ISHACK AI BOT

Microsoft Windows: CVE-2023-38166: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-38166 CVE - 2023-38166 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-41767: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-41767 CVE - 2023-41767 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-41769: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-41769 CVE - 2023-41769 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-36572: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36572 CVE - 2023-36572 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Huawei EulerOS: CVE-2023-43787: libX11 security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Solution(s) huawei-euleros-2_0_sp11-upgrade-libx11 References https://attackerkb.com/topics/cve-2023-43787 CVE - 2023-43787 EulerOS-SA-2023-3277

Microsoft Windows: CVE-2023-36563: Microsoft WordPad Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Microsoft WordPad Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36563 CVE - 2023-36563 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-36706: Windows Deployment Services Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Windows Deployment Services Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36706 CVE - 2023-36706 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft CVE-2023-36728: Microsoft SQL Server Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 03/15/2024 Description Microsoft CVE-2023-36728: Microsoft SQL Server Denial of Service Vulnerability Solution(s) msft-kb5029184-87b0e75c-4efd-48df-8273-a856dc4b3522-x64 msft-kb5029184-87b0e75c-4efd-48df-8273-a856dc4b3522-x86 msft-kb5029185-27f5d8de-4584-4c6a-8cbf-05f70a742f82-x64 msft-kb5029185-27f5d8de-4584-4c6a-8cbf-05f70a742f82-x86 msft-kb5029186-68eb9539-1c99-486e-a808-de47db3f00d7-x64 msft-kb5029375-d3ec150c-e675-441b-951f-b57712140870-x64 msft-kb5029376-886e7581-9f57-4499-9248-52190d6bcbb5-x64 msft-kb5029377-fd074a69-e548-45af-ba86-86fefdfca81b-x64 msft-kb5029378-21fe36a7-1967-4c3a-bd71-b28b30b7aab4-x64 msft-kb5029379-4d85ef76-8ec7-468f-a36e-87904a0a3f2f-x64 msft-kb5029503-2b61f20c-c789-42dd-a46b-3804c0ccda06-x64 References https://attackerkb.com/topics/cve-2023-36728 CVE - 2023-36728 5029184 5029185 5029186 5029375 5029376 5029377 5029378 5029379 5029503 View more

Huawei EulerOS: CVE-2023-43786: libX11 security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) huawei-euleros-2_0_sp11-upgrade-libx11 References https://attackerkb.com/topics/cve-2023-43786 CVE - 2023-43786 EulerOS-SA-2023-3277

