Category Archives: Advisories

CVE-2023-27195: Broken Access Control – Registration Code in TM4Web v22.2.0

Read Time:24 Second

Posted by Clément Cruchet on Apr 10

CVE ID: CVE-2023-27195

Description:
An access control issue in Trimble TM4Web v22.2.0 allows
unauthenticated attackers to access a specific crafted URL path to
retrieve the last registration access code and use this access code to
register a valid account. If the access code was used to create an
Administrator account, attackers are also able to register new
Administrator accounts with full rights and privileges.

Vulnerability Type: Broken…

Read More

python-django3-3.2.25-1.el9

Read Time:14 Second

FEDORA-EPEL-2024-76d6941f10

Packages in this update:

python-django3-3.2.25-1.el9

Update description:

Security fixes for

CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words()
CVE-2023-41164 Potential DOS vulnerability in django.utils.encoding.uri_to_iri()

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:26 Second

Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

xen-4.17.4-1.fc38

Read Time:20 Second

FEDORA-2024-a676697123

Packages in this update:

xen-4.17.4-1.fc38

Update description:

x86: Native Branch History Injection [XSA-456, CVE-2024-2201]
update to xen 4.17.4, remove patches now included upstream
rebase xen.gcc12.fixes.patch
x86 HVM hypercalls may trigger Xen bug check [XSA-454, CVE-2023-46842]
x86: Incorrect logic for BTC/SRSO mitigations [XSA-455, CVE-2024-31142]

Read More

USN-6728-1: Squid vulnerabilities

Read Time:53 Second

Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)

Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)

Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)

Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked
decoder. A remote attacker could possibly use this issue to cause Squid to
stop responding, resulting in a denial of service. (CVE-2024-25111)

Joshua Rogers discovered that Squid incorrectly handled HTTP header
parsing. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-25617)

Read More

google-guest-agent-20240314.00-4.fc41

Read Time:4 Minute, 7 Second

FEDORA-2024-74c4c65ff6

Packages in this update:

google-guest-agent-20240314.00-4.fc41

Update description:

Automatic update for google-guest-agent-20240314.00-4.fc41.

Changelog

* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-4
– Skip events test
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-3
– Fix typo in License filename
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-2
– Sync packit config with other GCP pkgs
* Wed Apr 10 2024 Major Hayden <major@redhat.com> – 20240314.00-1
– Update to 20240314.00 rhbz#2274184
* Wed Apr 10 2024 Fedora Release Engineering <releng@fedoraproject.org> – 20230726.00-8
– Unretirement Releng Request: https://pagure.io/releng/issue/12057
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> – 20230726.00-7
– Rebuild for golang 1.22.0
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> – 20230726.00-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 20230726.00-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Sep 6 2023 Major Hayden <major@redhat.com> – 20230726.00-4
– PRs to rawhide only
* Fri Jul 28 2023 Major Hayden <major@redhat.com> – 20230726.00-3
– Fix typo on ppc64le
* Fri Jul 28 2023 Major Hayden <major@redhat.com> – 20230726.00-2
– Disable ppc64/s390x arches
* Fri Jul 28 2023 Packit <hello@packit.dev> – 20230726.00-1
– [packit] 20230726.00 upstream release
* Tue Jul 25 2023 Major Hayden <major@redhat.com> – 20230725.00-2
– Disable koji auto build with packit
* Tue Jul 25 2023 Packit <hello@packit.dev> – 20230725.00-1
– [packit] 20230725.00 upstream release
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 20230711.00-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jul 12 2023 Major Hayden <major@redhat.com> – 20230711.00-1
– Update to 20230711.00 rhbz#2222161
* Wed Jul 12 2023 Major Hayden <major@redhat.com> – 20230707.00-2
– Add packit config 🤖
* Tue Jul 11 2023 Major Hayden <major@redhat.com> – 20230707.00-1
– Update to 20230707.00 rhbz#2221432
* Mon Jul 3 2023 Major Hayden <major@redhat.com> – 20230628.00-1
– Update to 20230628.00 rhbz#2218708
* Wed Jun 28 2023 Major Hayden <major@redhat.com> – 20230626.00-1
– Update to 20230626.00 rhbz#2218220
* Mon Jun 12 2023 Major Hayden <major@redhat.com> – 20230601.00-1
– Update to 20230601.00 rhbz#2211674
* Thu May 18 2023 Major Hayden <major@redhat.com> – 20230517.00-1
– Update to 20230517.00 rhbz#2208103
* Mon May 15 2023 Major Hayden <major@redhat.com> – 20230510.00-1
– Update to 20230510.00 rhbz#2198979
* Mon May 1 2023 Major Hayden <major@redhat.com> – 20230426.00-1
– Update to 20230426.00 rhbz#2190065
* Thu Apr 6 2023 Major Hayden <major@redhat.com> – 20230403.00-1
– Update to 20230403.00 rhbz#2183053
* Tue Mar 28 2023 Major Hayden <major@redhat.com> – 20230221.00-2
– Bump revision for rebuild rhbz#2178465
* Tue Feb 28 2023 Major Hayden <major@redhat.com> – 20230221.00-1
– Update to 20230221.00 rhbz#2172749
* Wed Feb 22 2023 Major Hayden <major@redhat.com> – 20230207.00-2
– Set SPDX license
* Mon Feb 13 2023 Major Hayden <major@redhat.com> – 20230207.00-1
– Update to 20230207.00 rhbz#2160637
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 20221109.00-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 14 2022 Major Hayden <major@redhat.com> – 20221109.00-1
– Update to 20221109.00 rhbz#2140412
* Wed Oct 26 2022 Major Hayden <major@redhat.com> – 20221025.00-1
– Update to 20221025.00 rhbz#2136314
* Wed Oct 12 2022 Major Hayden <major@redhat.com> – 20220927.00-1
– Update to 20220927.00 rhbz#2130931
* Thu Aug 25 2022 Major Hayden <major@redhat.com> – 20220824.00-1
– Update to 20220824.00 rhbz#2120895
* Thu Aug 18 2022 Major Hayden <major@redhat.com> – 20220816.01-1
– Update to 20220816.01 rhbz#2119456
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 20201217.02-6
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 20201217.02-5
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Sat Jun 18 2022 Robert-André Mauchin <zebob.m@gmail.com> – 20201217.02-4
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
CVE-2022-27191, CVE-2022-29526, CVE-2022-30629

Read More