app and includes several functionalities similar to other social media platforms like Facebook and X. 

During Cisco Talos’ research of WeChat, we uncovered that it employs a custom WebView component instead of relying on the built-in Android WebView. This component is a custom version of XWalk, maintained by Tencent, which consists of an embedded Chromium browser with V8 version 8.6.365.13 released on Oct. 12, 2020, supporting the rendering of HTML and the execution of JavaScript. 

The custom WebView component is dynamically downloaded onto the phone after the user logs into the app for the first time, allowing Tencent to deploy dynamic updates. When downloaded, XWalk webview is located at the path \`/data/data/com.tencent.mm/app\_xwalk\_4433/apk/base.apk\`. The library at /data/data/com.tencent.mm/app_xwalk_4433/extracted_xwalkcore/libxwebcore.so contains an embedded browser environment with an outdated version of V8.  

GitHub Security Labs published detailed analysis of this vulnerability, CVE-2023-3420, for V8 version 11.4.183.19 in June 2023.      

**How can the exploit be triggered? **

The exploit, which we have seen in the wild,  is triggered when the victim clicks a URL in a malicious WeChat message. Clicking a URL in WeChat causes the webpage with embedded JavaScript to be loaded inside XWalk, which triggers exploitation. A so called one-click exploit. 

**What is the impact of this vulnerability? **

The exploit allows the threat actor to gain control of the victim's device and execute arbitrary code. 

> CVSSv3 Score: 8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

**How do I know if I’m impacted? **

Talos has confirmed the WeChat version 8.0.42 (the latest version available on the Play Store before June 14) is impacted. For WeChat using the impacted custom browser (MMWEBID/2247), the user agent of request includes the version information of the custom browser. For example: 

_Mozilla/5.0 (Linux; Android 14; Pixel 6 Build/UQ1A.240105.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/86.0.4240.99 XWEB/4433 MMWEBSDK/20230805 Mobile Safari/537.36 MMWEBID/2247 MicroMessenger/8.0.42.2428(0x28002A48) WeChat/arm64 Weixin GPVersion/1 NetType/4G Language/en ABI/arm64_  

**What do I do if I’m impacted? **

Update to the latest version of WeChat and confirm XWalk is updated as well (in our testing, the app does not get updated to the latest version automatically right after the update is released). Alternatively, do not click on any links sent over WeChat if using the impacted versions. If you must read links, copy the link from the WeChat chat and open them on an updated web browser outside the application. We recommend WeChat users be aware of the URL links sent in WeChat. Before clicking the URL links, verify it’s from a trusted source.  

**Bug report Timeline **

*   April 30, 2024: Disclosed to vendor while research was ongoing. 
*   May 31, 2024: Tencent acknowledges report and confirms they know about the vulnerability and are working on patching it. 
*   June 14, 2024: New version of WeChat 8.0.48 released on Play Store. However, the app on our testing device did not get automatically updated.  
*   June 27, 2024: Notified Vendor of our intention to publish. 

**Credit **

Chi En Shen (Ashley Shen), Vitor Ventura, Michael Gentile and Aleksandar Nikolic of Cisco Talos.

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows.
The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.


"An attacker with no valid

Cybersecurity / Vulnerability

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows.

The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.

"An attacker with no valid credentials exploit missing view authorization checks in the web application to execute arbitrary code on the server," Rapid7 security researcher Ryan Emmons said in a new report.

It's worth noting that CVE-2024-45195 is a bypass for a sequence of issues, CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856, which were addressed by the project maintainers over the past few months.

Both CVE-2024-32113 and CVE-2024-38856 have since come under active exploitation in the wild, with the former leveraged to deploy the Mirai botnet malware.

Rapid7 said all three older shortcomings stem from the "ability to desynchronize the controller and view map state," a problem that was never fully remediated in any of the patches.

A consequence of the vulnerability is that it could be abused by attackers to execute code or SQL queries and achieve remote code execution sans authentication.

The latest patch put in place "validates that a view should permit anonymous access if a user is unauthenticated, rather than performing authorization checks purely based on the target controller."

Apache OFBiz version 18.12.16 also addresses a critical server-side request forgery (SSRF) vulnerability (CVE-2024-45507, CVSS score: 9.8) that could lead to unauthorized access and system compromise by taking advantage of a specially crafted URL.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.
The list of shortcomings is below -

CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.


