Gentoo Linux Security Advisory 202408-13 - A vulnerability has been discovered in Nokogiri, which can lead to a denial of service. Versions greater than or equal to 1.13.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-13  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Nokogiri: Denial of Service  
     Date: August 07, 2024  
     Bugs: #884863  
       ID: 202408-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Nokogiri, which can lead to a  
denial of service.

Background  
==========

Nokogiri is an HTML, XML, SAX, and Reader parser.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
dev-ruby/nokogiri  < 1.13.10     >= 1.13.10

Description  
===========

A denial of service vulnerability has been discovered in Nokogiri.  
Please review the CVE identifier referenced below for details.

Impact  
======

Nokogiri fails to check the return value from `xmlTextReaderExpand` in  
the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a  
null pointer exception when invalid markup is being parsed. For  
applications using `XML::Reader` to parse untrusted inputs, this may  
potentially be a vector for a denial of service attack.

Workaround  
==========

Users may be able to search their code for calls to either  
`XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if  
they are affected.

Resolution  
==========

All Nokogiri users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.10"

References  
==========

[ 1 ] CVE-2022-23476  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23476

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-13

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-13

Gentoo Linux Security Advisory 202408-12 - A vulnerability has been discovered in Bitcoin, which can lead to a denial of service. Versions greater than or equal to 25.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Bitcoin: Denial of Service  
     Date: August 07, 2024  
     Bugs: #908084  
       ID: 202408-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Bitcoin, which can lead to a  
denial of service.

Background  
==========

Bitcoin Core consists of both "full-node" software for fully validating  
the blockchain as well as a bitcoin wallet.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-p2p/bitcoind  < 25.0        >= 25.0

Description  
===========

Please review the CVE identifier referenced below for details.

Impact  
======

Bitcoin Core, when debug mode is not used, allows attackers to cause a  
denial of service (CPU consumption) because draining the inventory-to-  
send queue is inefficient, as exploited in the wild in May 2023.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Bitcoin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-p2p/bitcoind-25.0"

References  
==========

[ 1 ] CVE-2023-33297  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33297

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-12

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-12

Gentoo Linux Security Advisory 202408-11 - Multiple vulnerabilities have been discovered in aiohttp, the worst of which could lead to service compromise. Versions greater than or equal to 3.9.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: aiohttp: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #918541, #918968, #931097  
       ID: 202408-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in aiohttp, the worst of  
which could lead to service compromise.

Background  
==========

aiohttp is an asynchronous HTTP client/server framework for asyncio and  
Python.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
dev-python/aiohttp  < 3.9.4       >= 3.9.4

Description  
===========

Multiple vulnerabilities have been discovered in aiohttp. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All aiohttp users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.9.4"

References  
==========

[ 1 ] CVE-2023-47641  
      https://nvd.nist.gov/vuln/detail/CVE-2023-47641  
[ 2 ] CVE-2023-49082  
      https://nvd.nist.gov/vuln/detail/CVE-2023-49082  
[ 3 ] CVE-2024-30251  
      https://nvd.nist.gov/vuln/detail/CVE-2024-30251

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-11

Gentoo Linux Security Advisory 202408-10 - Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service. Versions greater than or equal to 1.61.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: nghttp2: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #915554, #928541  
       ID: 202408-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in nghttp2, the worst of  
which could lead to a denial of service.

Background  
==========

Nghttp2 is an implementation of HTTP/2 and its header compression  
algorithm HPACK in C.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-libs/nghttp2  < 1.61.0      >= 1.61.0

Description  
===========

Multiple vulnerabilities have been discovered in nghttp2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All nghttp2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/nghttp2-1.61.0"

References  
==========

[ 1 ] CVE-2023-44487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44487  
[ 2 ] CVE-2024-28182  
      https://nvd.nist.gov/vuln/detail/CVE-2024-28182

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-10

Gentoo Linux Security Advisory 202408-9 - Multiple vulnerabilities have been discovered in Cairo, the worst of which a denial of service. Versions greater than or equal to 1.18.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Cairo: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #717778  
       ID: 202408-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Cairo, the worst of  
which a denial of service.

Background  
==========

Cairo is a 2D vector graphics library with cross-device output support.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
x11-libs/cairo  < 1.18.0      >= 1.18.0

Description  
===========

Multiple vulnerabilities have been discovered in Cairo. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Cairo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.18.0"

References  
==========

[ 1 ] CVE-2019-6461  
      https://nvd.nist.gov/vuln/detail/CVE-2019-6461  
[ 2 ] CVE-2019-6462  
      https://nvd.nist.gov/vuln/detail/CVE-2019-6462

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-09

Red Hat Security Advisory 2024-5065-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5065.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:5065-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5065  
Issue date:         2024-08-07  
Revision:           03  
CVE Names:          CVE-2021-47393  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: drm: Don't unref the same fb many times by mistake due to deadlock handling (CVE-2023-52486)

* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

* kernel: vfio/pci: Lock external INTx masking ops (CVE-2024-26810)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (CVE-2024-26870)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (CVE-2024-35789)

* kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)

* kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (CVE-2021-47393)

* kernel: net/mlx5: Discard command completions in internal error (CVE-2024-38555)

* kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (CVE-2024-33621)

* kernel: tls: fix missing memory barrier in tls_init (CVE-2024-36489)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47393

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2269070  
https://bugzilla.redhat.com/show_bug.cgi?id=2270100  
https://bugzilla.redhat.com/show_bug.cgi?id=2273654  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2275711  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281968  
https://bugzilla.redhat.com/show_bug.cgi?id=2282345  
https://bugzilla.redhat.com/show_bug.cgi?id=2293444  
https://bugzilla.redhat.com/show_bug.cgi?id=2293657  
https://bugzilla.redhat.com/show_bug.cgi?id=2293687

Red Hat Security Advisory 2024-5065-03

Gentoo Linux Security Advisory 202408-8 - A vulnerability has been discovered in json-c, which can lead to a stack buffer overflow. Versions greater than or equal to 0.16 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: json-c: Buffer Overflow  
     Date: August 07, 2024  
     Bugs: #918555  
       ID: 202408-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in json-c, which can lead to a stack  
buffer overflow.

