ISHACK AI BOT

Oracle Linux: CVE-2018-25091: ELSA-2024-2988:container-tools:ol8 security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 10/15/2023 Created 07/26/2024 Added 07/22/2024 Modified 01/07/2025 Description urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). A flaw was found in the urllib3 package. Affected versions of this package are vulnerable to information exposure through sent data when the authorization HTTP header is not removed during a cross-origin redirect. An attacker can expose credentials in the authorization header to unintended hosts or transmit them in clear text by exploiting the incomplete fix for CVE-2018-20060. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2018-25091 CVE - 2018-25091 ELSA-2024-2988

FreeBSD: VID-1F0D0024-AC9C-11EE-8E91-1C697A013F4B (CVE-2023-44394): mantis -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 10/14/2023 Created 01/12/2024 Added 01/10/2024 Modified 01/28/2025 Description MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). Solution(s) freebsd-upgrade-package-mantis-php74 freebsd-upgrade-package-mantis-php80 freebsd-upgrade-package-mantis-php81 freebsd-upgrade-package-mantis-php82 freebsd-upgrade-package-mantis-php83 References CVE-2023-44394

Ubuntu: USN-7107-1 (CVE-2023-45853): zlib vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/14/2023 Created 11/15/2024 Added 11/14/2024 Modified 01/28/2025 Description MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. Solution(s) ubuntu-pro-upgrade-lib32z1 ubuntu-pro-upgrade-lib32z1-dev ubuntu-pro-upgrade-libx32z1 ubuntu-pro-upgrade-libx32z1-dev ubuntu-pro-upgrade-zlib-bin ubuntu-pro-upgrade-zlib1g ubuntu-pro-upgrade-zlib1g-dev References https://attackerkb.com/topics/cve-2023-45853 CVE - 2023-45853 USN-7107-1

Ubuntu: (Multiple Advisories) (CVE-2023-45863): Linux kernel (AWS) vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 10/14/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1127-oracle ubuntu-upgrade-linux-image-4-15-0-1148-kvm ubuntu-upgrade-linux-image-4-15-0-1158-gcp ubuntu-upgrade-linux-image-4-15-0-1164-aws ubuntu-upgrade-linux-image-4-15-0-1173-azure ubuntu-upgrade-linux-image-4-15-0-221-generic ubuntu-upgrade-linux-image-4-15-0-221-lowlatency ubuntu-upgrade-linux-image-4-4-0-1127-aws ubuntu-upgrade-linux-image-4-4-0-1128-kvm ubuntu-upgrade-linux-image-4-4-0-1164-aws ubuntu-upgrade-linux-image-4-4-0-250-generic ubuntu-upgrade-linux-image-4-4-0-250-lowlatency ubuntu-upgrade-linux-image-5-4-0-1030-iot ubuntu-upgrade-linux-image-5-4-0-1037-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1065-ibm ubuntu-upgrade-linux-image-5-4-0-1078-bluefield ubuntu-upgrade-linux-image-5-4-0-1085-gkeop ubuntu-upgrade-linux-image-5-4-0-1102-raspi ubuntu-upgrade-linux-image-5-4-0-1106-kvm ubuntu-upgrade-linux-image-5-4-0-1117-oracle ubuntu-upgrade-linux-image-5-4-0-1118-aws ubuntu-upgrade-linux-image-5-4-0-1122-gcp ubuntu-upgrade-linux-image-5-4-0-1123-azure ubuntu-upgrade-linux-image-5-4-0-171-generic ubuntu-upgrade-linux-image-5-4-0-171-generic-lpae ubuntu-upgrade-linux-image-5-4-0-171-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-45863 CVE - 2023-45863 USN-6577-1 USN-6602-1 USN-6604-1 USN-6604-2 USN-6625-1 USN-6625-2 USN-6625-3 View more