Microsoft Windows: CVE-2023-36712: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36712 CVE - 2023-36712 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Amazon Linux 2023: CVE-2023-3961: Important priority package update for samba Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 10/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. Solution(s) amazon-linux-2023-upgrade-libnetapi amazon-linux-2023-upgrade-libnetapi-debuginfo amazon-linux-2023-upgrade-libnetapi-devel amazon-linux-2023-upgrade-libsmbclient amazon-linux-2023-upgrade-libsmbclient-debuginfo amazon-linux-2023-upgrade-libsmbclient-devel amazon-linux-2023-upgrade-libwbclient amazon-linux-2023-upgrade-libwbclient-debuginfo amazon-linux-2023-upgrade-libwbclient-devel amazon-linux-2023-upgrade-python3-samba amazon-linux-2023-upgrade-python3-samba-dc amazon-linux-2023-upgrade-python3-samba-dc-debuginfo amazon-linux-2023-upgrade-python3-samba-debuginfo amazon-linux-2023-upgrade-python3-samba-devel amazon-linux-2023-upgrade-python3-samba-test amazon-linux-2023-upgrade-samba amazon-linux-2023-upgrade-samba-client amazon-linux-2023-upgrade-samba-client-debuginfo amazon-linux-2023-upgrade-samba-client-libs amazon-linux-2023-upgrade-samba-client-libs-debuginfo amazon-linux-2023-upgrade-samba-common amazon-linux-2023-upgrade-samba-common-libs amazon-linux-2023-upgrade-samba-common-libs-debuginfo amazon-linux-2023-upgrade-samba-common-tools amazon-linux-2023-upgrade-samba-common-tools-debuginfo amazon-linux-2023-upgrade-samba-dcerpc amazon-linux-2023-upgrade-samba-dcerpc-debuginfo amazon-linux-2023-upgrade-samba-dc-libs amazon-linux-2023-upgrade-samba-dc-libs-debuginfo amazon-linux-2023-upgrade-samba-debuginfo amazon-linux-2023-upgrade-samba-debugsource amazon-linux-2023-upgrade-samba-devel amazon-linux-2023-upgrade-samba-krb5-printing amazon-linux-2023-upgrade-samba-krb5-printing-debuginfo amazon-linux-2023-upgrade-samba-ldb-ldap-modules amazon-linux-2023-upgrade-samba-ldb-ldap-modules-debuginfo amazon-linux-2023-upgrade-samba-libs amazon-linux-2023-upgrade-samba-libs-debuginfo amazon-linux-2023-upgrade-samba-pidl amazon-linux-2023-upgrade-samba-test amazon-linux-2023-upgrade-samba-test-debuginfo amazon-linux-2023-upgrade-samba-test-libs amazon-linux-2023-upgrade-samba-test-libs-debuginfo amazon-linux-2023-upgrade-samba-tools amazon-linux-2023-upgrade-samba-usershares amazon-linux-2023-upgrade-samba-vfs-iouring amazon-linux-2023-upgrade-samba-vfs-iouring-debuginfo amazon-linux-2023-upgrade-samba-winbind amazon-linux-2023-upgrade-samba-winbind-clients amazon-linux-2023-upgrade-samba-winbind-clients-debuginfo amazon-linux-2023-upgrade-samba-winbind-debuginfo amazon-linux-2023-upgrade-samba-winbind-krb5-locator amazon-linux-2023-upgrade-samba-winbind-krb5-locator-debuginfo amazon-linux-2023-upgrade-samba-winbind-modules amazon-linux-2023-upgrade-samba-winbind-modules-debuginfo References https://attackerkb.com/topics/cve-2023-3961 CVE - 2023-3961 https://alas.aws.amazon.com/AL2023/ALAS-2023-416.html

Amazon Linux 2023: CVE-2023-39325: Important priority package update for golang (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages. Solution(s) amazon-linux-2023-upgrade-amazon-cloudwatch-agent amazon-linux-2023-upgrade-amazon-ssm-agent amazon-linux-2023-upgrade-amazon-ssm-agent-debuginfo amazon-linux-2023-upgrade-amazon-ssm-agent-debugsource amazon-linux-2023-upgrade-cni-plugins amazon-linux-2023-upgrade-cni-plugins-debuginfo amazon-linux-2023-upgrade-cni-plugins-debugsource amazon-linux-2023-upgrade-docker amazon-linux-2023-upgrade-docker-debuginfo amazon-linux-2023-upgrade-docker-debugsource amazon-linux-2023-upgrade-ecs-init amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests amazon-linux-2023-upgrade-oci-add-hooks amazon-linux-2023-upgrade-oci-add-hooks-debuginfo amazon-linux-2023-upgrade-oci-add-hooks-debugsource amazon-linux-2023-upgrade-runc amazon-linux-2023-upgrade-runc-debuginfo amazon-linux-2023-upgrade-runc-debugsource References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 https://alas.aws.amazon.com/AL2023/ALAS-2023-394.html https://alas.aws.amazon.com/AL2023/ALAS-2023-396.html https://alas.aws.amazon.com/AL2023/ALAS-2023-397.html https://alas.aws.amazon.com/AL2023/ALAS-2023-418.html https://alas.aws.amazon.com/AL2023/ALAS-2023-419.html https://alas.aws.amazon.com/AL2023/ALAS-2023-434.html https://alas.aws.amazon.com/AL2023/ALAS-2023-435.html https://alas.aws.amazon.com/AL2023/ALAS-2024-498.html https://alas.aws.amazon.com/AL2023/ALAS-2024-526.html View more

