Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.

    --------------------------------------------------------------------------------Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability--------------------------------------------------------------------------------[-] Software Link:https://tiki.org[-] Affected Versions:Version 24.0 and prior versions.[-] Vulnerability Description:The vulnerability is located in the /lib/structures/structlib.php script, specifically in the StructLib::structure_to_webhelp() method, which is using an eval() call with user-controlled input. This can be exploited by malicious users to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires the “feature_create_webhelp” to be enabled and an account with permissions to create a wiki page.[-] Solution:Upgrade to version 24.1 or later.[-] Disclosure Timeline:[08/03/2022] - Vendor notified[23/08/2022] - Version 24.1 released[09/01/2023] - Public disclosure[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2023-22853 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Original Advisory:http://karmainsecurity.com/KIS-2023-02

Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-5797-1January 09, 2023webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   libjavascriptcoregtk-4.0-18     2.38.3-0ubuntu0.22.10.1   libjavascriptcoregtk-4.1-0      2.38.3-0ubuntu0.22.10.1   libjavascriptcoregtk-5.0-0      2.38.3-0ubuntu0.22.10.1   libwebkit2gtk-4.0-37            2.38.3-0ubuntu0.22.10.1   libwebkit2gtk-4.1-0             2.38.3-0ubuntu0.22.10.1   libwebkit2gtk-5.0-0             2.38.3-0ubuntu0.22.10.1Ubuntu 22.04 LTS:   libjavascriptcoregtk-4.0-18     2.38.3-0ubuntu0.22.04.1   libjavascriptcoregtk-4.1-0      2.38.3-0ubuntu0.22.04.1   libwebkit2gtk-4.0-37            2.38.3-0ubuntu0.22.04.1   libwebkit2gtk-4.1-0             2.38.3-0ubuntu0.22.04.1Ubuntu 20.04 LTS:   libjavascriptcoregtk-4.0-18     2.38.3-0ubuntu0.20.04.1   libwebkit2gtk-4.0-37            2.38.3-0ubuntu0.20.04.1This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5797-1   CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692,   CVE-2022-46698, CVE-2022-46699, CVE-2022-46700Package Information:   https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.10.1   https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.22.04.1   https://launchpad.net/ubuntu/+source/webkit2gtk/2.38.3-0ubuntu0.20.04.1

Ubuntu Security Notice USN-5797-1

Red Hat Security Advisory 2023-0032-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.47. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.10.47 bug fix and security update  
Advisory ID:       RHSA-2023:0032-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0032  
Issue date:        2023-01-10  
CVE Names:         CVE-2022-41912  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.10.47 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.10.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.10.47. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2023:0031

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

* crewjam/saml: Authentication bypass when processing SAML responses  
containing multiple Assertion elements (CVE-2022-41912)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:bb0d33862d3f550474d5c34e6bc379c095337eff9d3c3c3eac0787a4b9e7140a

(For s390x architecture)  
The image digest is  
sha256:44effd72d85281ac3fdbcb3485d7d1653dad136f215ef9b15a2f468706fe479d

(For ppc64le architecture)  
The image digest is  
sha256:89cc2124e59e73318f145de7bc738032976a5f4d0a416ff1109b34b201fa2db8

(For aarch64 architecture)  
The image digest is  
sha256:cce182ed4d3fbc245163a5bb40630a98cd4eada70b5173d80434be48758bd8ce

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-3262 - error: failed to ensurePod for every pod created in 4.10.z  
OCPBUGS-4604 - fix https://github.com/kubernetes/kubernetes/pull/109137 in OpenShift 4.10  
OCPBUGS-5040 - [release-4.10] unit-tests flaking on 4.10  
OCPBUGS-5112 - Fails to deprovision cluster when swift omits 'content-type' and there are empty containers