Amazon Linux AMI 2: CVE-2023-45853: Security patch for zlib (ALAS-2023-2320) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/14/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. Solution(s) amazon-linux-ami-2-upgrade-minizip amazon-linux-ami-2-upgrade-minizip-devel amazon-linux-ami-2-upgrade-zlib amazon-linux-ami-2-upgrade-zlib-debuginfo amazon-linux-ami-2-upgrade-zlib-devel amazon-linux-ami-2-upgrade-zlib-static References https://attackerkb.com/topics/cve-2023-45853 AL2/ALAS-2023-2320 CVE - 2023-45853

Amazon Linux AMI 2: CVE-2023-45863: Security patch for kernel (ALASKERNEL-5.15-2023-015) Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 10/14/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-102-61-139 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-45863 AL2/ALASKERNEL-5.15-2023-015 CVE - 2023-45863

Amazon Linux 2023: CVE-2023-38552: Important priority package update for nodejs Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/13/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check. Solution(s) amazon-linux-2023-upgrade-nodejs amazon-linux-2023-upgrade-nodejs-debuginfo amazon-linux-2023-upgrade-nodejs-debugsource amazon-linux-2023-upgrade-nodejs-devel amazon-linux-2023-upgrade-nodejs-docs amazon-linux-2023-upgrade-nodejs-full-i18n amazon-linux-2023-upgrade-nodejs-libs amazon-linux-2023-upgrade-nodejs-libs-debuginfo amazon-linux-2023-upgrade-nodejs-npm amazon-linux-2023-upgrade-v8-10-2-devel References https://attackerkb.com/topics/cve-2023-38552 CVE - 2023-38552 https://alas.aws.amazon.com/AL2023/ALAS-2023-412.html

Rocky Linux: CVE-2023-5557: tracker-miners (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 10/13/2023 Created 03/07/2024 Added 08/28/2024 Modified 01/28/2025 Description A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. Solution(s) rocky-upgrade-tracker-miners rocky-upgrade-tracker-miners-debuginfo rocky-upgrade-tracker-miners-debugsource References https://attackerkb.com/topics/cve-2023-5557 CVE - 2023-5557 https://errata.rockylinux.org/RLSA-2023:7712 https://errata.rockylinux.org/RLSA-2023:7732

Red Hat: CVE-2023-5557: tracker-miners: sandbox escape (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 10/13/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/28/2025 Description A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. Solution(s) redhat-upgrade-tracker-miners redhat-upgrade-tracker-miners-debuginfo redhat-upgrade-tracker-miners-debugsource References CVE-2023-5557 RHSA-2023:7712 RHSA-2023:7713 RHSA-2023:7730 RHSA-2023:7732 RHSA-2023:7733 RHSA-2023:7744 View more