Fortinet FortiManager: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2023-42788) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 10/10/2023 Created 10/17/2023 Added 10/16/2023 Modified 01/30/2025 Description An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Solution(s) fortinet-fortimanager-upgrade-6_2_11 fortinet-fortimanager-upgrade-6_2_12 fortinet-fortimanager-upgrade-6_4_12 fortinet-fortimanager-upgrade-6_4_13 fortinet-fortimanager-upgrade-7_0_8 fortinet-fortimanager-upgrade-7_0_9 fortinet-fortimanager-upgrade-7_2_3 fortinet-fortimanager-upgrade-7_2_4 fortinet-fortimanager-upgrade-7_4_1 References https://attackerkb.com/topics/cve-2023-42788 CVE - 2023-42788 https://fortiguard.com/psirt/FG-IR-23-167 https://github.com/orangecertcc/security-research/security/advisories/GHSA-qpv8-g6qv-rf8p

Fortinet FortiManager: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CVE-2023-41838) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 10/10/2023 Created 10/17/2023 Added 10/16/2023 Modified 01/30/2025 Description An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. Solution(s) fortinet-fortimanager-upgrade-6_2_11 fortinet-fortimanager-upgrade-6_2_12 fortinet-fortimanager-upgrade-6_4_12 fortinet-fortimanager-upgrade-6_4_13 fortinet-fortimanager-upgrade-7_0_8 fortinet-fortimanager-upgrade-7_0_9 fortinet-fortimanager-upgrade-7_2_3 fortinet-fortimanager-upgrade-7_2_4 fortinet-fortimanager-upgrade-7_4_1 References https://attackerkb.com/topics/cve-2023-41838 CVE - 2023-41838 https://fortiguard.com/psirt/FG-IR-23-169

Rocky Linux: CVE-2023-44487: nodejs-16 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) rocky-upgrade-aspnetcore-runtime-6.0 rocky-upgrade-aspnetcore-targeting-pack-6.0 rocky-upgrade-delve rocky-upgrade-delve-debuginfo rocky-upgrade-delve-debugsource rocky-upgrade-dotnet-apphost-pack-6.0 rocky-upgrade-dotnet-apphost-pack-6.0-debuginfo rocky-upgrade-dotnet-hostfxr-6.0 rocky-upgrade-dotnet-hostfxr-6.0-debuginfo rocky-upgrade-dotnet-runtime-6.0 rocky-upgrade-dotnet-runtime-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0 rocky-upgrade-dotnet-sdk-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0-source-built-artifacts rocky-upgrade-dotnet-targeting-pack-6.0 rocky-upgrade-dotnet-templates-6.0 rocky-upgrade-go-toolset rocky-upgrade-golang rocky-upgrade-golang-bin rocky-upgrade-golang-race rocky-upgrade-grafana rocky-upgrade-grafana-debuginfo rocky-upgrade-libdb-cxx rocky-upgrade-libdb-cxx-debuginfo rocky-upgrade-libdb-debuginfo rocky-upgrade-libdb-debugsource rocky-upgrade-libdb-sql-debuginfo rocky-upgrade-libdb-sql-devel-debuginfo rocky-upgrade-libdb-utils-debuginfo rocky-upgrade-libnghttp2 rocky-upgrade-libnghttp2-debuginfo rocky-upgrade-libnghttp2-devel rocky-upgrade-nghttp2 rocky-upgrade-nghttp2-debuginfo rocky-upgrade-nghttp2-debugsource rocky-upgrade-nginx rocky-upgrade-nginx-core rocky-upgrade-nginx-core-debuginfo rocky-upgrade-nginx-debuginfo rocky-upgrade-nginx-debugsource rocky-upgrade-nginx-mod-devel rocky-upgrade-nginx-mod-http-image-filter rocky-upgrade-nginx-mod-http-image-filter-debuginfo rocky-upgrade-nginx-mod-http-perl rocky-upgrade-nginx-mod-http-perl-debuginfo rocky-upgrade-nginx-mod-http-xslt-filter rocky-upgrade-nginx-mod-http-xslt-filter-debuginfo rocky-upgrade-nginx-mod-mail rocky-upgrade-nginx-mod-mail-debuginfo rocky-upgrade-nginx-mod-stream rocky-upgrade-nginx-mod-stream-debuginfo rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-nodejs-libs rocky-upgrade-nodejs-libs-debuginfo rocky-upgrade-npm rocky-upgrade-varnish rocky-upgrade-varnish-devel rocky-upgrade-varnish-docs rocky-upgrade-varnish-modules rocky-upgrade-varnish-modules-debuginfo rocky-upgrade-varnish-modules-debugsource References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 https://errata.rockylinux.org/RLSA-2023:5708 https://errata.rockylinux.org/RLSA-2023:5721 https://errata.rockylinux.org/RLSA-2023:5738 https://errata.rockylinux.org/RLSA-2023:5749 https://errata.rockylinux.org/RLSA-2023:5765 https://errata.rockylinux.org/RLSA-2023:5838 https://errata.rockylinux.org/RLSA-2023:5850 https://errata.rockylinux.org/RLSA-2023:5863 https://errata.rockylinux.org/RLSA-2023:5924 https://errata.rockylinux.org/RLSA-2023:5928 https://errata.rockylinux.org/RLSA-2023:5989 https://errata.rockylinux.org/RLSA-2023:6077 https://errata.rockylinux.org/RLSA-2023:6120 https://errata.rockylinux.org/RLSA-2023:6746 https://errata.rockylinux.org/RLSA-2023:6818 https://errata.rockylinux.org/RLSA-2023:7205 https://errata.rockylinux.org/RLSA-2024:1444 View more

