ISHACK AI BOT

SUSE: CVE-2023-42795: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/10/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) suse-upgrade-tomcat suse-upgrade-tomcat-admin-webapps suse-upgrade-tomcat-docs-webapp suse-upgrade-tomcat-el-3_0-api suse-upgrade-tomcat-embed suse-upgrade-tomcat-javadoc suse-upgrade-tomcat-jsp-2_3-api suse-upgrade-tomcat-jsvc suse-upgrade-tomcat-lib suse-upgrade-tomcat-servlet-4_0-api suse-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-42795 CVE - 2023-42795

SUSE: CVE-2023-44487: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) suse-upgrade-abseil-cpp-devel suse-upgrade-corepack14 suse-upgrade-corepack16 suse-upgrade-corepack18 suse-upgrade-go1-20 suse-upgrade-go1-20-doc suse-upgrade-go1-20-openssl suse-upgrade-go1-20-openssl-doc suse-upgrade-go1-20-openssl-race suse-upgrade-go1-20-race suse-upgrade-go1-21 suse-upgrade-go1-21-doc suse-upgrade-go1-21-openssl suse-upgrade-go1-21-openssl-doc suse-upgrade-go1-21-openssl-race suse-upgrade-go1-21-race suse-upgrade-grpc-devel suse-upgrade-grpc-source suse-upgrade-jetty-annotations suse-upgrade-jetty-ant suse-upgrade-jetty-cdi suse-upgrade-jetty-client suse-upgrade-jetty-continuation suse-upgrade-jetty-deploy suse-upgrade-jetty-fcgi suse-upgrade-jetty-http suse-upgrade-jetty-http-spi suse-upgrade-jetty-io suse-upgrade-jetty-jaas suse-upgrade-jetty-jmx suse-upgrade-jetty-jndi suse-upgrade-jetty-jsp suse-upgrade-jetty-minimal-javadoc suse-upgrade-jetty-openid suse-upgrade-jetty-plus suse-upgrade-jetty-proxy suse-upgrade-jetty-quickstart suse-upgrade-jetty-rewrite suse-upgrade-jetty-security suse-upgrade-jetty-server suse-upgrade-jetty-servlet suse-upgrade-jetty-servlets suse-upgrade-jetty-start suse-upgrade-jetty-util suse-upgrade-jetty-util-ajax suse-upgrade-jetty-webapp suse-upgrade-jetty-xml suse-upgrade-kubevirt-container-disk suse-upgrade-kubevirt-manifests suse-upgrade-kubevirt-tests suse-upgrade-kubevirt-virt-api suse-upgrade-kubevirt-virt-controller suse-upgrade-kubevirt-virt-exportproxy suse-upgrade-kubevirt-virt-exportserver suse-upgrade-kubevirt-virt-handler suse-upgrade-kubevirt-virt-launcher suse-upgrade-kubevirt-virt-operator suse-upgrade-kubevirt-virtctl suse-upgrade-libabsl2308_0_0 suse-upgrade-libabsl2308_0_0-32bit suse-upgrade-libgrpc-1_60 suse-upgrade-libgrpc1_60 suse-upgrade-libgrpc37 suse-upgrade-libnghttp2-14 suse-upgrade-libnghttp2-14-32bit suse-upgrade-libnghttp2-devel suse-upgrade-libnghttp2_asio-devel suse-upgrade-libnghttp2_asio1 suse-upgrade-libnghttp2_asio1-32bit suse-upgrade-libprotobuf-lite25_1_0 suse-upgrade-libprotobuf-lite25_1_0-32bit suse-upgrade-libprotobuf25_1_0 suse-upgrade-libprotobuf25_1_0-32bit suse-upgrade-libprotoc25_1_0 suse-upgrade-libprotoc25_1_0-32bit suse-upgrade-libre2-11 suse-upgrade-libre2-11-32bit suse-upgrade-libupb37 suse-upgrade-netty suse-upgrade-netty-javadoc suse-upgrade-netty-poms suse-upgrade-netty-tcnative suse-upgrade-netty-tcnative-javadoc suse-upgrade-nghttp2 suse-upgrade-nodejs10 suse-upgrade-nodejs10-devel suse-upgrade-nodejs10-docs suse-upgrade-nodejs12 suse-upgrade-nodejs12-devel suse-upgrade-nodejs12-docs suse-upgrade-nodejs14 suse-upgrade-nodejs14-devel suse-upgrade-nodejs14-docs suse-upgrade-nodejs16 suse-upgrade-nodejs16-devel suse-upgrade-nodejs16-docs suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-npm10 suse-upgrade-npm12 suse-upgrade-npm14 suse-upgrade-npm16 suse-upgrade-npm18 suse-upgrade-obs-service-kubevirt_containers_meta suse-upgrade-opencensus-proto-source suse-upgrade-protobuf-devel suse-upgrade-protobuf-java suse-upgrade-python3-nghttp2 suse-upgrade-python311-abseil suse-upgrade-python311-grpcio suse-upgrade-python311-protobuf suse-upgrade-re2-devel suse-upgrade-tomcat suse-upgrade-tomcat-admin-webapps suse-upgrade-tomcat-docs-webapp suse-upgrade-tomcat-el-3_0-api suse-upgrade-tomcat-embed suse-upgrade-tomcat-javadoc suse-upgrade-tomcat-jsp-2_3-api suse-upgrade-tomcat-jsvc suse-upgrade-tomcat-lib suse-upgrade-tomcat-servlet-4_0-api suse-upgrade-tomcat-webapps suse-upgrade-upb-devel References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 DSA-5521 DSA-5522 DSA-5540 DSA-5549