Oracle Linux: CVE-2023-45803: ELSA-2024-2988:container-tools:ol8 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:A/AC:H/Au:M/C:C/I:N/A:N) Published 10/13/2023 Created 01/13/2024 Added 01/11/2024 Modified 01/07/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fence-agents-all oracle-linux-upgrade-fence-agents-amt-ws oracle-linux-upgrade-fence-agents-apc oracle-linux-upgrade-fence-agents-apc-snmp oracle-linux-upgrade-fence-agents-bladecenter oracle-linux-upgrade-fence-agents-brocade oracle-linux-upgrade-fence-agents-cisco-mds oracle-linux-upgrade-fence-agents-cisco-ucs oracle-linux-upgrade-fence-agents-common oracle-linux-upgrade-fence-agents-compute oracle-linux-upgrade-fence-agents-drac5 oracle-linux-upgrade-fence-agents-eaton-snmp oracle-linux-upgrade-fence-agents-emerson oracle-linux-upgrade-fence-agents-eps oracle-linux-upgrade-fence-agents-heuristics-ping oracle-linux-upgrade-fence-agents-hpblade oracle-linux-upgrade-fence-agents-ibmblade oracle-linux-upgrade-fence-agents-ibm-powervs oracle-linux-upgrade-fence-agents-ibm-vpc oracle-linux-upgrade-fence-agents-ifmib oracle-linux-upgrade-fence-agents-ilo2 oracle-linux-upgrade-fence-agents-ilo-moonshot oracle-linux-upgrade-fence-agents-ilo-mp oracle-linux-upgrade-fence-agents-ilo-ssh oracle-linux-upgrade-fence-agents-intelmodular oracle-linux-upgrade-fence-agents-ipdu oracle-linux-upgrade-fence-agents-ipmilan oracle-linux-upgrade-fence-agents-kdump oracle-linux-upgrade-fence-agents-kubevirt oracle-linux-upgrade-fence-agents-lpar oracle-linux-upgrade-fence-agents-mpath oracle-linux-upgrade-fence-agents-redfish oracle-linux-upgrade-fence-agents-rhevm oracle-linux-upgrade-fence-agents-rsa oracle-linux-upgrade-fence-agents-rsb oracle-linux-upgrade-fence-agents-sbd oracle-linux-upgrade-fence-agents-scsi oracle-linux-upgrade-fence-agents-virsh oracle-linux-upgrade-fence-agents-vmware-rest oracle-linux-upgrade-fence-agents-vmware-soap oracle-linux-upgrade-fence-agents-wti oracle-linux-upgrade-fence-virt oracle-linux-upgrade-fence-virtd oracle-linux-upgrade-fence-virtd-cpg oracle-linux-upgrade-fence-virtd-libvirt oracle-linux-upgrade-fence-virtd-multicast oracle-linux-upgrade-fence-virtd-serial oracle-linux-upgrade-fence-virtd-tcp oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-11-urllib3 oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-python3-urllib3 oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2023-45803 CVE - 2023-45803 ELSA-2024-2988 ELSA-2024-0116 ELSA-2024-0464 ELSA-2024-2132 ELSA-2024-2968 ELSA-2024-11189 ELSA-2024-11238 View more

Oracle Linux: CVE-2023-39332: ELSA-2023-7205:nodejs:20 security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/13/2023 Created 11/25/2023 Added 11/23/2023 Modified 01/08/2025 Description Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer objects (see CVE-2023-32004), but not through non-Buffer Uint8Array objects. Solution(s) oracle-linux-upgrade-nodejs oracle-linux-upgrade-nodejs-devel oracle-linux-upgrade-nodejs-docs oracle-linux-upgrade-nodejs-full-i18n oracle-linux-upgrade-nodejs-nodemon oracle-linux-upgrade-nodejs-packaging oracle-linux-upgrade-nodejs-packaging-bundler oracle-linux-upgrade-npm References https://attackerkb.com/topics/cve-2023-39332 CVE - 2023-39332 ELSA-2023-7205

Oracle Linux: CVE-2023-39333: ELSA-2023-5849: 18 security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/13/2023 Created 07/26/2024 Added 07/22/2024 Modified 01/08/2025 Description Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. Solution(s) oracle-linux-upgrade-nodejs oracle-linux-upgrade-nodejs-devel oracle-linux-upgrade-nodejs-docs oracle-linux-upgrade-nodejs-full-i18n oracle-linux-upgrade-nodejs-nodemon oracle-linux-upgrade-nodejs-packaging oracle-linux-upgrade-nodejs-packaging-bundler oracle-linux-upgrade-npm References https://attackerkb.com/topics/cve-2023-39333 CVE - 2023-39333 ELSA-2023-5849 ELSA-2023-5869 ELSA-2023-7205