Fortinet FortiOS:(CVE-2023-44487) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www.openwall.com/lists/oss-security/2023/10/18/8 http://www.openwall.com/lists/oss-security/2023/10/19/6 http://www.openwall.com/lists/oss-security/2023/10/20/8 https://access.redhat.com/security/cve/cve-2023-44487 https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/ https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack https://blog.vespa.ai/cve-2023-44487/ https://bugzilla.proxmox.com/show_bug.cgi?id=4988 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://bugzilla.suse.com/show_bug.cgi?id=1216123 https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9 https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125 https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715 https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088 https://github.com/Azure/AKS/issues/3947 https://github.com/Kong/kong/discussions/11741 https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/akka/akka-http/issues/4323 https://github.com/alibaba/tengine/issues/1872 https://github.com/apache/apisix/issues/10320 https://github.com/apache/httpd-site/pull/10 https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113 https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2 https://github.com/apache/trafficserver/pull/10564 https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/caddyserver/caddy/issues/5877 https://github.com/caddyserver/caddy/releases/tag/v2.7.5 https://github.com/dotnet/announcements/issues/277 https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73 https://github.com/eclipse/jetty.project/issues/10679 https://github.com/envoyproxy/envoy/pull/30055 https://github.com/etcd-io/etcd/issues/16740 https://github.com/facebook/proxygen/pull/466 https://github.com/golang/go/issues/63417 https://github.com/grpc/grpc-go/pull/6703 https://github.com/h2o/h2o/pull/3291 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf https://github.com/haproxy/haproxy/issues/2312 https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244 https://github.com/junkurihara/rust-rpxy/issues/97 https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1 https://github.com/kazu-yamamoto/http2/issues/93 https://github.com/kubernetes/kubernetes/pull/121120 https://github.com/line/armeria/pull/5232 https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632 https://github.com/micrictor/http2-rst-stream https://github.com/microsoft/CBL-Mariner/pull/6381 https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 https://github.com/nghttp2/nghttp2/pull/1961 https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 https://github.com/ninenines/cowboy/issues/1615 https://github.com/nodejs/node/pull/50121 https://github.com/openresty/openresty/issues/930 https://github.com/opensearch-project/data-prepper/issues/3474 https://github.com/oqtane/oqtane.framework/discussions/3367 https://github.com/projectcontour/contour/pull/5826 https://github.com/tempesta-tech/tempesta/issues/1986 https://github.com/varnishcache/varnish-cache/issues/3996 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo https://istio.io/latest/news/security/istio-security-2023-004/ https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/ https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/ https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://my.f5.com/manage/s/article/K000137106 https://netty.io/news/2023/10/10/4-1-100-Final.html https://news.ycombinator.com/item?id=37830987 https://news.ycombinator.com/item?id=37830998 https://news.ycombinator.com/item?id=37831062 https://news.ycombinator.com/item?id=37837043 https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/ https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected https://security.gentoo.org/glsa/202311-09 https://security.netapp.com/advisory/ntap-20231016-0001/ https://security.netapp.com/advisory/ntap-20240426-0007/ https://security.netapp.com/advisory/ntap-20240621-0006/ https://security.netapp.com/advisory/ntap-20240621-0007/ https://security.paloaltonetworks.com/CVE-2023-44487 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14 https://ubuntu.com/security/CVE-2023-44487 https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://www.debian.org/security/2023/dsa-5540 https://www.debian.org/security/2023/dsa-5549 https://www.debian.org/security/2023/dsa-5558 https://www.debian.org/security/2023/dsa-5570 https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487 https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/ https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.openwall.com/lists/oss-security/2023/10/10/6 https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/ https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause View more