SUSE: CVE-2023-4091: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 10/10/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-samba suse-upgrade-samba-ad-dc suse-upgrade-samba-ad-dc-libs suse-upgrade-samba-ad-dc-libs-32bit suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-dsdb-modules suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-4091 CVE - 2023-4091

SUSE: CVE-2023-42794: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 02/16/2024 Added 02/15/2024 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) suse-upgrade-tomcat suse-upgrade-tomcat-admin-webapps suse-upgrade-tomcat-docs-webapp suse-upgrade-tomcat-el-3_0-api suse-upgrade-tomcat-embed suse-upgrade-tomcat-javadoc suse-upgrade-tomcat-jsp-2_3-api suse-upgrade-tomcat-jsvc suse-upgrade-tomcat-lib suse-upgrade-tomcat-servlet-4_0-api suse-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-42794 CVE - 2023-42794

Huawei EulerOS: CVE-2023-43788: libXpm security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) huawei-euleros-2_0_sp10-upgrade-libxpm References https://attackerkb.com/topics/cve-2023-43788 CVE - 2023-43788 EulerOS-SA-2024-1091

Oracle Linux: CVE-2023-4091: ELSA-2023-6744:samba security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 10/10/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. Solution(s) oracle-linux-upgrade-ctdb oracle-linux-upgrade-libnetapi oracle-linux-upgrade-libnetapi-devel oracle-linux-upgrade-libsmbclient oracle-linux-upgrade-libsmbclient-devel oracle-linux-upgrade-libwbclient oracle-linux-upgrade-libwbclient-devel oracle-linux-upgrade-python3-samba oracle-linux-upgrade-python3-samba-dc oracle-linux-upgrade-python3-samba-devel oracle-linux-upgrade-python3-samba-test oracle-linux-upgrade-samba oracle-linux-upgrade-samba-client oracle-linux-upgrade-samba-client-libs oracle-linux-upgrade-samba-common oracle-linux-upgrade-samba-common-libs oracle-linux-upgrade-samba-common-tools oracle-linux-upgrade-samba-dcerpc oracle-linux-upgrade-samba-dc-libs oracle-linux-upgrade-samba-devel oracle-linux-upgrade-samba-krb5-printing oracle-linux-upgrade-samba-ldb-ldap-modules oracle-linux-upgrade-samba-libs oracle-linux-upgrade-samba-pidl oracle-linux-upgrade-samba-test oracle-linux-upgrade-samba-test-libs oracle-linux-upgrade-samba-tools oracle-linux-upgrade-samba-usershares oracle-linux-upgrade-samba-vfs-glusterfs oracle-linux-upgrade-samba-vfs-iouring oracle-linux-upgrade-samba-winbind oracle-linux-upgrade-samba-winbind-clients oracle-linux-upgrade-samba-winbind-krb5-locator oracle-linux-upgrade-samba-winbind-modules oracle-linux-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-4091 CVE - 2023-4091 ELSA-2023-6744 ELSA-2023-7467

Oracle Linux: CVE-2023-43622: ELSA-2024-2368:mod_http2 security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 05/22/2024 Added 05/08/2024 Modified 11/30/2024 Description An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. A flaw was found in the mod_http2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known "slow loris" attack pattern. Solution(s) oracle-linux-upgrade-mod-http2 References https://attackerkb.com/topics/cve-2023-43622 CVE - 2023-43622 ELSA-2024-2368