Amazon Linux 2023: CVE-2023-39333: Important priority package update for nodejs Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/13/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. Solution(s) amazon-linux-2023-upgrade-nodejs amazon-linux-2023-upgrade-nodejs-debuginfo amazon-linux-2023-upgrade-nodejs-debugsource amazon-linux-2023-upgrade-nodejs-devel amazon-linux-2023-upgrade-nodejs-docs amazon-linux-2023-upgrade-nodejs-full-i18n amazon-linux-2023-upgrade-nodejs-libs amazon-linux-2023-upgrade-nodejs-libs-debuginfo amazon-linux-2023-upgrade-nodejs-npm amazon-linux-2023-upgrade-v8-10-2-devel References https://attackerkb.com/topics/cve-2023-39333 CVE - 2023-39333 https://alas.aws.amazon.com/AL2023/ALAS-2023-412.html

Debian: CVE-2023-42752: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/13/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-42752 CVE - 2023-42752

Ubuntu: (Multiple Advisories) (CVE-2023-42752): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/13/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. Solution(s) ubuntu-upgrade-linux-image-3-13-0-194-generic ubuntu-upgrade-linux-image-3-13-0-194-lowlatency ubuntu-upgrade-linux-image-4-15-0-1125-oracle ubuntu-upgrade-linux-image-4-15-0-1146-kvm ubuntu-upgrade-linux-image-4-15-0-1156-gcp ubuntu-upgrade-linux-image-4-15-0-1162-aws ubuntu-upgrade-linux-image-4-15-0-1171-azure ubuntu-upgrade-linux-image-4-15-0-219-generic ubuntu-upgrade-linux-image-4-15-0-219-lowlatency ubuntu-upgrade-linux-image-4-4-0-1124-aws ubuntu-upgrade-linux-image-4-4-0-1125-kvm ubuntu-upgrade-linux-image-4-4-0-1162-aws ubuntu-upgrade-linux-image-4-4-0-246-generic ubuntu-upgrade-linux-image-4-4-0-246-lowlatency ubuntu-upgrade-linux-image-5-15-0-1031-gkeop ubuntu-upgrade-linux-image-5-15-0-1039-nvidia ubuntu-upgrade-linux-image-5-15-0-1039-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1041-ibm ubuntu-upgrade-linux-image-5-15-0-1041-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1045-gcp ubuntu-upgrade-linux-image-5-15-0-1045-gke ubuntu-upgrade-linux-image-5-15-0-1045-kvm ubuntu-upgrade-linux-image-5-15-0-1046-oracle ubuntu-upgrade-linux-image-5-15-0-1048-aws ubuntu-upgrade-linux-image-5-15-0-1050-azure ubuntu-upgrade-linux-image-5-15-0-1050-azure-fde ubuntu-upgrade-linux-image-5-15-0-87-generic ubuntu-upgrade-linux-image-5-15-0-87-generic-64k ubuntu-upgrade-linux-image-5-15-0-87-generic-lpae ubuntu-upgrade-linux-image-5-15-0-87-lowlatency ubuntu-upgrade-linux-image-5-15-0-87-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1024-iot ubuntu-upgrade-linux-image-5-4-0-1032-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1059-ibm ubuntu-upgrade-linux-image-5-4-0-1073-bluefield ubuntu-upgrade-linux-image-5-4-0-1079-gkeop ubuntu-upgrade-linux-image-5-4-0-1096-raspi ubuntu-upgrade-linux-image-5-4-0-1101-kvm ubuntu-upgrade-linux-image-5-4-0-1111-oracle ubuntu-upgrade-linux-image-5-4-0-1112-aws ubuntu-upgrade-linux-image-5-4-0-1116-gcp ubuntu-upgrade-linux-image-5-4-0-1118-azure ubuntu-upgrade-linux-image-5-4-0-165-generic ubuntu-upgrade-linux-image-5-4-0-165-generic-lpae ubuntu-upgrade-linux-image-5-4-0-165-lowlatency ubuntu-upgrade-linux-image-6-1-0-1024-oem ubuntu-upgrade-linux-image-6-2-0-1007-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1014-aws ubuntu-upgrade-linux-image-6-2-0-1014-oracle ubuntu-upgrade-linux-image-6-2-0-1015-azure ubuntu-upgrade-linux-image-6-2-0-1015-azure-fde ubuntu-upgrade-linux-image-6-2-0-1015-kvm ubuntu-upgrade-linux-image-6-2-0-1015-lowlatency ubuntu-upgrade-linux-image-6-2-0-1015-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1015-raspi ubuntu-upgrade-linux-image-6-2-0-1017-gcp ubuntu-upgrade-linux-image-6-2-0-35-generic ubuntu-upgrade-linux-image-6-2-0-35-generic-64k ubuntu-upgrade-linux-image-6-2-0-35-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-trusty ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-server ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-42752 CVE - 2023-42752 USN-6439-1 USN-6439-2 USN-6440-1 USN-6440-2 USN-6440-3 USN-6441-1 USN-6441-2 USN-6441-3 USN-6442-1 USN-6443-1 USN-6444-1 USN-6444-2 USN-6445-1 USN-6445-2 USN-6446-1 USN-6446-2 USN-6446-3 USN-6460-1 USN-6466-1 View more