CVE-2024-42024 (CVSS score: 9.1

Threat Prevention / Software Security

Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.

The list of shortcomings is below -

*   **CVE-2024-40711 (CVSS score: 9.8)** - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.

*   **CVE-2024-42024 (CVSS score: 9.1)** - A vulnerability in Veeam ONE that enables an attacker in possession of the Agent service account credentials to perform remote code execution on the underlying machine

*   **CVE-2024-42019 (CVSS score: 9.0)** - A vulnerability in Veeam ONE that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account

*   **CVE-2024-38650 (CVSS score: 9.9)** - A vulnerability in Veeam Service Provider Console (VPSC) that allows a low privileged attacker to access the NTLM hash of the service account on the server

*   **CVE-2024-39714 (CVSS score: 9.9)** - A vulnerability in VPSC that permits a low-privileged user to upload arbitrary files to the server, resulting in remote code execution on the server

In addition, the September 2024 updates address 13 other high-severity flaws that could permit privilege escalation, multi-factor authentication (MFA) bypass, and execute code with elevated permissions.

All the issues have been addressed in the below versions -

*   Veeam Backup & Replication 12.2 (build 12.2.0.334)
*   Veeam Agent for Linux 6.2 (build 6.2.0.101)
*   Veeam ONE v12.2 (build 12.2.0.4093)
*   Veeam Service Provider Console v8.1 (build 8.1.0.21377)
*   Veeam Backup for Nutanix AHV Plug-In v12.6.0.632
*   Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299

With flaws in Veeam software Users becoming a lucrative target for threat actors to serve ransomware, users are advised to update to the latest version as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Debian Linux Security Advisory 5766-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5766-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 05, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7970 CVE-2024-8362Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.0.6613.119-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbZZHQACgkQZF0CR8NudjdsQRAAiFbc3LsuiQ8pvOalXN4w1A9lgG95YZ7DH5+02gV6N/M83jIVQvrfffVgdUNTkHP+GrjNBFjTf4kMaufj0dxe75KX8IYBm+t4+7Naivlgkjz1YQhY7fbQdQzzMZXtID7xyU3qEEutO+0hJ+P/Sf/CoXkP7aEzkNMaiZfSzLp1W98/jIwHfkUlBAx2L6EQSq3UEjT0wml53x+uOxISObgHxTE0irbXH4k4Z/lXO5xtm416auxPe1WuLQoMtd1xH4iUyVfVwLcdbkSsa3j0KGZwquQz2QlChzSxvzLF4Bp4pVlNIGwSE3rW8+FFTzaQ5hipK2InzfGPFpS2wxPwFOIRf/qHx6MnlY7gTULr0U8UCWqdHuzCmGxlY/RCNvmuo8yqp8O5ERosW5DzqL/duid37pFbHNVp33wQ17/9y51lBe1XktZWqOELB2lhRN64R1dlWvGJErLM3+/xAsX5c0DX6CPoHN/ak/xKf5nnManRD3rlcgkHlVPvsewokGOhptKjvM3gm6Iw08ywEfLAMW/nAaoOkjhXk2AvgYQKUwSEmmiwY+wwQcb+zgc3hNQ/as5C4j13Xl19N7RpW6HqxSqH9tEp9mOJgzDe5kOExMpUJ6J2w74QPfp3galwH0rdrCdy7+zGSDB0nHDqqTjWBc5/AjG1q1b6t1gC2gt0w3jCHMc==TQbe-----END PGP SIGNATURE-----

Debian Security Advisory 5766-1

Red Hat Security Advisory 2024-6360-03 - An update for libtiff is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a null pointer vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6360.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libtiff security updateAdvisory ID:        RHSA-2024:6360-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6360Issue date:         2024-09-04Revision:           03CVE Names:          CVE-2024-7006====================================================================Summary: An update for libtiff is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.Security Fix(es):* libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7006References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2302996

Red Hat Security Advisory 2024-6360-03

Red Hat Security Advisory 2024-6358-03 - An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6358.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-urllib3 security updateAdvisory ID:        RHSA-2024:6358-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6358Issue date:         2024-09-04Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python-urllib3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Tag

#linux