6. References:

https://access.redhat.com/security/cve/CVE-2022-41912  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY70/L9zjgjWX9erEAQjWEw//fiqrq4FyFg/25zO9ioyYZFkK1lJ12QiH  
C6cyg5WwxJr4HPsE0kYcVvzlCSz+aoWejKq6vlZfiu6Ze3xf6mlcZxvhRA74kElg  
QPrEKwZxe/9ZGjd8+1imWuZENtqVIyjBbhx2KZH0ZYU0cPu+dMeh+FvsqhtqOYRP  
K8p3PGMffMsecQRCWRmR2IQch/wwRhPfZfO1vXYb28DpGbooFQPqYLimq1wr/xTQ  
bIArR7alvoB/uZS0cDIOSm+DNml7svScDlbUe5NZCBm6SlNghhINnk6GM4zaLYLc  
5eMI4UnGOs8TJ7Xh7zK46Zf2ZFzRxNQKycXuULMHZrIQoVCQGBtiDCxIn7jC+1Xo  
u9XDfnnGHBVwSH+xZV/Im9wIJrS4l5G62IkAij9R2CHxbu2nZIPGfFvyvcqkfrBe  
ucZh2GxVElYoV2Ovx1IjYME3GpjoRTFODX5X6efoz0sJT/4tCkkQaPE047dgER0e  
ng/vMfuGd2+xizAezbzzc80yBnjYMgc9WnLCKFBpY2dJKt68In//q9dVeERqZ2Xi  
Va7tORAe1yEv0RxH/LrWwGXThwQA0T8W9h6EcJ5oj0ydwnfMJ56sTY/6g0GbwqcH  
CvAbaGxbfYqEHDmjmzF94bSXl0eQPV5fWdlfTjo902vNlalT77v0S6KrXSC8NtxR  
yqX08utf1gQ=zA94  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0032-01

Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.

------------------------------------------------------------------------------  
Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgery   
Vulnerabilities  
------------------------------------------------------------------------------

[-] Software Link:

https://tiki.org

[-] Affected Versions:

Version 25.0 and prior versions.

[-] Vulnerabilities Description:

1) The /tiki-importer.php script does not implement any protection   
against Cross-Site Request Forgery (CSRF) attacks. As such, an attacker   
might force an authenticated user to import arbitrary content (wiki   
pages) into TikiWiki by tricking a victim user into browsing to a   
specially crafted web page.

2) The /tiki-import_sheet.php script does not implement any protection   
against Cross-Site Request Forgery (CSRF) attacks. As such, an attacker   
might force an authenticated user to import arbitrary sheets into   
TikiWiki by tricking a victim user into browsing to a specially crafted   
web page. Successful exploitation of this vulnerability requires the   
“Spreadsheets” feature to be enabled.

[-] Solution:

No official solution is currently available.

[-] Disclosure Timeline:

[06/03/2022] - Vendor notified  
[09/01/2023] - Public disclosure

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2023-22852 to this vulnerability.

[-] Credits:

Vulnerabilities discovered by Egidio Romano.

[-] Original Advisory:

http://karmainsecurity.com/KIS-2023-01

Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery

Red Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:14 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:0050-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0050  
Issue date:        2023-01-09  
CVE Names:         CVE-2021-44906 CVE-2022-0235 CVE-2022-3517   
                   CVE-2022-24999 CVE-2022-43548   
=====================================================================

1. Summary:

An update for the nodejs:14 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version:  
nodejs (14.21.1), nodejs-nodemon (2.0.20).

Security Fix(es):

* minimist: prototype pollution (CVE-2021-44906)

* node-fetch: exposure of sensitive information to an unauthorized actor  
(CVE-2022-0235)

* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)

* express: "qs" prototype poisoning causes the hang of the node process  
(CVE-2022-24999)

* nodejs: DNS rebinding in inspect via invalid octal IP address  
(CVE-2022-43548)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor  
2066009 - CVE-2021-44906 minimist: prototype pollution  
2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function  
2140911 - CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address  
2142821 - nodejs:14/nodejs: Rebase to the latest Nodejs 14 release [rhel-8] [rhel-8.7.0.z]  
2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47.src.rpm  
nodejs-nodemon-2.0.20-2.module+el8.7.0+17528+a329cd47.src.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.src.rpm

aarch64:  
nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64.rpm  
nodejs-debuginfo-14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64.rpm  
nodejs-debugsource-14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64.rpm  
nodejs-devel-14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64.rpm  
nodejs-full-i18n-14.21.1-2.module+el8.7.0+17528+a329cd47.aarch64.rpm  
npm-6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.aarch64.rpm

noarch:  
nodejs-docs-14.21.1-2.module+el8.7.0+17528+a329cd47.noarch.rpm  
nodejs-nodemon-2.0.20-2.module+el8.7.0+17528+a329cd47.noarch.rpm  
nodejs-packaging-23-3.module+el8.3.0+6519+9f98ed83.noarch.rpm

