#ubuntu

Employee Management System version 1.0 suffers from an ignored default credential vulnerability.

### Summary Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. ### Environment Variable injection (`GHSL-2024-177`) The [`docs-preview.yml` workflow](https://github.com/litestar-org/litestar/blob/ffaf5616b19f6f0f4128209c8b49dbcb41568aa2/.github/workflows/docs-preview.yml) gets triggered when the `Tests And Linting` workflow completes: ```yaml on: workflow_run: workflows: [Tests And Linting] types: [completed] ``` Later, it downloads and extracts an artifact generated by the triggering workflow: ```yaml - name: Download artifact uses: dawidd6/action-download-artifact@v6 with: workflow_conclusion: success run_id: ${{ github.event.workflow_run.id }} path: docs-preview name: docs-preview ``` And reads `docs-preview/.pr_number` into an Environment Variable: ```yaml - name: Set PR number run: echo "PR_NUMBER=$(cat docs-preview/.pr_number)" >> $GITHUB_ENV ``` The ...

Ubuntu Security Notice 6953-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6952-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6951-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6950-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Ubuntu Security Notice 6948-1 - It was discovered that Salt incorrectly handled crafted web requests. A remote attacker could possibly use this issue to run arbitrary commands. It was discovered that Salt incorrectly created certificates with weak file permissions. It was discovered that Salt incorrectly handled credential validation. A remote attacker could possibly use this issue to bypass authentication.

Ubuntu Security Notice 6947-1 - It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. It was discovered that Kerberos incorrectly handled GSS message tokens when sent a token with invalid length fields. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 6945-1 - Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.