ISHACK AI BOT

Alma Linux: CVE-2023-45803: Moderate: python-urllib3 security update (Multiple Advisories) Severity 5 CVSS (AV:A/AC:M/Au:M/C:C/I:N/A:N) Published 10/17/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/30/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. Solution(s) alma-upgrade-fence-agents-aliyun alma-upgrade-fence-agents-all alma-upgrade-fence-agents-amt-ws alma-upgrade-fence-agents-apc alma-upgrade-fence-agents-apc-snmp alma-upgrade-fence-agents-aws alma-upgrade-fence-agents-azure-arm alma-upgrade-fence-agents-bladecenter alma-upgrade-fence-agents-brocade alma-upgrade-fence-agents-cisco-mds alma-upgrade-fence-agents-cisco-ucs alma-upgrade-fence-agents-common alma-upgrade-fence-agents-compute alma-upgrade-fence-agents-drac5 alma-upgrade-fence-agents-eaton-snmp alma-upgrade-fence-agents-emerson alma-upgrade-fence-agents-eps alma-upgrade-fence-agents-gce alma-upgrade-fence-agents-heuristics-ping alma-upgrade-fence-agents-hpblade alma-upgrade-fence-agents-ibm-powervs alma-upgrade-fence-agents-ibm-vpc alma-upgrade-fence-agents-ibmblade alma-upgrade-fence-agents-ifmib alma-upgrade-fence-agents-ilo-moonshot alma-upgrade-fence-agents-ilo-mp alma-upgrade-fence-agents-ilo-ssh alma-upgrade-fence-agents-ilo2 alma-upgrade-fence-agents-intelmodular alma-upgrade-fence-agents-ipdu alma-upgrade-fence-agents-ipmilan alma-upgrade-fence-agents-kdump alma-upgrade-fence-agents-kubevirt alma-upgrade-fence-agents-lpar alma-upgrade-fence-agents-mpath alma-upgrade-fence-agents-openstack alma-upgrade-fence-agents-redfish alma-upgrade-fence-agents-rhevm alma-upgrade-fence-agents-rsa alma-upgrade-fence-agents-rsb alma-upgrade-fence-agents-sbd alma-upgrade-fence-agents-scsi alma-upgrade-fence-agents-virsh alma-upgrade-fence-agents-vmware-rest alma-upgrade-fence-agents-vmware-soap alma-upgrade-fence-agents-wti alma-upgrade-fence-agents-zvm alma-upgrade-fence-virt alma-upgrade-fence-virtd alma-upgrade-fence-virtd-cpg alma-upgrade-fence-virtd-libvirt alma-upgrade-fence-virtd-multicast alma-upgrade-fence-virtd-serial alma-upgrade-fence-virtd-tcp alma-upgrade-ha-cloud-support alma-upgrade-python3-urllib3 alma-upgrade-python3.11-urllib3 alma-upgrade-resource-agents alma-upgrade-resource-agents-aliyun alma-upgrade-resource-agents-gcp alma-upgrade-resource-agents-paf References https://attackerkb.com/topics/cve-2023-45803 CVE - 2023-45803 https://errata.almalinux.org/8/ALSA-2024-0116.html https://errata.almalinux.org/8/ALSA-2024-11189.html https://errata.almalinux.org/8/ALSA-2024-2952.html https://errata.almalinux.org/8/ALSA-2024-2968.html https://errata.almalinux.org/9/ALSA-2024-0464.html https://errata.almalinux.org/9/ALSA-2024-11238.html https://errata.almalinux.org/9/ALSA-2024-2132.html View more

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22092): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22092

Huawei EulerOS: CVE-2023-45803: python-urllib3 security update Severity 5 CVSS (AV:A/AC:M/Au:M/C:C/I:N/A:N) Published 10/17/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/30/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. Solution(s) huawei-euleros-2_0_sp8-upgrade-python2-urllib3 huawei-euleros-2_0_sp8-upgrade-python3-urllib3 References https://attackerkb.com/topics/cve-2023-45803 CVE - 2023-45803 EulerOS-SA-2024-1296

FreeBSD: VID-D2AD7647-6DD9-11EE-85EB-84A93843EB75: Roundcube -- XSS vulnerability in SVG Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2023 Created 10/24/2023 Added 10/19/2023 Modified 10/19/2023 Description The Roundcube project reports: cross-site scripting (XSS) vulnerability in handling of SVG in HTML messages Solution(s) freebsd-upgrade-package-roundcube

Titan MFT: CVE-2023-45687: Session fixation on Remote Administration Server Severity 7 CVSS (AV:N/AC:M/Au:S/C:C/I:P/A:P) Published 10/16/2023 Created 10/16/2023 Added 10/16/2023 Modified 10/26/2023 Description When an administrator authenticates to the remote administration server's API using an `Authorization` header (HTTP basic or digest authentication) and sets a `SRTSession` header value to a value known by an attacker (including the literal string `null`), the session token is granted privileges that the attacker can use. Solution(s) titan-mft-october-updates References https://attackerkb.com/topics/cve-2023-45687 CVE - 2023-45687 https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690 https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/