ppc64le:  
nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le.rpm  
nodejs-debuginfo-14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le.rpm  
nodejs-debugsource-14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le.rpm  
nodejs-devel-14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le.rpm  
nodejs-full-i18n-14.21.1-2.module+el8.7.0+17528+a329cd47.ppc64le.rpm  
npm-6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.ppc64le.rpm

s390x:  
nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47.s390x.rpm  
nodejs-debuginfo-14.21.1-2.module+el8.7.0+17528+a329cd47.s390x.rpm  
nodejs-debugsource-14.21.1-2.module+el8.7.0+17528+a329cd47.s390x.rpm  
nodejs-devel-14.21.1-2.module+el8.7.0+17528+a329cd47.s390x.rpm  
nodejs-full-i18n-14.21.1-2.module+el8.7.0+17528+a329cd47.s390x.rpm  
npm-6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.s390x.rpm

x86_64:  
nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm  
nodejs-debuginfo-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm  
nodejs-debugsource-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm  
nodejs-devel-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm  
nodejs-full-i18n-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm  
npm-6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-44906  
https://access.redhat.com/security/cve/CVE-2022-0235  
https://access.redhat.com/security/cve/CVE-2022-3517  
https://access.redhat.com/security/cve/CVE-2022-24999  
https://access.redhat.com/security/cve/CVE-2022-43548  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7xCH9zjgjWX9erEAQj/5BAAlR+eSAZg87f6h+720loJFHsHEnLeGrfn  
0C+9A9QKNWR+FNsCzJssExG2p0xj1swv+KAYNBmoRwtwH29pva6YdmvpjE8Y51PR  
xqxsFC7/aSKHmKiYvX1uk3T9w1J3FatleQw8jeqc21dnqSmHUtALVZ3HAJv5+PWk  
yOmLDtHm89U7fnH6uXDb1APgqO0X5aHiME02iZ2Klm/gryHsxYqopKHasQpl/uPk  
QaZqC9UaF0/NbE5sLpZXUApurpTvLi1ZWUwqygC7tSNgYlBSQuqZTZCOiJCaGFJ0  
XYfyZwy0w5+XHGsEUOCaEweGWGGqmu0buB8nEkbmJJvEGSmr1qYL23PcWfmyC+v5  
B2fkQ/JF1zC8/nnYJmIY+TSxRB79X/LV3ScvQcgt1ew2j31ABWMFs84Wh5qDloNm  
IwzM8wp1doGrMJCyh2dXvVslTR+BI0Fa2KVSTiPMCqFOc4/L0eCeJqH3CG3KYXjZ  
IhARzZyNSf6pJUBkQM4s4/6ZQf0lcb86jMOJJU2pE220SRkZmNBm7e184HSd8ZoY  
7m5F8ZfuJO+YkfZ2uD7zD2wnj7ZPGwPsgiWdzx5w8YiEgY9u9Dav3lXa8sOl5tpa  
h6St/z+OBOZRSxmq6eqiYAFLWH135xeamDfKp6o8Iq8l6Ugg6kB5uk2rDia+adQ3  
12TfiLohAiE=  
=D0RF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0050-01

Ubuntu Security Notice 5796-1 - It was discovered that w3m incorrectly handled certain HTML files. A remote attacker could use this issue to cause w3m to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5796-1  
January 09, 2023

w3m vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

w3m could be made to crash or run programs as your login if it opened a  
malicious website.

Software Description:  
- w3m: WWW browsable pager with excellent tables/frames support

Details:

It was discovered that w3m incorrectly handled certain HTML files. A remote  
attacker could use this issue to cause w3m to crash, resulting in a denial  
of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   w3m                             0.5.3+git20220429-1ubuntu0.1

Ubuntu 22.04 LTS:  
   w3m                             0.5.3+git20210102-6ubuntu0.1

Ubuntu 20.04 LTS:  
   w3m                             0.5.3-37ubuntu0.1

Ubuntu 18.04 LTS:  
   w3m                             0.5.3-36ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5796-1  
   CVE-2022-38223

Package Information:  
   https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20220429-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/w3m/0.5.3+git20210102-6ubuntu0.1  
   https://launchpad.net/ubuntu/+source/w3m/0.5.3-37ubuntu0.1  
   https://launchpad.net/ubuntu/+source/w3m/0.5.3-36ubuntu0.1

Ubuntu Security Notice USN-5796-1

MOV.AI Robotics Engine version 2.2.3-3 suffers from multiple cross site scripting vulnerabilities.

