Ubuntu Security Notice 5902-1 - It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. It was discovered that PHP incorrectly handled resolving long paths. A remote attacker could possibly use this issue to obtain or modify sensitive information. It was discovered that PHP incorrectly handled a large number of parts in HTTP form uploads. A remote attacker could possibly use this issue to cause PHP to consume resources, leading to a denial of service.
d6874c5afe37c2500fc7824d66b24af765e7c0d843c7aa5688092c11c7e428fe
Osprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.
e3aa8cf09a10153c22c1fea563f19e0486760740b752b12095b5ec99f655864f
Ubuntu Security Notice 5821-3 - USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately, it was missing a commit to fix it properly in pip. Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service.
d322c815ee33042be37c615bcc6fe6174cb83b1fdff85530dd694cc79df6a477
WordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the process_form function.
0f2e9edbc08c03cd7f443a7a62b3cdd260180c0c579854b3c4252462f805ba7b
Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
c1b7b0f90016de9ec4293a2e975201de63caf2503842f0f0c825afe6df4f947d
Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.
3ff94000035eb0e3d7750af6a36a24cd3f59ddd0bf32adc49eed8270dae8c139
WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from a cross site scripting vulnerability.
06de2ef6e3f65a11f5f3b433ba90619493f56918211d5fd46b33311a0fbd2e57
Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.
f96ac6802073d61b8a8224120fbbc475b78857a672615467fe07f5419f23785a
Red Hat Security Advisory 2023-0895-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and out of bounds read vulnerabilities.
7a32d3f62970f0d43a33d17d8aa9612b3eb48e892ab787ada4397f1315d9a773
Debian Linux Security Advisory 5365-1 - Patrick Monnerat discovered that Curl's support for "chained" HTTP compression algorithms was susceptible to denial of service.
2cfddea329a31bcbbff3f27ed3f37c97897bb7bdb2d77df616068add33038c0b
Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.
c1bf05288bbed246cc644a8fdb368c0546ebbfbb0723ec8709bda8abbafeddfd
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
db0ca77f3b6262f047a41f704f1fbcabf469fa7d9140d8fddf64e48fc5dc7ab1
Ubuntu Security Notice 5899-1 - It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting attacks.
5d72108cc6e645496aa7b0bcd879313446b5beafd830d95fdebed2c98d5399fb
Red Hat Security Advisory 2023-0958-01 - Vim is an updated and improved version of the vi editor.
99f24c307f09006a609a18d425d14c54640bf4c73d0cb49aeac542afd0025357
Red Hat Security Advisory 2023-0970-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include HTTP response splitting and out of bounds read vulnerabilities.
a1ada839aded658407acda43e1260cdf78ffb16398d1a830e1830abd626eea99
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
36296eda1780ae0ac70f0164496b08fb374f20a8169546a905c771704b399ab9
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
54e985965675a39585d65ec988986982607117a47b0151caf9326c6cb4e834f8
Ubuntu Security Notice 5901-1 - Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to recover sensitive information.
a9c617e5a096f4aaab32cbfcc28108db40b5d3024f260c3a3ea6ed1f3e9d60c4
Red Hat Security Advisory 2023-0978-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include heap overflow and integer overflow vulnerabilities.
f9995ae6dacfd02db677646ff8b9b042c67fba6965a6700f58a151fb62f4f238
Red Hat Security Advisory 2023-0977-01 - Red Hat OpenShift Data Science 1.22.1 security update. Issues addressed include an improper authorization vulnerability.
a878915a7f3ed4aeab08fa389c9615a55546bab6b3649cdfebce0a5bcf1c42d3
Red Hat Security Advisory 2023-0959-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.
01ff8492a1db1b9671d8c3c2081e05b1a683acd8daf655a41e5260bb3247aa1a
Ubuntu Security Notice 5896-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.
af959d565a1afe5e24fd2d9a4c8e3f995e944acd8d8d9680416a97273359eee3
WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.
71cc0997d47b4237116443379d1643e4dfca225ccadb88dfc2eb6ace59a58348
Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.
3ed05d8a034b8ccbd8a190a2e4579c85ef5adbb3a2f5970087da2e589448bbc5
Red Hat Security Advisory 2023-0944-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
3e3339d1ca3dba78791649f6728aee5dacd42b66bb6cbcf6160835330c3ced9c