Cisco XE: CVE-2023-20273: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 10/16/2023 Created 10/24/2023 Added 10/23/2023 Modified 11/14/2024 Description A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20273 CVE - 2023-20273 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z cisco-sa-iosxe-webui-privesc-j22SaA4z

Debian: CVE-2023-5561: wordpress -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/16/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack Solution(s) debian-upgrade-wordpress References https://attackerkb.com/topics/cve-2023-5561 CVE - 2023-5561 DLA-3658-1

Ubuntu: (Multiple Advisories) (CVE-2023-45898): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/16/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. Solution(s) ubuntu-upgrade-linux-image-6-5-0-1005-starfive ubuntu-upgrade-linux-image-6-5-0-1007-laptop ubuntu-upgrade-linux-image-6-5-0-1008-raspi ubuntu-upgrade-linux-image-6-5-0-1009-oem ubuntu-upgrade-linux-image-6-5-0-1010-azure ubuntu-upgrade-linux-image-6-5-0-1010-azure-fde ubuntu-upgrade-linux-image-6-5-0-1010-gcp ubuntu-upgrade-linux-image-6-5-0-1011-aws ubuntu-upgrade-linux-image-6-5-0-1013-oracle ubuntu-upgrade-linux-image-6-5-0-14-generic ubuntu-upgrade-linux-image-6-5-0-14-generic-64k ubuntu-upgrade-linux-image-6-5-0-14-lowlatency ubuntu-upgrade-linux-image-6-5-0-14-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual References https://attackerkb.com/topics/cve-2023-45898 CVE - 2023-45898 USN-6536-1 USN-6537-1 USN-6573-1

Debian: CVE-2023-42459: fastdds -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/16/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-fastdds References https://attackerkb.com/topics/cve-2023-42459 CVE - 2023-42459 DSA-5568-1

Cisco IOX XE unauthenticated OS command execution Disclosed 10/16/2023 Created 11/08/2023 Description This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary OS commands with root privileges. This module leverages CVE-2023-20198 to create a new admin user, then authenticating as this user, CVE-2023-20273 is leveraged for OS command injection. The output of the command is written to a file and read back via the webserver. Finally the output file is deleted and the admin user is removed. The vulnerable IOS XE versions are: 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2, 16.3.3, 16.3.1a, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.6.4s, 16.6.4a, 16.6.5a, 16.6.6, 16.6.5b, 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1s, 16.8.1c, 16.8.1d, 16.8.2, 16.8.1e, 16.8.3, 16.9.1, 16.9.2, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.1c, 16.9.1d, 16.9.3, 16.9.2a, 16.9.2s, 16.9.3h, 16.9.4, 16.9.3s, 16.9.3a, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.9.8b, 16.9.8c, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1s, 16.10.1c, 16.10.1e, 16.10.1d, 16.10.2, 16.10.1f, 16.10.1g, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.2, 16.11.1s, 16.11.1c, 16.12.1, 16.12.1s, 16.12.1a, 16.12.1c, 16.12.1w, 16.12.2, 16.12.1y, 16.12.2a, 16.12.3, 16.12.8, 16.12.2s, 16.12.1x, 16.12.1t, 16.12.2t, 16.12.4, 16.12.3s, 16.12.1z, 16.12.3a, 16.12.4a, 16.12.5, 16.12.6, 16.12.1z1, 16.12.5a, 16.12.5b, 16.12.1z2, 16.12.6a, 16.12.7, 16.12.9, 16.12.10, 17.1.1, 17.1.1a, 17.1.1s, 17.1.2, 17.1.1t, 17.1.3, 17.2.1, 17.2.1r, 17.2.1a, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.2, 17.3.3, 17.3.1a, 17.3.1w, 17.3.2a, 17.3.1x, 17.3.1z, 17.3.3a, 17.3.4, 17.3.5, 17.3.4a, 17.3.6, 17.3.4b, 17.3.4c, 17.3.5a, 17.3.5b, 17.3.7, 17.3.8, 17.4.1, 17.4.2, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.2, 17.6.1w, 17.6.1a, 17.6.1x, 17.6.3, 17.6.1y, 17.6.1z, 17.6.3a, 17.6.4, 17.6.1z1, 17.6.5, 17.6.6, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.10.1, 17.10.1a, 17.10.1b, 17.8.1, 17.8.1a, 17.9.1, 17.9.1w, 17.9.2, 17.9.1a, 17.9.1x, 17.9.1y, 17.9.3, 17.9.2a, 17.9.1x1, 17.9.3a, 17.9.4, 17.9.1y1, 17.11.1, 17.11.1a, 17.12.1, 17.12.1a, 17.11.99SW Author(s) sfewer-r7 Development Source Code History