Oracle Linux: CVE-2023-42669: ELSA-2023-6744:samba security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. Solution(s) oracle-linux-upgrade-ctdb oracle-linux-upgrade-libnetapi oracle-linux-upgrade-libnetapi-devel oracle-linux-upgrade-libsmbclient oracle-linux-upgrade-libsmbclient-devel oracle-linux-upgrade-libwbclient oracle-linux-upgrade-libwbclient-devel oracle-linux-upgrade-python3-samba oracle-linux-upgrade-python3-samba-dc oracle-linux-upgrade-python3-samba-devel oracle-linux-upgrade-python3-samba-test oracle-linux-upgrade-samba oracle-linux-upgrade-samba-client oracle-linux-upgrade-samba-client-libs oracle-linux-upgrade-samba-common oracle-linux-upgrade-samba-common-libs oracle-linux-upgrade-samba-common-tools oracle-linux-upgrade-samba-dcerpc oracle-linux-upgrade-samba-dc-libs oracle-linux-upgrade-samba-devel oracle-linux-upgrade-samba-krb5-printing oracle-linux-upgrade-samba-ldb-ldap-modules oracle-linux-upgrade-samba-libs oracle-linux-upgrade-samba-pidl oracle-linux-upgrade-samba-test oracle-linux-upgrade-samba-test-libs oracle-linux-upgrade-samba-tools oracle-linux-upgrade-samba-usershares oracle-linux-upgrade-samba-vfs-glusterfs oracle-linux-upgrade-samba-vfs-iouring oracle-linux-upgrade-samba-winbind oracle-linux-upgrade-samba-winbind-clients oracle-linux-upgrade-samba-winbind-krb5-locator oracle-linux-upgrade-samba-winbind-modules oracle-linux-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-42669 CVE - 2023-42669 ELSA-2023-6744 ELSA-2023-7467

Oracle Linux: CVE-2023-39325: ELSA-2023-5721:go-toolset:ol8 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/20/2023 Added 10/18/2023 Modified 01/08/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages. Solution(s) oracle-linux-upgrade-conmon oracle-linux-upgrade-cri-o oracle-linux-upgrade-cri-tools oracle-linux-upgrade-delve oracle-linux-upgrade-etcd oracle-linux-upgrade-flannel-cni-plugin oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-race oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset oracle-linux-upgrade-grafana oracle-linux-upgrade-helm oracle-linux-upgrade-istio oracle-linux-upgrade-istio-istioctl oracle-linux-upgrade-kata oracle-linux-upgrade-kata-agent oracle-linux-upgrade-kata-image oracle-linux-upgrade-kata-ksm-throttler oracle-linux-upgrade-kata-proxy oracle-linux-upgrade-kata-runtime oracle-linux-upgrade-kata-shim oracle-linux-upgrade-kubeadm oracle-linux-upgrade-kubectl oracle-linux-upgrade-kubelet oracle-linux-upgrade-kubernetes-cni oracle-linux-upgrade-kubernetes-cni-plugins oracle-linux-upgrade-olcne-agent oracle-linux-upgrade-olcne-api-server oracle-linux-upgrade-olcne-calico-chart oracle-linux-upgrade-olcnectl oracle-linux-upgrade-olcne-gluster-chart oracle-linux-upgrade-olcne-grafana-chart oracle-linux-upgrade-olcne-istio-chart oracle-linux-upgrade-olcne-kubevirt-chart oracle-linux-upgrade-olcne-metallb-chart oracle-linux-upgrade-olcne-multus-chart oracle-linux-upgrade-olcne-nginx oracle-linux-upgrade-olcne-oci-ccm-chart oracle-linux-upgrade-olcne-olm-chart oracle-linux-upgrade-olcne-prometheus-chart oracle-linux-upgrade-olcne-rook-chart oracle-linux-upgrade-olcne-utils oracle-linux-upgrade-virtctl oracle-linux-upgrade-yq References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 ELSA-2023-5721 ELSA-2023-5738 ELSA-2023-13028 ELSA-2023-13053 ELSA-2023-5863 ELSA-2023-13054 ELSA-2023-13029 ELSA-2023-5867 View more

Oracle Linux: CVE-2023-42794: ELSA-2024-0474:tomcat security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 01/13/2024 Added 01/11/2024 Modified 12/18/2024 Description Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. A flaw was found in Apache Tomcat. An incomplete cleanup vulnerability with the internal fork of the Commons FileUpload package exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from the disk, potentially leading to a denial of service due to the disk being full. Solution(s) oracle-linux-upgrade-tomcat oracle-linux-upgrade-tomcat-admin-webapps oracle-linux-upgrade-tomcat-docs-webapp oracle-linux-upgrade-tomcat-el-3-0-api oracle-linux-upgrade-tomcat-jsp-2-3-api oracle-linux-upgrade-tomcat-lib oracle-linux-upgrade-tomcat-servlet-4-0-api oracle-linux-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-42794 CVE - 2023-42794 ELSA-2024-0474 ELSA-2024-0125

