Red Hat Security Advisory 2024-0576-03 - An update for avahi is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
c79b31f8248186b9f65d38050ce25d08665662017ef7947d9f65cacfaa0ab7f0Red Hat Security Advisory 2024-0418-03 - An update for avahi is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.
de3aba814e46ee8af29810aa02db774e60259e898ed7db2d06e140e1131ac451Red Hat Security Advisory 2023-7836-03 - An update for avahi is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
9a2de5344afce1a07abf19f30fa7f1c7ae13a2570c385908070c5545c82f97fbRed Hat Security Advisory 2023-6707-01 - An update for avahi is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
1de262abb5220ba283dd75715702d008d1a10611c8c10fec6284f16178ea9bf8Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor (/pentaho/api/repos/dashboards/editor) in order to test the connection by executing a test SQL query. However, further examination revealed that by utilizing CVE-2021-31602, an authentication bypass of Spring APIs, it is possible for an unauthenticated user to execute arbitrary SQL queries on any Pentaho datasource and thus retrieve data from the related databases.
aafd5de6352edfc97e93496f171ced94b49f52a6817c483a7aec6ee26649a0e9Pentaho allows users to upload various files of different file types. The upload service is implemented under the /pentaho/UploadService endpoint. The file types allowed by the application are csv, dat, txt, tar, zip, tgz, gz, gzip. When uploading a file with an extension other than the allowed file types, the application responds with the error message of UploadFileServlet.ERROR_0011 - File type not allowed. Allowable types are csv,dat,txt,tar,zip,tgz,gz,gzip. However, the file extension check can be bypassed by including a single dot "." at the end of the filename.
88d6bd09be7fc284d1910e9a75bbeb0651c9da3a240f985ed3f97efbddeb9345Ubuntu Security Notice 5008-2 - USN-5008-1 fixed a vulnerability in avahi. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. Various other issues were also addressed.
f1ab797dc4ee8aa5ca5bd2caf029df1c826f22cadaab0775b2a4c9473d138db8Ubuntu Security Notice 5008-1 - Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. It was discovered that Avahi incorrectly handled certain hostnames. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. Various other issues were also addressed.
fa0e1e6c77e8b28b0c5d89dca6190efc5b7596e86f1e3bd058c7214eee8549fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed