[local] Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation

Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation

[remote] Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

[webapps] WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)

WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)

[webapps] Zenphoto 1.6 - Multiple stored XSS

Zenphoto 1.6 - Multiple stored XSS

[webapps] Ulicms 2023.1 - create admin user via mass assignment

Ulicms 2023.1 - create admin user via mass assignment

[webapps] SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)

Ubuntu Security Notice USN-6108-1

Ubuntu Security Notice 6108-1 - It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands.

Ubuntu Security Notice USN-6106-1

Ubuntu Security Notice 6106-1 - It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations.

Red Hat Security Advisory 2023-3299-01

Red Hat Security Advisory 2023-3299-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, deserialization, improper authorization, and information leakage vulnerabilities.

Ubuntu Security Notice USN-6105-1

Ubuntu Security Notice 6105-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle.

Ubuntu Security Notice USN-6105-2

Ubuntu Security Notice 6105-2 - USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle.

Red Hat Security Advisory 2023-3318-01

Red Hat Security Advisory 2023-3318-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler.

Ubuntu Security Notice USN-6100-1

Ubuntu Security Notice 6100-1 - It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service.

Red Hat Security Advisory 2023-3296-01

Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.

Red Hat Security Advisory 2023-3297-01

Red Hat Security Advisory 2023-3297-01 - Red Hat Advanced Cluster Management for Kubernetes 2.7.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-3291-01

Red Hat Security Advisory 2023-3291-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

Ubuntu Security Notice USN-6104-1

Ubuntu Security Notice 6104-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security policies. An authenticated user could possibly use this issue to complete otherwise forbidden reads and modifications.

Red Hat Security Advisory 2023-3216-01

Red Hat Security Advisory 2023-3216-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

Red Hat Security Advisory 2023-3292-01

Red Hat Security Advisory 2023-3292-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Debian Security Advisory 5410-1

Debian Linux Security Advisory 5410-1 - Multiple security issues were discovered in Sofia-SIP, a SIP User-Agent library, which could result in denial of service.

Ubuntu Security Notice USN-6103-1

Ubuntu Security Notice 6103-1 - It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2023-3276-01

Red Hat Security Advisory 2023-3276-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Red Hat Security Advisory 2023-3269-01

Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.

Ubuntu Security Notice USN-6074-3

Ubuntu Security Notice 6074-3 - USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly manage memory when using RLBox Expat driver. An attacker could potentially exploits this issue to cause a denial of service. Anne van Kesteren discovered that Firefox did not properly validate the import call in service workers. An attacker could potentially exploits this to obtain sensitive information. Sam Ezeh discovered that Firefox did not properly handle certain favicon image files. If a user were tricked into opening a malicious favicon file, an attacker could cause a denial of service.

Ubuntu Security Notice USN-6101-1

Ubuntu Security Notice 6101-1 - It was discovered that GNU binutils incorrectly handled certain DWARF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.10. It was discovered that GNU binutils did not properly verify the version definitions in zer0-lengthverdef table. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04.

Red Hat Security Advisory 2023-3280-01

Red Hat Security Advisory 2023-3280-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Red Hat Security Advisory 2023-3218-01

Red Hat Security Advisory 2023-3218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

Ubuntu Security Notice USN-6102-1

Ubuntu Security Notice 6102-1 - It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu 20.04 LTS. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-5996-2

Ubuntu Security Notice 5996-2 - USN-5996-1 fixed vulnerabilities in Liblouis. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6098-1

Ubuntu Security Notice 6098-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that Jhead did not properly handle certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Red Hat Security Advisory 2023-3263-01

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

Ubuntu Security Notice USN-6042-2

Ubuntu Security Notice 6042-2 - USN-6042-1 fixed a vulnerability in Cloud-init. The update introduced a regression on Ubuntu 20.04 LTS resulting in a possible loss of networking. This update fixes the problem. James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

Red Hat Security Advisory 2023-3264-01

Red Hat Security Advisory 2023-3264-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Red Hat Security Advisory 2023-3278-01

Red Hat Security Advisory 2023-3278-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6088-2

Ubuntu Security Notice 6088-2 - USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. Felix Wilhelm discovered that runC incorrecly handled netlink messages. An attacker could possibly use this issue to escalate privileges.

Red Hat Security Advisory 2023-3262-01

Red Hat Security Advisory 2023-3262-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

Red Hat Security Advisory 2023-3277-01

Red Hat Security Advisory 2023-3277-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-3265-01

Red Hat Security Advisory 2023-3265-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

[webapps] Service Provider Management System v1.0 - SQL Injection

Service Provider Management System v1.0 - SQL Injection

[webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute

[local] Trend Micro OfficeScan Client 10.0 - ACL Service LPE

Trend Micro OfficeScan Client 10.0 - ACL Service LPE

[webapps] WBiz Desk 1.2 - SQL Injection

WBiz Desk 1.2 - SQL Injection

[remote] Screen SFT DAB 600/C - Authentication Bypass Erase Account

Screen SFT DAB 600/C - Authentication Bypass Erase Account

[local] MobileTrans 4.0.11 - Weak Service Privilege Escalation

MobileTrans 4.0.11 - Weak Service Privilege Escalation

[local] Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

[remote] Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

Screen SFT DAB 600/C - Authentication Bypass Reset Board Config

[webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection

Stackposts Social Marketing Tool v1.0 - SQL Injection

[webapps] GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

GetSimple CMS v3.3.16 - Remote Code Execution (RCE)

[webapps] Quicklancer v1.0 - SQL Injection

Quicklancer v1.0 - SQL Injection

[webapps] Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

[webapps] ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)

[webapps] CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)

[webapps] Smart School v1.0 - SQL Injection

Smart School v1.0 - SQL Injection

[webapps] LeadPro CRM v1.0 - SQL Injection

LeadPro CRM v1.0 - SQL Injection

[local] Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

[remote] Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

[local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution

[remote] Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

Screen SFT DAB 600/C - Authentication Bypass Admin Password Change

[webapps] Affiliate Me Version 5.0.1 - SQL Injection

Affiliate Me Version 5.0.1 - SQL Injection

[remote] Screen SFT DAB 600/C - Authentication Bypass Password Change

Screen SFT DAB 600/C - Authentication Bypass Password Change