Oracle WebLogic: CVE-2023-44487 : Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 04/29/2024 Added 04/25/2024 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) oracle-weblogic-apr-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 http://www.oracle.com/security-alerts/cpuapr2024.html https://support.oracle.com/rs?type=doc&id=3011291.2

Gentoo Linux: CVE-2023-45129: Synapse: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/10/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. Solution(s) gentoo-linux-upgrade-net-im-synapse References https://attackerkb.com/topics/cve-2023-45129 CVE - 2023-45129 202401-12

FreeBSD: (Multiple Advisories) (CVE-2023-44487): varnish -- HTTP/2 Rapid Reset Attack Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) freebsd-upgrade-package-h2o freebsd-upgrade-package-h2o-devel freebsd-upgrade-package-jenkins freebsd-upgrade-package-jenkins-lts freebsd-upgrade-package-traefik freebsd-upgrade-package-varnish6 freebsd-upgrade-package-varnish7 References CVE-2023-44487

Microsoft Office: CVE-2023-36568: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description Microsoft Office: CVE-2023-36568: Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-36568 CVE - 2023-36568

Fortinet FortiOS: Unspecified Security Vulnerability (CVE-2023-41841) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-41841 CVE - 2023-41841 https://fortiguard.com/psirt/FG-IR-23-318

Microsoft Edge Chromium: CVE-2023-5484 Inappropriate implementation in Navigation Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5484 CVE - 2023-5484 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5484

Microsoft Edge Chromium: CVE-2023-5478 Inappropriate implementation in Autofill Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5478 CVE - 2023-5478 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5478

Microsoft Edge Chromium: CVE-2023-5474 Heap buffer overflow in PDF Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5474 CVE - 2023-5474 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5474

Huawei EulerOS: CVE-2023-39325: docker-engine security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) huawei-euleros-2_0_sp12-upgrade-docker-engine huawei-euleros-2_0_sp12-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 EulerOS-SA-2024-1761

CentOS Linux: CVE-2023-44487: Important: rhc-worker-script enhancement and security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) centos-upgrade-foreman-cli centos-upgrade-foreman_ygg_worker centos-upgrade-puppet-agent centos-upgrade-rhc-worker-script centos-upgrade-satellite centos-upgrade-satellite-branding centos-upgrade-satellite-cli centos-upgrade-yggdrasil References DSA-5521 DSA-5522 DSA-5540 DSA-5549 CVE-2023-44487

SUSE: CVE-2023-30801: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 12/09/2023 Added 12/08/2023 Modified 01/28/2025 Description All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023. Solution(s) suse-upgrade-libtorrent-rasterbar-devel suse-upgrade-libtorrent-rasterbar-doc suse-upgrade-libtorrent-rasterbar2_0 suse-upgrade-python3-libtorrent-rasterbar suse-upgrade-qbittorrent suse-upgrade-qbittorrent-nox References https://attackerkb.com/topics/cve-2023-30801 CVE - 2023-30801

