ISHACK AI BOT

VMware Photon OS: CVE-2023-5187 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5187 CVE - 2023-5187

Red Hat: CVE-2023-5215: libnbd: Crash or misbehaviour when NBD server returns an unexpected block size (Multiple Advisories) Severity 5 CVSS (AV:A/AC:H/Au:N/C:N/I:N/A:C) Published 09/28/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. Solution(s) redhat-upgrade-libnbd redhat-upgrade-libnbd-bash-completion redhat-upgrade-libnbd-debuginfo redhat-upgrade-libnbd-debugsource redhat-upgrade-libnbd-devel redhat-upgrade-nbdfuse redhat-upgrade-nbdfuse-debuginfo redhat-upgrade-ocaml-libnbd redhat-upgrade-ocaml-libnbd-debuginfo redhat-upgrade-ocaml-libnbd-devel redhat-upgrade-python3-libnbd redhat-upgrade-python3-libnbd-debuginfo References CVE-2023-5215 RHSA-2024:2204

CentOS Linux: CVE-2023-5217: Important: thunderbird security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/05/2023 Added 10/05/2023 Modified 01/28/2025 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-5217

OS X update for AMD (CVE-2023-32377) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-32377 CVE - 2023-32377 https://support.apple.com/kb/HT213940

OS X update for bootp (CVE-2023-41065) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41065 CVE - 2023-41065 https://support.apple.com/kb/HT213940

Red Hat: CVE-2023-42756: kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 09/28/2023 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-42756 RHSA-2024:2394

Alma Linux: CVE-2023-42756: Important: kernel security, bug fix, and enhancement update (ALSA-2024-2394) Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 09/28/2023 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2023-42756 CVE - 2023-42756 https://errata.almalinux.org/9/ALSA-2024-2394.html

Red Hat: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/05/2023 Added 10/05/2023 Modified 01/28/2025 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-libvpx redhat-upgrade-libvpx-debuginfo redhat-upgrade-libvpx-debugsource redhat-upgrade-libvpx-devel redhat-upgrade-libvpx-utils-debuginfo redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-5217 RHSA-2023:5427 RHSA-2023:5428 RHSA-2023:5430 RHSA-2023:5433 RHSA-2023:5434 RHSA-2023:5435 RHSA-2023:5436 RHSA-2023:5439 RHSA-2023:5475 RHSA-2023:5477 RHSA-2023:5537 RHSA-2023:5538 RHSA-2023:5539 RHSA-2023:5540 View more

OS X update for Windows Server (CVE-2023-41066) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/30/2025 Description An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41066 CVE - 2023-41066 https://support.apple.com/kb/HT213940

SUSE: CVE-2023-5187: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5187 CVE - 2023-5187

OS X update for iCloud Photo Library (CVE-2023-40434) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/30/2025 Description A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40434 CVE - 2023-40434 https://support.apple.com/kb/HT213940

SUSE: CVE-2023-5186: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5186 CVE - 2023-5186

OS X update for CUPS (CVE-2023-40407) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40407 CVE - 2023-40407 https://support.apple.com/kb/HT213940

OS X update for QuartzCore (CVE-2023-40422) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40422 CVE - 2023-40422 https://support.apple.com/kb/HT213940

FreeBSD: (Multiple Advisories) (CVE-2023-5187): electron25 -- Use after free in extensions vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/03/2023 Added 09/29/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron25 freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5187

Google Chrome Vulnerability: CVE-2023-5186 Use after free in Passwords Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5186 CVE - 2023-5186 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

Microsoft Edge Chromium: CVE-2023-5186 Use after free in Passwords Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5186 CVE - 2023-5186 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5186

OS X update for GPU Drivers (CVE-2023-40391) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40391 CVE - 2023-40391 https://support.apple.com/kb/HT213940

MFSA2023-44 Firefox: Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. (CVE-2023-5217) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/30/2023 Added 09/29/2023 Modified 01/28/2025 Description Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) mozilla-firefox-esr-upgrade-115_3_1 mozilla-firefox-upgrade-118_0_1 References https://attackerkb.com/topics/cve-2023-5217 CVE - 2023-5217 http://www.mozilla.org/security/announce/2023/mfsa2023-44.html

FreeBSD: VID-6E0EBB4A-5E75-11EE-A365-001B217B3468 (CVE-2023-2233): Gitlab -- vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 09/28/2023 Created 10/03/2023 Added 09/29/2023 Modified 01/28/2025 Description An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-2233

OS X update for Apple Neural Engine (CVE-2023-40432) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40432 CVE - 2023-40432 https://support.apple.com/kb/HT213940

Oracle Linux: CVE-2023-40451: ELSA-2023-6535:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/28/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution,resulting in a high impact on data confidentiality, integrity, and system availability. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-40451 CVE - 2023-40451 ELSA-2023-6535 ELSA-2023-7055

OS X update for Bluetooth (CVE-2023-40426) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40426 CVE - 2023-40426 https://support.apple.com/kb/HT213940

OS X update for Safari (CVE-2023-35990) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-35990 CVE - 2023-35990 https://support.apple.com/kb/HT213940

OS X update for Shortcuts (CVE-2023-40541) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/28/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-40541 CVE - 2023-40541 https://support.apple.com/kb/HT213940