Debian Linux Security Advisory 5437-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
7c544f31219784b743536b45da6065cc810499bfb45dbd1197cd11a809f8e80a
Red Hat Security Advisory 2023-3740-01 - This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.
58c98dc04b54e3626d83bf209197c06eb22fe9f8e980bb6b6099f24aba62f3bd
It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
9af3c677c764aab7902d47c2a505555b84fde68a690ae6e7624c01659fe90f86
Ubuntu Security Notice 6183-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled the cache size limit. A remote attacker could possibly use this issue to consume memory, leading to a denial of service. It was discovered that Bind incorrectly handled the recursive-clients quota. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.
8c98b23533bb65799530876b7495994b7f2a7e5243dbe968de2fc62016d3d8e1
Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.
00566f877e194c658cc2885f9f671af06701ad0fc1fd4587e997d9d53e79ea82
Debian Linux Security Advisory 5436-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
10c658300144766f15b5f3423e106e451ef63ac07ea18305bd88c937ac36abf1
OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.
a27979ae3ae36aed54def31f404e98c49b579e2113420246b0b046bb9f32e18d
WordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.
0aa2086e4896317bbe3e7bdbf4459a1d7ed4b988564f1de3d17a4038856e606e
Zstore version 6.5.4 suffers from a database disclosure vulnerability.
59ef2a6ae2dedf274f03866554742255b38accdbc92491e12e38cf45e9ba3fd8
Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
8783d76c406bb3dbdd7902bd839ae0f4e25d1290d7045d5be51a4596aef627db
Debian Linux Security Advisory 5435-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.
dfca8e4b23324ea3fd1686d46452b9a26062e6cab430b4598ba6351a0f959fc6
Ad Manager Pro version 3.05 suffers from a backup disclosure vulnerability.
9849adf143ac40f826534802c5f270e16d48ad28e11911067998927a139fda16
Active Matrimonial CMS version 1.4 suffers from an html injection vulnerability.
4f76c6ed2c67cc6b8b75cac164fbea9625d1673592f28718c07536a4c040b3cf
Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
196186a82819b64abfb35d95f92fbdf909a0e1469d2a1617734772b452b11b4d
Red Hat Security Advisory 2023-3715-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a memory leak vulnerability.
9b8b53521738368a749fe60c780351f9820f05a28d78796091f980340ba474e6
Acon Architecture and Construction Website CMS version 1.2 appears to leave default credentials installed after installation.
70ef2d8bc91eb56a1a4440da226b2cf249319048b28003a05fa920674c61c763
ACJWEB DESIGNER version 1.0 suffers from a remote SQL injection vulnerability.
1476b83d361f5d3b12a5630e5e0b2a06fcf04b60ef0362ae9f733f5b20894725
Red Hat Security Advisory 2023-3714-01 - PostgreSQL is an advanced object-relational database management system.
1980932e5150f22b5f57c035b3ff2943d17686a6d61283f8449cf87085fa2a42
Red Hat Security Advisory 2023-3342-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra low-latency container images for Red Hat OpenShift Container Platform 4.13. Issues addressed include a bypass vulnerability.
5813a13210ed8e54dc4702cd68bd86626f42460b625c85cdf1c29d002e4fa0ba
Hospital Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
bef4ac773418eecdb2cb90f3b34c9de48f70d82f6c1f69f08d2eab960efd9daf
Red Hat Security Advisory 2023-3725-01 - The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
f6cb2a7d3051126b1c4eecbd958c190d66bdc0bf9a5f855ef91302dcd94c0eaa
Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
f8a34f995a7852da92a3cca107e8f6571599a4b822024fff055ccd561d71651d
Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
80c9f68cc29ea00b3e16e1e525e2fcbc5bac527cd864bd1396b7641c8f97a6a4
Red Hat Security Advisory 2023-3722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer over-read and denial of service vulnerabilities.
e1612faff6f424cfc97b4e21cc06d8f464dc4df56c7dcf975e3d7e907960a248
Microsoft OneNote version 2305 Build 16.0.16501.20074 suffers from a spoofing vulnerability.
e1a6ba66345421d4b84c2f1e23049522fda9532f67c44a4fb8e6abd93f47c7f4