Cisco IOX XE unauthenticated Command Line Interface (CLI) execution Disclosed 10/16/2023 Created 11/08/2023 Description This module leverages CVE-2023-20198 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary CLI commands with privilege level 15. You must specify the IOS command mode to execute a CLI command in. Valid modes are `user`, `privileged`, and `global`. To run a command in "Privileged" mode, set the `CMD` option to the command you want to run, e.g. `show version` and set the `MODE` to `privileged`.To run a command in "Global Configuration" mode, set the `CMD` option to the command you want to run,e.g. `username hax0r privilege 15 password hax0r` and set the `MODE` to `global`. The vulnerable IOS XE versions are: 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2, 16.3.3, 16.3.1a, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.6.4s, 16.6.4a, 16.6.5a, 16.6.6, 16.6.5b, 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1s, 16.8.1c, 16.8.1d, 16.8.2, 16.8.1e, 16.8.3, 16.9.1, 16.9.2, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.1c, 16.9.1d, 16.9.3, 16.9.2a, 16.9.2s, 16.9.3h, 16.9.4, 16.9.3s, 16.9.3a, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.9.8b, 16.9.8c, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1s, 16.10.1c, 16.10.1e, 16.10.1d, 16.10.2, 16.10.1f, 16.10.1g, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.2, 16.11.1s, 16.11.1c, 16.12.1, 16.12.1s, 16.12.1a, 16.12.1c, 16.12.1w, 16.12.2, 16.12.1y, 16.12.2a, 16.12.3, 16.12.8, 16.12.2s, 16.12.1x, 16.12.1t, 16.12.2t, 16.12.4, 16.12.3s, 16.12.1z, 16.12.3a, 16.12.4a, 16.12.5, 16.12.6, 16.12.1z1, 16.12.5a, 16.12.5b, 16.12.1z2, 16.12.6a, 16.12.7, 16.12.9, 16.12.10, 17.1.1, 17.1.1a, 17.1.1s, 17.1.2, 17.1.1t, 17.1.3, 17.2.1, 17.2.1r, 17.2.1a, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.2, 17.3.3, 17.3.1a, 17.3.1w, 17.3.2a, 17.3.1x, 17.3.1z, 17.3.3a, 17.3.4, 17.3.5, 17.3.4a, 17.3.6, 17.3.4b, 17.3.4c, 17.3.5a, 17.3.5b, 17.3.7, 17.3.8, 17.4.1, 17.4.2, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.2, 17.6.1w, 17.6.1a, 17.6.1x, 17.6.3, 17.6.1y, 17.6.1z, 17.6.3a, 17.6.4, 17.6.1z1, 17.6.5, 17.6.6, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.10.1, 17.10.1a, 17.10.1b, 17.8.1, 17.8.1a, 17.9.1, 17.9.1w, 17.9.2, 17.9.1a, 17.9.1x, 17.9.1y, 17.9.3, 17.9.2a, 17.9.1x1, 17.9.3a, 17.9.4, 17.9.1y1, 17.11.1, 17.11.1a, 17.12.1, 17.12.1a, 17.11.99SW Author(s) sfewer-r7 Development Source Code History

Cisco IOX XE Unauthenticated RCE Chain Disclosed 10/16/2023 Created 11/08/2023 Description This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute a payload with root privileges. The vulnerable IOS XE versions are: 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.2, 16.3.3, 16.3.1a, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.5, 16.6.4s, 16.6.4a, 16.6.5a, 16.6.6, 16.6.5b, 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1s, 16.8.1c, 16.8.1d, 16.8.2, 16.8.1e, 16.8.3, 16.9.1, 16.9.2, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.1c, 16.9.1d, 16.9.3, 16.9.2a, 16.9.2s, 16.9.3h, 16.9.4, 16.9.3s, 16.9.3a, 16.9.4c, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.9.8b, 16.9.8c, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1s, 16.10.1c, 16.10.1e, 16.10.1d, 16.10.2, 16.10.1f, 16.10.1g, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.2, 16.11.1s, 16.11.1c, 16.12.1, 16.12.1s, 16.12.1a, 16.12.1c, 16.12.1w, 16.12.2, 16.12.1y, 16.12.2a, 16.12.3, 16.12.8, 16.12.2s, 16.12.1x, 16.12.1t, 16.12.2t, 16.12.4, 16.12.3s, 16.12.1z, 16.12.3a, 16.12.4a, 16.12.5, 16.12.6, 16.12.1z1, 16.12.5a, 16.12.5b, 16.12.1z2, 16.12.6a, 16.12.7, 16.12.9, 16.12.10, 17.1.1, 17.1.1a, 17.1.1s, 17.1.2, 17.1.1t, 17.1.3, 17.2.1, 17.2.1r, 17.2.1a, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.2, 17.3.3, 17.3.1a, 17.3.1w, 17.3.2a, 17.3.1x, 17.3.1z, 17.3.3a, 17.3.4, 17.3.5, 17.3.4a, 17.3.6, 17.3.4b, 17.3.4c, 17.3.5a, 17.3.5b, 17.3.7, 17.3.8, 17.4.1, 17.4.2, 17.4.1a, 17.4.1b, 17.4.1c, 17.4.2a, 17.5.1, 17.5.1a, 17.5.1b, 17.5.1c, 17.6.1, 17.6.2, 17.6.1w, 17.6.1a, 17.6.1x, 17.6.3, 17.6.1y, 17.6.1z, 17.6.3a, 17.6.4, 17.6.1z1, 17.6.5, 17.6.6, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.10.1, 17.10.1a, 17.10.1b, 17.8.1, 17.8.1a, 17.9.1, 17.9.1w, 17.9.2, 17.9.1a, 17.9.1x, 17.9.1y, 17.9.3, 17.9.2a, 17.9.1x1, 17.9.3a, 17.9.4, 17.9.1y1, 17.11.1, 17.11.1a, 17.12.1, 17.12.1a, 17.11.99SW Author(s) sfewer-r7 Platform Linux,Unix Architectures cmd Development Source Code History