    Vendor Name: MOV.AIProduct Name: MOV.AI Robotics EngineVendor Home Page:  https://www.mov.aiAffected Version(s): MOV.AI Robotics Engine v2.2.3-3Patch Release: MOV.AI Robotics Engine v2.2.3-4Patched Version Release: 22 September 2022Vulnerability Type: Reflected XSS (CWE-79)CVE Reference: CVE-2022-46620Author of Advisory: Thurein SoeVendor Description:MOV.AI is a Robotics Engine platform based on ROS. It is packaged in anintuitive web-based interface to develop autonomous mobile robots (AMRs)and automated guided vehicles (AGVs). It integrates with navigation,localization, calibration, and the enterprise-grade tools they need foradvanced automation.Vulnerability description:Post Reflected cross-site scripting (XSS) vulnerability in MOV.AI RoboticsEngine v2.2.3-3 version allowing an attacker to execute arbitraryjavascript in the context of RCS application due to inadequate sanitizationof user-supplied data. During the Assessment, it was possible to sendarbitrary JavaScript, and the server returned as part of an applicationresponse body due to insufficient input validation.Vulnerable Parameters:dashboard/users/admin2dashboard/groupsAdminBoardImpact:Cross-Site Scripting issues occur when an application uses untrusted datasupplied by untrusted users in a web browser without sufficient priorvalidation or escaping. A potential attacker can embed untrusted codewithin a client-side script to be executed by the browser whileinterpreting the page. Attackers utilize XSS vulnerabilities to executescripts in a legitimate user's browser leading to user credentials theft,session hijacking, website defacement, or redirection to malicious sites.References:https://www.immuniweb.com/vulnerability/cross-site-scripting.htmlDisclosure Timeline:06 July 2022: Found security vulnerability during a security assessment08 July 2022: Customer reported finding a security vulnerability to MOV.AI15 September 2022: further details of remediation steps sent to MOV.AI22 September 2022: Patch released for MOV.AI Customer by MOV.AICredits:Thurein Soe

MOV.AI Robotics Engine 2.2.3-3 Cross Site Scripting

Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5793-2  
January 09, 2023

linux-azure vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

It was discovered that the io_uring subsystem in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-3910)

It was discovered that a race condition existed in the Android Binder IPC  
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-20421)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

It was discovered that the sound subsystem in the Linux kernel contained a  
race condition in some situations. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2022-3303)

It was discovered that the Sunplus Ethernet driver in the Linux kernel  
contained a read-after-free vulnerability. An attacker could possibly use  
this to expose sensitive information (kernel memory) (CVE-2022-3541)

It was discovered that a memory leak existed in the Unix domain socket  
implementation of the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2022-3543)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3544, CVE-2022-3646)

Gwnaun Jung discovered that the SFB packet scheduling implementation in the  
Linux kernel contained a use-after-free vulnerability. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2022-3586)

It was discovered that the hugetlb implementation in the Linux kernel  
contained a race condition in some situations. A local attacker could use  
this to cause a denial of service (system crash) or expose sensitive  
information (kernel memory). (CVE-2022-3623)

Khalid Masum discovered that the NILFS2 file system implementation in the  
Linux kernel did not properly handle certain error conditions, leading to a  
use-after-free vulnerability. A local attacker could use this to cause a  
denial of service or possibly execute arbitrary code. (CVE-2022-3649)

It was discovered that a race condition existed in the MCTP implementation  
in the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-3977)

It was discovered that a race condition existed in the EFI capsule loader  
driver in the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-40307)

Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless  
driver in the Linux kernel contained a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-4095)

It was discovered that a race condition existed in the SMSC UFX USB driver  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in  
the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that the USB monitoring (usbmon) component in the Linux  
kernel did not properly set permissions on memory mapped in to user space  
processes. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   linux-image-5.19.0-1016-azure   5.19.0-1016.17  
   linux-image-azure               5.19.0.1016.12

