Ubuntu Security Notice 6128-1 - It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
0222261d91edfe69a65c54788ca77efb0b74baf43b567276f958ccd3822638be
Red Hat Security Advisory 2023-3415-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.
9f844ced4bea3a65fb155e612256ae1b0c62dd6cc34ad0c3e7b08d97c82fc4c8
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash. Versions 7.3.0.10 and below are affected.
bf316bc05bcb273edd4ab75c498cf1dd7821da0c8c8f6d0a7544d4d163c7226f
AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
9592ddac406040974faa1b34a459f123d010fd293a18114a8468d871b7825c7b
Red Hat Security Advisory 2023-3408-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include double free and use-after-free vulnerabilities.
f72c65031868645261cd4d6a767c461670e58de67837da3bcbb897896baa72fe
Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
d5bebd00eb8fbd02af592148b36695e2ef824baceadfe6af62ac658584cf2947
This Metasploit module triggers a denial of service vulnerability in the Flexense HTTP server. The vulnerability is caused by a user mode write access memory violation and can be triggered with rapidly sending a variety of HTTP requests with long HTTP header values. Multiple Flexense applications that are using Flexense HTTP server versions 10.6.24 and below are vulnerable.
813816198b6e0b95d0076b6edc4437a705a53f10378492556a643fa2b78999b8
Red Hat Security Advisory 2023-3397-01 - QATzip is a user space library which builds on top of the Intel QuickAssist Technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request to the Intel Chipset Series. Issues addressed include a privilege escalation vulnerability.
ff4d7d2d2d8fa6eef3ae831663a662eb574962c5c677f55cbfd3a786e8b9310e
Red Hat Security Advisory 2023-3403-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.
f54146335675dc694b29a4ff000c8729a11c4be8022e553380c4e6847ff9e34a
Faculty Evaluation System version 1.0 suffers from a remote shell upload vulnerability.
241254abd3df9a7455cf5f17e73c98c7409c952bdb7ce70c4a493a17b023d043
Red Hat Security Advisory 2023-3387-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Issues addressed include a cross site scripting vulnerability.
bfeb105a62114f3860cd24d5a94638c5cd4325a86fb128e404881d888f7ccc2f
Menorah Restaurant version 1.0.0 appears to leave default credentials installed after installation.
69692a4a3602d1e51c4e360ec7bb6355abdd9cb62f93e70bc2a415f8fc579bff
Red Hat Security Advisory 2023-3394-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.
0fdb175c1730eec8a17b98d05a6e28fc03d2a86a2031e2385a64e517d0ca6190
Acelle Email Marketing version 1.0 suffers from an arbitrary file upload vulnerability.
8ab91b141d2a757f5c8139e68bc3122becbc9e84709fafd036525d8dda27931b
Online Security Guards Hiring System version 1.0 suffers from a cross site scripting vulnerability.
6e95e75a8463307d0fda26a7b0db59884b975be934f81ed140321541ac8f07b1
Red Hat Security Advisory 2023-3388-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
a5996ba116d7d97a15ea7c093811a9a3c102c48a853d7fb0910bca8327eb216f
Rukovoditel version 3.3.1 suffers from a CSV injection vulnerability.
f5440dce4d96b638359d12c85611ce549d315848a38eb5897206fe7c0282d5b3
Bumsys Business Management System version 1.0.3-beta suffers from a remote shell upload vulnerability.
9b18d9d9786b65e2dd3bca451efb34b98dda2b60625edec7acca67ab3fa4a44a