Red Hat Security Advisory 2023-7754-03 - An update for pixman is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and out of bounds write vulnerabilities.
422121bbe68cb57b2583983697e5c320b2bec4226bc5dffc45c5e2fd784e7e80
Red Hat Security Advisory 2023-7753-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.
025fc9b2686920fcba00b908a1666dc1627fd40f9ae850ad5d53441e878a3c8f
Red Hat Security Advisory 2023-7749-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include information leakage and use-after-free vulnerabilities.
89c9ce31ac110eaf650b92f8b97227e0751fc532f28bd34f126c96758196db90
Red Hat Security Advisory 2023-7747-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.
cf0ed73dffc335484b496c5c29643c9bc05b7f3be3c4430ae99015d46b35e1a2
Red Hat Security Advisory 2023-7744-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
3e7fe43466f72c6f0d67960515abcfa3f36aa007811572d672e26307990d38d0
Red Hat Security Advisory 2023-7743-03 - An update for curl is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
61dbe3d2b3594ca5695aedfacb1df711d9c810c40b51103802dcc2651ee85a6e
Red Hat Security Advisory 2023-7741-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.
7512722cb5e94873c6897a5a05abf1e45455bf98605f8f2e63b3eb12e35b7c2d
Red Hat Security Advisory 2023-7740-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.
5d82bed8484e234264b5bc783bdb9dc2eb4c1f71d3d03151c68d1d28e8894dc2
Red Hat Security Advisory 2023-7739-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
7889b26e96376a4ab0f5e8c6acbf254739c935b68a56ab6669db28254b8ec64f
Red Hat Security Advisory 2023-7734-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.
629a3646f89618b95254e2abe6f30f00794f39e87a2c1be33f8125d99651fc94
Red Hat Security Advisory 2023-7733-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
6105620b16edee7d72c70b935b05ec32624f557c3d9089eaea0b13996bce1929
Red Hat Security Advisory 2023-7732-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.
6306d36952e660dab6622fd658553c267c05e40281a8975775e460427bd6b992
Red Hat Security Advisory 2023-7731-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
464e1d70069a6429f185d11166773b81e0ed4322af55c39101d5414101d1b118
Red Hat Security Advisory 2023-7687-03 - Red Hat OpenShift Container Platform release 4.13.26 is now available with updates to packages and images that fix several bugs and add enhancements.
0b002d3258cdc6ba405b0ae41f34a41123e640f5739792380adab8c3e09087ce
Red Hat Security Advisory 2023-7682-03 - Red Hat OpenShift Container Platform release 4.14.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
725ab647e9e422223841ef39b96f7776daf201798486e2ca721db480fe6144e0
Red Hat Security Advisory 2023-7681-03 - Red Hat OpenShift Container Platform release 4.14.6 is now available with updates to packages and images that fix several bugs. Issues addressed include a denial of service vulnerability.
421f04c897a1e92dfc7130e342d97b0c6ef393789b827ada9b758e9e14c52768
Apache Struts versions 2.0.0 through 2.3.37 (EOL), 2.5.0 through 2.5.32, and 6.0.0 through 6.3.0 suffer from an issues where an attacker can manipulate file upload parameters to enable a path traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform remote code execution.
3eabd0d7746d3af616a6a03f2fad7d9609f5c2a795390784bc379146a76826ad
Debian Linux Security Advisory 5575-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine.
fb2b3e50ddbe9455517494418af65058e060ac8c36d2bcce67a49bffceb3b808
Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.
213eb449b719ea3918fe5b9547405966d36fc8f530f2d761e55375d63d105631
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.
ea31fbcf387f710ebb5a4b9243ec8009edb093af5bce5d17f8b759e679c83bdf
Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.
63590f2a95686afe65ce57bda6bffeb19c1b4db5f13381940d89cd04952491fd
Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
0a9053db00b3d18766045707f877cd0acf8a50d5ecb0aa473dcdada6eba1c983
Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
b151f8b1c0e89b126e52b50cb36a0892dbb13b53ad032fb9ccca75e4147b0865
Ubuntu Security Notice 6547-1 - it was discovered that Python incorrectly handled null bytes when normalizing pathnames. An attacker could possibly use this issue to bypass certain filename checks.
8c7bb5b6bcb90779a8426f3dd40d8e11e83442d02ec24171e656ecd3e87d2dcc
Ubuntu Security Notice 6546-1 - Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. Reginaldo Silva discovered that LibreOffice incorrectly handled certain non-typical hyperlinks. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary scripts.
01fab37c05cd681d38f4c0f1e488e1ac1bd4fefddc1383235b51249b5b081a76