Virtual apps and desktops - 1912/2203 -Citrix Infrastructure / OS upgrade

Query on upgrading the OS Citrix servers Storefront, DDC and License server...

[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Sql injection

A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTSID leads to sql injection. The exploit has been disclosed to the...

CVE-2023-5285 Tongda OA 2017 delete.php sql injection

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability

Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27534. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow ...

CVE-2023-4208

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. When u32change is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a problem when...

CVE-2023-3777

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain...

Design/Logic Flaw

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can lead unbinding the chain and objects be deactivate...

CVE-2023-4206

A use-after-free vulnerability in the Linux kernel's net/sched: clsroute component can be exploited to achieve local privilege escalation. When route4change is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a problem when...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the component Spectator List Name Handler. The...

Unveiling The TunnelCrack VPN Vulnerabilities

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The Tunnelcrack vulnerabilities are a set of four vulnerabilities that affect most VPN products. The vulnerabilities affect the way that VPNs handle certain ciphers, which are algorithms used to...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.8 packages and security update

Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

CVE-2023-4015

A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can lead unbinding the chain and objects be deactivate...

Design/Logic Flaw

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 security and extras update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of...

CVE-2023-38496 Apptainer's ineffective privileges drop when requesting container network

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft ...

Ineffective privileges drop when requesting container network

Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an...