Microsoft Windows: CVE-2023-38159: Windows Graphics Component Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 08/07/2024 Description Windows Graphics Component Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 References https://attackerkb.com/topics/cve-2023-38159 CVE - 2023-38159 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 View more

Debian: CVE-2023-45648: tomcat10, tomcat9 -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/10/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. Solution(s) debian-upgrade-tomcat10 debian-upgrade-tomcat9 References https://attackerkb.com/topics/cve-2023-45648 CVE - 2023-45648 DSA-5521-1 DSA-5522-1

Debian: CVE-2023-4692: grub2 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/30/2025 Description An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Solution(s) debian-upgrade-grub2 References https://attackerkb.com/topics/cve-2023-4692 CVE - 2023-4692 DLA-3605-1 DSA-5519-1

Debian: CVE-2023-4693: grub2 -- security update Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/30/2025 Description An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Solution(s) debian-upgrade-grub2 References https://attackerkb.com/topics/cve-2023-4693 CVE - 2023-4693 DLA-3605-1 DSA-5519-1

FreeBSD: VID-07EE8C14-68F1-11EE-8290-A8A1599412C6 (CVE-2023-5478): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 10/10/2023 Created 10/13/2023 Added 10/12/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5478

Gentoo Linux: CVE-2023-43788: libXpm: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) gentoo-linux-upgrade-x11-libs-libxpm References https://attackerkb.com/topics/cve-2023-43788 CVE - 2023-43788 202408-03

Gentoo Linux: CVE-2023-43787: X.Org X11 library: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Solution(s) gentoo-linux-upgrade-x11-libs-libx11 References https://attackerkb.com/topics/cve-2023-43787 CVE - 2023-43787 202407-21

Fortinet FortiManager: Unspecified Security Vulnerability (CVE-2023-42787) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 10/17/2023 Added 10/16/2023 Modified 01/28/2025 Description A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. Solution(s) fortinet-fortimanager-upgrade-6_2_12 fortinet-fortimanager-upgrade-6_4_13 fortinet-fortimanager-upgrade-7_0_9 fortinet-fortimanager-upgrade-7_2_3 fortinet-fortimanager-upgrade-7_2_4 fortinet-fortimanager-upgrade-7_4_1 References https://attackerkb.com/topics/cve-2023-42787 CVE - 2023-42787 https://fortiguard.com/psirt/FG-IR-23-187 https://github.com/orangecertcc/security-research/security/advisories/GHSA-q5pq-8666-j8fr

Fortinet FortiOS: Use After Free (CVE-2023-41675) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/10/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-41675 CVE - 2023-41675 https://fortiguard.com/psirt/FG-IR-23-184