Microsoft Edge Chromium: CVE-2023-36559 Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:N) Published 10/13/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36559 CVE - 2023-36559 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36559

Oracle Linux: CVE-2023-38552: ELSA-2023-5849: 18 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/13/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/08/2025 Description When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check. Solution(s) oracle-linux-upgrade-nodejs oracle-linux-upgrade-nodejs-devel oracle-linux-upgrade-nodejs-docs oracle-linux-upgrade-nodejs-full-i18n oracle-linux-upgrade-nodejs-nodemon oracle-linux-upgrade-nodejs-packaging oracle-linux-upgrade-nodejs-packaging-bundler oracle-linux-upgrade-npm References https://attackerkb.com/topics/cve-2023-38552 CVE - 2023-38552 ELSA-2023-5849 ELSA-2023-5869 ELSA-2023-7205

VMware Photon OS: CVE-2023-42752 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-42752 CVE - 2023-42752

Wordpress: CVE-2023-39999: Unspecified Security Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 10/13/2023 Created 10/24/2023 Added 10/24/2023 Modified 01/28/2025 Description Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. Solution(s) wordpress-upgrade-6_3_2 References https://attackerkb.com/topics/cve-2023-39999 CVE - 2023-39999

Oracle Linux: CVE-2023-39331: ELSA-2023-7205:nodejs:20 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/13/2023 Created 11/25/2023 Added 11/23/2023 Modified 01/08/2025 Description A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Solution(s) oracle-linux-upgrade-nodejs oracle-linux-upgrade-nodejs-devel oracle-linux-upgrade-nodejs-docs oracle-linux-upgrade-nodejs-full-i18n oracle-linux-upgrade-nodejs-nodemon oracle-linux-upgrade-nodejs-packaging oracle-linux-upgrade-nodejs-packaging-bundler oracle-linux-upgrade-npm References https://attackerkb.com/topics/cve-2023-39331 CVE - 2023-39331 ELSA-2023-7205

Debian: CVE-2023-38546: curl -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/12/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 DLA-3613-1 DSA-5523-1

Amazon Linux 2023: CVE-2023-45142: Important priority package update for amazon-cloudwatch-agent Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability. Solution(s) amazon-linux-2023-upgrade-amazon-cloudwatch-agent References https://attackerkb.com/topics/cve-2023-45142 CVE - 2023-45142 https://alas.aws.amazon.com/AL2023/ALAS-2024-498.html

Debian: CVE-2023-32721: zabbix -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 10/12/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-32721 CVE - 2023-32721 DLA-3717-1

Debian: CVE-2023-32724: zabbix -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/12/2023 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-32724 CVE - 2023-32724 DLA-3909-1

Alpine Linux: CVE-2023-45142: Allocation of Resources Without Limits or Throttling Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/12/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. Solution(s) alpine-linux-upgrade-k3s References https://attackerkb.com/topics/cve-2023-45142 CVE - 2023-45142 https://security.alpinelinux.org/vuln/CVE-2023-45142