Background  
==========

json-c is a JSON implementation in C.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
dev-libs/json-c  < 0.16        >= 0.16

Description  
===========

Please review the CVE identifier referenced below for details.

Impact  
======

A stack-buffer-overflow exists in the auxiliary sample program  
json_parse which is located in the function parseit.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All json-c users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/json-c-0.16"

References  
==========

[ 1 ] CVE-2021-32292  
      https://nvd.nist.gov/vuln/detail/CVE-2021-32292

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-08

Gentoo Linux Security Advisory 202408-7 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service. Versions greater than or equal to 1.22.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Go: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #906043, #919310, #926530, #928539, #931602  
       ID: 202408-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Go, the worst of which  
could lead to information leakage or a denial of service.

Background  
==========

Go is an open source programming language that makes it easy to build  
simple, reliable, and efficient software.

Affected packages  
=================

Package      Vulnerable    Unaffected  
-----------  ------------  ------------  
dev-lang/go  < 1.22.3      >= 1.22.3

Description  
===========

Multiple vulnerabilities have been discovered in Go. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Go users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-lang/go-1.22.3"

Due to Go programs typically being statically compiled, Go users should  
also recompile the reverse dependencies of the Go language to ensure  
statically linked programs are remediated:

  # emerge --ask --oneshot --verbose @golang-rebuild

References  
==========

[ 1 ] CVE-2023-24539  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24539  
[ 2 ] CVE-2023-24540  
      https://nvd.nist.gov/vuln/detail/CVE-2023-24540  
[ 3 ] CVE-2023-29400  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29400  
[ 4 ] CVE-2023-39326  
      https://nvd.nist.gov/vuln/detail/CVE-2023-39326  
[ 5 ] CVE-2023-45283  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45283  
[ 6 ] CVE-2023-45285  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45285  
[ 7 ] CVE-2023-45288  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45288  
[ 8 ] CVE-2023-45289  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45289  
[ 9 ] CVE-2023-45290  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45290  
[ 10 ] CVE-2024-24783  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24783  
[ 11 ] CVE-2024-24784  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24784  
[ 12 ] CVE-2024-24785  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24785  
[ 13 ] CVE-2024-24788  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24788

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-07

Gentoo Linux Security Advisory 202408-5 - Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution. Versions greater than or equal to 7.2.4 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202408-05- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal    Title: Redis: Multiple Vulnerabilities     Date: August 07, 2024     Bugs: #891169, #898464, #902501, #904486, #910191, #913741, #915989, #921662       ID: 202408-05- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been discovered in Redis, the worst ofwhich may lead to a denial of service or possible remote code execution.Background==========Redis is an open source (BSD licensed), in-memory data structure store,used as a database, cache and message broker.Affected packages=================Package       Vulnerable    Unaffected------------  ------------  ------------dev-db/redis  < 7.2.4       >= 7.2.4Description===========Multiple vulnerabilities have been discovered in Redis. Please reviewthe CVE identifiers referenced below for details.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All Redis users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=dev-db/redis-7.2.4"References==========[ 1 ] CVE-2022-24834      https://nvd.nist.gov/vuln/detail/CVE-2022-24834[ 2 ] CVE-2022-35977      https://nvd.nist.gov/vuln/detail/CVE-2022-35977[ 3 ] CVE-2022-36021      https://nvd.nist.gov/vuln/detail/CVE-2022-36021[ 4 ] CVE-2023-22458      https://nvd.nist.gov/vuln/detail/CVE-2023-22458[ 5 ] CVE-2023-25155      https://nvd.nist.gov/vuln/detail/CVE-2023-25155[ 6 ] CVE-2023-28425      https://nvd.nist.gov/vuln/detail/CVE-2023-28425[ 7 ] CVE-2023-28856      https://nvd.nist.gov/vuln/detail/CVE-2023-28856[ 8 ] CVE-2023-36824      https://nvd.nist.gov/vuln/detail/CVE-2023-36824[ 9 ] CVE-2023-41053      https://nvd.nist.gov/vuln/detail/CVE-2023-41053[ 10 ] CVE-2023-41056      https://nvd.nist.gov/vuln/detail/CVE-2023-41056[ 11 ] CVE-2023-45145      https://nvd.nist.gov/vuln/detail/CVE-2023-45145Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202408-05Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-05

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

Posted Aug 7, 2024

Authored by indoushka

Covid-19 Directory on Vaccination System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 8c38f4e680e6513d62d4303a51a4d7e3eaa5a7bb80e3e87ce8e510bba268a0b9

Download | Favorite | View

**Covid-19 Directory On Vaccination System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,289)
*   Arbitrary (16,852)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,792)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,386)
*   DoS (25,050)
*   Encryption (2,389)
*   Exploit (53,137)
*   File Inclusion (4,259)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,889)
*   Intrusion Detection (915)
*   Java (3,143)
*   JavaScript (896)
*   Kernel (7,191)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,167)
*   Perl (1,435)
*   PHP (5,222)
*   Proof of Concept (2,382)
*   Protocol (3,724)
*   Python (1,635)
*   Remote (31,646)
*   Root (3,635)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,605)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,941)
*   Web (9,960)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,090)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,547)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,646)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,459)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,729)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,670)
*   Other

Tag

#mac