SUSE: CVE-2023-40660: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/16/2023 Created 10/17/2023 Added 10/17/2023 Modified 01/28/2025 Description A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. Solution(s) suse-upgrade-opensc suse-upgrade-opensc-32bit References https://attackerkb.com/topics/cve-2023-40660 CVE - 2023-40660

Cisco XE: CVE-2023-20198: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/16/2023 Created 10/17/2023 Added 10/17/2023 Modified 11/14/2024 Description Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2023-20198 CVE - 2023-20198 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z cisco-sa-iosxe-webui-privesc-j22SaA4z

Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2023-44487: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/16/2023 Created 10/05/2024 Added 09/30/2024 Modified 02/14/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) cisco-telepresence-expressway-upgrade-latest References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ cisco-sa-http2-reset-d8Kf32vZ

Cisco NX-OS: CVE-2023-44487: HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/16/2023 Created 04/18/2024 Added 04/15/2024 Modified 11/14/2024 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ cisco-sa-http2-reset-d8Kf32vZ

Oracle Linux: CVE-2023-7250: ELSA-2024-4241:iperf3 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/16/2023 Created 07/04/2024 Added 07/03/2024 Modified 12/05/2024 Description A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. Solution(s) oracle-linux-upgrade-iperf3 References https://attackerkb.com/topics/cve-2023-7250 CVE - 2023-7250 ELSA-2024-4241 ELSA-2024-9185

Wordpress: CVE-2023-5561: Unspecified Security Vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/16/2023 Created 10/27/2023 Added 10/26/2023 Modified 01/28/2025 Description WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack Solution(s) misc-no-solution-exists References https://attackerkb.com/topics/cve-2023-5561 CVE - 2023-5561

Huawei EulerOS: CVE-2023-45871: kernel security update Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-45871 CVE - 2023-45871 EulerOS-SA-2023-3336

Red Hat: CVE-2018-25091: urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 10/15/2023 Created 05/24/2024 Added 05/23/2024 Modified 05/23/2024 Description urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2018-25091 RHSA-2024:2988

SUSE: CVE-2023-45871: SUSE Linux Security Advisory Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 10/15/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-45871 CVE - 2023-45871

Debian: CVE-2018-25091: python-urllib3 -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/15/2023 Created 10/17/2023 Added 10/17/2023 Modified 01/28/2025 Description urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). Solution(s) debian-upgrade-python-urllib3 References https://attackerkb.com/topics/cve-2018-25091 CVE - 2018-25091 DLA-3610-1

Oracle Linux: CVE-2023-5178: ELSA-2023-13043: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/15/2023 Created 12/05/2023 Added 12/02/2023 Modified 01/23/2025 Description A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-5178 CVE - 2023-5178 ELSA-2023-13043 ELSA-2023-13049 ELSA-2024-12094 ELSA-2023-13044 ELSA-2024-0461 ELSA-2023-13048 ELSA-2023-7549 View more

VMware Photon OS: CVE-2023-45871 Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 10/15/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-45871 CVE - 2023-45871

Gentoo Linux: CVE-2023-45853: zlib: Buffer Overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/14/2023 Created 01/17/2024 Added 01/16/2024 Modified 01/28/2025 Description MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. Solution(s) gentoo-linux-upgrade-sys-libs-zlib References https://attackerkb.com/topics/cve-2023-45853 CVE - 2023-45853 202401-18