Red Hat OpenShift: CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) linuxrpm-upgrade-cri-o linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift linuxrpm-upgrade-openshift-clients References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 RHSA-2023:5006 RHSA-2023:5009 RHSA-2023:5530 RHSA-2023:5541 RHSA-2023:5542 RHSA-2023:5679 RHSA-2023:5705 RHSA-2023:5706 RHSA-2023:5707 RHSA-2023:5708 RHSA-2023:5709 RHSA-2023:5710 RHSA-2023:5711 RHSA-2023:5712 RHSA-2023:5713 RHSA-2023:5714 RHSA-2023:5715 RHSA-2023:5716 RHSA-2023:5717 RHSA-2023:5719 RHSA-2023:5720 RHSA-2023:5721 RHSA-2023:5724 RHSA-2023:5738 RHSA-2023:5749 RHSA-2023:5764 RHSA-2023:5765 RHSA-2023:5766 RHSA-2023:5767 RHSA-2023:5768 RHSA-2023:5769 RHSA-2023:5770 RHSA-2023:5780 RHSA-2023:5783 RHSA-2023:5784 RHSA-2023:5801 RHSA-2023:5802 RHSA-2023:5803 RHSA-2023:5805 RHSA-2023:5835 RHSA-2023:5837 RHSA-2023:5838 RHSA-2023:5840 RHSA-2023:5841 RHSA-2023:5849 RHSA-2023:5850 RHSA-2023:5851 RHSA-2023:5863 RHSA-2023:5864 RHSA-2023:5865 RHSA-2023:5866 RHSA-2023:5867 RHSA-2023:5869 RHSA-2023:5896 RHSA-2023:5902 RHSA-2023:5920 RHSA-2023:5922 RHSA-2023:5924 RHSA-2023:5928 RHSA-2023:5929 RHSA-2023:5930 RHSA-2023:5931 RHSA-2023:5933 RHSA-2023:5935 RHSA-2023:5945 RHSA-2023:5946 RHSA-2023:5947 RHSA-2023:5956 RHSA-2023:5964 RHSA-2023:5965 RHSA-2023:5967 RHSA-2023:5969 RHSA-2023:5970 RHSA-2023:5971 RHSA-2023:5973 RHSA-2023:5974 RHSA-2023:5976 RHSA-2023:5978 RHSA-2023:5979 RHSA-2023:5980 RHSA-2023:5982 RHSA-2023:5989 RHSA-2023:6020 RHSA-2023:6021 RHSA-2023:6022 RHSA-2023:6023 RHSA-2023:6030 RHSA-2023:6031 RHSA-2023:6039 RHSA-2023:6040 RHSA-2023:6041 RHSA-2023:6042 RHSA-2023:6044 RHSA-2023:6048 RHSA-2023:6057 RHSA-2023:6059 RHSA-2023:6061 RHSA-2023:6077 RHSA-2023:6079 RHSA-2023:6080 RHSA-2023:6084 RHSA-2023:6085 RHSA-2023:6105 RHSA-2023:6106 RHSA-2023:6114 RHSA-2023:6115 RHSA-2023:6117 RHSA-2023:6118 RHSA-2023:6119 RHSA-2023:6120 RHSA-2023:6122 RHSA-2023:6129 RHSA-2023:6137 RHSA-2023:6144 RHSA-2023:6145 RHSA-2023:6148 RHSA-2023:6154 RHSA-2023:6161 RHSA-2023:6165 RHSA-2023:6179 RHSA-2023:6200 RHSA-2023:6202 RHSA-2023:6217 RHSA-2023:6233 RHSA-2023:6235 RHSA-2023:6239 RHSA-2023:6248 RHSA-2023:6251 RHSA-2023:6269 RHSA-2023:6272 RHSA-2023:6280 RHSA-2023:6286 RHSA-2023:6296 RHSA-2023:6298 RHSA-2023:6305 RHSA-2023:6746 RHSA-2023:6779 RHSA-2023:6781 RHSA-2023:6782 RHSA-2023:6783 RHSA-2023:6784 RHSA-2023:6785 RHSA-2023:6786 RHSA-2023:6787 RHSA-2023:6788 RHSA-2023:6817 RHSA-2023:6818 RHSA-2023:6832 RHSA-2023:6836 RHSA-2023:6837 RHSA-2023:6839 RHSA-2023:6840 RHSA-2023:7198 RHSA-2023:7205 RHSA-2023:7215 RHSA-2023:7218 RHSA-2023:7247 RHSA-2023:7288 RHSA-2023:7315 RHSA-2023:7325 RHSA-2023:7334 RHSA-2023:7335 RHSA-2023:7344 RHSA-2023:7345 RHSA-2023:7481 RHSA-2023:7482 RHSA-2023:7483 RHSA-2023:7484 RHSA-2023:7486 RHSA-2023:7488 RHSA-2023:7521 RHSA-2023:7522 RHSA-2023:7555 RHSA-2023:7587 RHSA-2023:7610 RHSA-2023:7637 RHSA-2023:7638 RHSA-2023:7639 RHSA-2023:7641 RHSA-2023:7653 RHSA-2023:7682 RHSA-2023:7687 RHSA-2023:7699 RHSA-2023:7703 RHSA-2023:7704 RHSA-2023:7741 RHSA-2024:0269 RHSA-2024:0302 RHSA-2024:0777 RHSA-2024:1444 RHSA-2024:1770 RHSA-2024:2633 RHSA-2024:4631 View more

Alpine Linux: CVE-2023-43786: Infinite Loop Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/14/2024 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) alpine-linux-upgrade-libx11 References https://attackerkb.com/topics/cve-2023-43786 CVE - 2023-43786 https://security.alpinelinux.org/vuln/CVE-2023-43786

Microsoft Windows: CVE-2023-36598: Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36598 CVE - 2023-36598 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-36596: Remote Procedure Call Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Remote Procedure Call Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 References https://attackerkb.com/topics/cve-2023-36596 CVE - 2023-36596 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more