Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.
45d877f2bc8d1d68f308fad7fe918c90f982d284964eee41b93805a3c6fb1ad2
Red Hat Security Advisory 2023-0476-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
0afc6c6642370936f4775e1b86efe2ada7dfc12d3aba40556abc51cdd57d28f0
Debian Linux Security Advisory 5329-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service against named.
ba64112fea14b7f12cde8326a8cfc48e62b9135aea71c2d573ae11c8f1f09c61
Red Hat Security Advisory 2023-0481-01 - Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. This advisory contains bug fixes and enhancements to the Submariner container images.
e1d718fd33c9e9bcebfe6720e9fcb53cb7cac76300840a1410ba4d3f134691a4
Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
7372a36f401b5f8c67c0eb20699dade4d22f695f36963a2a23be13afe62dc190
PHPJabbers Car Rental Script version 3.0 suffers from a remote SQL injection vulnerability.
da611ec0ad9f60f8789a0b37c087ba77ab18171db28eb201e5d8c4312ef65403
Red Hat Security Advisory 2023-0208-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
413b15e781f2019731ffc4c04c713b38fd5081577917e3783c56d13ec82306ae
Red Hat Security Advisory 2023-0210-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
0c6c9955b069cf18ef23e7e1f3abf9e535f658fd3f2dcc5349892919f8567e1f
Red Hat Security Advisory 2023-0479-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.
d5a8a460836a1434a477fb5c4989e348088a2cd4c81068198b4abc49a30ab0ac
Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).
06533fbbc6fca7b01c8f4833b167ac13e1062aac488b41b5913aa52f99418b15
Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.
78de6afc9535fe20cdbc4329849f36770128cfd58b4cbe81608fa281372496ec
Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.
a9ddfe493b165d13e9e19414d2fa47a50502ff50ea8ddef4c48b8d9afc4a9beb
Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.
f0bbf9c04ccb2873653f86035ec08f7b9388e540d28d2f705eaf53a75692bfea
Ubuntu Security Notice 5829-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
aad823e9a2aa345a90ba89b0bbadac4b45a7aad04940b487e28febdc9f15b3ff
Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
5191983ef8963168f6b03a1f224135a4fa9eeada78c0b5b38f2434fc9ad3b803
Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
2985071766a50a8e3a457c8ecadeaf4670df3071d1b6a482e2b61735fb6b27bb
Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.
68ae094c0e95dda0baf1ff7d76924b49355a5993713728f9bc06bb8c1fa6df00
Ubuntu Security Notice 5828-1 - It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Greg Hudson discovered that Kerberos PAC implementation incorrectly handled certain parsing operations. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
172f865df6482a98eeb5142645b6b3d004e0fcbb18be188deb32de7ee6994283
Ubuntu Security Notice 5827-1 - Rob Schulhof discovered that Bind incorrectly handled a large number of UPDATE messages. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. Borja Marcos discovered that Bind incorrectly handled certain RRSIG queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10.
4a6c45a34899a51b8553be1c11bf1f2681e171dfab7a353c92f318d006c4067a
Ubuntu Security Notice 5826-1 - Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of service. Artem Ivanov discovered that Privoxy incorrectly handled input validations. An attacker could possibly use this issue to perform cross-site scripting attacks.
26dcdfbc6a1704af91932f4ccb7779f56ce61ff6271ade94d4ca02945ed18c5a
Red Hat Security Advisory 2023-0274-01 - Angular JavaScript library packaged for setuptools / pip.
861d9fd6b4728a22c4757bec90d263f6cbe8b10e54bc929dd87ec13c496adfd6
Red Hat Security Advisory 2023-0459-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
1413910a6d49bb3e2e957c5b7d5cee61db93fa62bcfced03fcbe6bf1682cdd41
Red Hat Security Advisory 2023-0276-01 - Python ServerView Common Command Interface Client Library.
67306987ff6b2a6ecd3ffe2346719849b8e54cbb98876b8938b4cbfeb906ae8a
Red Hat Security Advisory 2023-0462-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
900a2eb8a744c9b0969dc895e814b97b4a7a490a46b24b9c37744c9698dfeba6
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
45ffdeee0a2a4c54b776325ef84fa7fc38475f32b241f3fa42096b1facb950e8