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5793-2  
   https://ubuntu.com/security/notices/USN-5793-1  
   CVE-2022-20421, CVE-2022-2663, CVE-2022-3303, CVE-2022-3541,  
   CVE-2022-3543, CVE-2022-3544, CVE-2022-3586, CVE-2022-3623,  
   CVE-2022-3646, CVE-2022-3649, CVE-2022-3910, CVE-2022-3977,  
   CVE-2022-40307, CVE-2022-4095, CVE-2022-41849, CVE-2022-41850,  
   CVE-2022-43750

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-azure/5.19.0-1016.17

Ubuntu Security Notice USN-5793-2

An improper access control vulnerability in MOV.AI Robotics Engine version 2.2.3-3 allows an unauthenticated user to delete an existing user or create new user-privileged functionality in the application.

    Manufacturer: MOV.AIProduct Name: MOV.AI Robotics EngineVendor Home Page:  https://www.mov.ai/Affected Version(s): MOV.AI Robotics Engine v2.2.3-3Patch Release: MOV.AI Robotics Engine v2.2.3-4Patched Version Release: 22 September 2022Vulnerability Type: Improper Access Control (CWE-284)CVE Reference: CVE-2022-46621Author of Advisory: Thurein SoeVendor Description:MOV.AI is a Robotics Engine platform based on ROS. It is packaged in anintuitive web-based interface to develop autonomous mobile robots (AMRs)and automated guided vehicles (AGVs). It integrates with navigation,localization, calibration, and the enterprise-grade tools they need foradvanced automation.Vulnerability description:An improper access control vulnerability in MOV.AI Robotics Engine v2.2.3-3version allows an unauthenticated user to delete an existing user or createnew user-privileged functionality in the application upon successfullyauthenticated user logout from the application due to failure to terminatethe authenticated session immediately after authenticated user logout.References:https://www.immuniweb.com/vulnerability/improper-access-control.htmlhttps://www.cvedetails.com/cwe-details/284/Access-Control-Authorization-Issues.htmlDisclosure Timeline:06 July 2022: Found security vulnerability during a security assessment08 July 2022: Customer reported finding a security vulnerability to MOV.AI15 September 2022: further details of remediation steps sent to MOV.AI22 September 2022: Patch released for MOV.AI Customer by MOV.AICredits:Thurein Soe```Other submissions will send separately.Best RegardsThurein

MOV.AI Robotics Engine 2.2.3-3 Improper Access Control

Ubuntu Security Notice 5795-1 - It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5795-1  
January 09, 2023

net-snmp vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Net-SNMP could be made to crash if it received specially crafted network  
traffic.

Software Description:  
- net-snmp: SNMP (Simple Network Management Protocol) server and applications

Details:

It was discovered that Net-SNMP incorrectly handled certain requests. A  
remote attacker could possibly use these issues to cause Net-SNMP to crash,  
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   libsnmp40                       5.9.3+dfsg-1ubuntu1.2  
   snmp                            5.9.3+dfsg-1ubuntu1.2  
   snmpd                           5.9.3+dfsg-1ubuntu1.2

Ubuntu 22.04 LTS:  
   libsnmp40                       5.9.1+dfsg-1ubuntu2.4  
   snmp                            5.9.1+dfsg-1ubuntu2.4  
   snmpd                           5.9.1+dfsg-1ubuntu2.4

Ubuntu 20.04 LTS:  
   libsnmp35                       5.8+dfsg-2ubuntu2.6  
   snmp                            5.8+dfsg-2ubuntu2.6  
   snmpd                           5.8+dfsg-2ubuntu2.6

Ubuntu 18.04 LTS:  
   libsnmp30                       5.7.3+dfsg-1.8ubuntu3.8  
   snmp                            5.7.3+dfsg-1.8ubuntu3.8  
   snmpd                           5.7.3+dfsg-1.8ubuntu3.8

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5795-1  
   CVE-2022-44792, CVE-2022-44793

Package Information:  
   https://launchpad.net/ubuntu/+source/net-snmp/5.9.3+dfsg-1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/net-snmp/5.9.1+dfsg-1ubuntu2.4  
   https://launchpad.net/ubuntu/+source/net-snmp/5.8+dfsg-2ubuntu2.6  
   https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1.8ubuntu3.8

Source

Packet Storm