ISHACK AI BOT

SUSE: CVE-2023-4563: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/14/2023 Created 09/15/2023 Added 09/15/2023 Modified 11/08/2023 Description Rejected reason: This was assigned as a duplicate of CVE-2023-4244. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4563 CVE - 2023-4563

Huawei EulerOS: CVE-2023-25584: binutils security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Solution(s) huawei-euleros-2_0_sp10-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25584 CVE - 2023-25584 EulerOS-SA-2023-2803

Debian: CVE-2023-25584: binutils -- security update Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25584 CVE - 2023-25584

VMware Photon OS: CVE-2023-29499 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-29499 CVE - 2023-29499

Debian: CVE-2023-25586: binutils -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. Solution(s) debian-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25586 CVE - 2023-25586

Gentoo Linux: CVE-2023-29499: GLib: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Solution(s) gentoo-linux-upgrade-dev-libs-glib References https://attackerkb.com/topics/cve-2023-29499 CVE - 2023-29499 202311-18

Azul Zulu: CVE-2023-32643: Vulnerability in the JavaFX component Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/14/2023 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2023-32643 CVE - 2023-32643 https://www.azul.com/downloads/

Azul Zulu: CVE-2023-32611: Vulnerability in the JavaFX component Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611 https://www.azul.com/downloads/

Red Hat: CVE-2023-32665: GVariant deserialisation does not match spec for non-normal data (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) redhat-upgrade-glib2 redhat-upgrade-glib2-debuginfo redhat-upgrade-glib2-debugsource redhat-upgrade-glib2-devel redhat-upgrade-glib2-devel-debuginfo redhat-upgrade-glib2-doc redhat-upgrade-glib2-static redhat-upgrade-glib2-tests redhat-upgrade-glib2-tests-debuginfo redhat-upgrade-mingw32-glib2 redhat-upgrade-mingw32-glib2-debuginfo redhat-upgrade-mingw32-glib2-static redhat-upgrade-mingw64-glib2 redhat-upgrade-mingw64-glib2-debuginfo redhat-upgrade-mingw64-glib2-static References CVE-2023-32665 RHSA-2023:6631 RHSA-2024:2528

Alpine Linux: CVE-2023-32665: Deserialization of Untrusted Data Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) alpine-linux-upgrade-glib References https://attackerkb.com/topics/cve-2023-32665 CVE - 2023-32665 https://security.alpinelinux.org/vuln/CVE-2023-32665

VMware Photon OS: CVE-2023-32611 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611

Alpine Linux: CVE-2023-25584: Out-of-bounds Read Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:N/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Solution(s) alpine-linux-upgrade-binutils References https://attackerkb.com/topics/cve-2023-25584 CVE - 2023-25584 https://security.alpinelinux.org/vuln/CVE-2023-25584

Debian: CVE-2023-32611: glib2.0 -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 09/14/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) debian-upgrade-glib2-0 References https://attackerkb.com/topics/cve-2023-32611 CVE - 2023-32611 DLA-3583-1

Alpine Linux: CVE-2023-32643: Out-of-bounds Write Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/14/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Solution(s) alpine-linux-upgrade-glib References https://attackerkb.com/topics/cve-2023-32643 CVE - 2023-32643 https://security.alpinelinux.org/vuln/CVE-2023-32643

Alpine Linux: CVE-2023-4039: Vulnerability in Multiple Components Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/13/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. Solution(s) alpine-linux-upgrade-gcc References https://attackerkb.com/topics/cve-2023-4039 CVE - 2023-4039 https://security.alpinelinux.org/vuln/CVE-2023-4039

Cisco IOS-XR: CVE-2023-20191: Cisco IOS XR Software Access Control List Bypass Vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/13/2023 Created 09/14/2023 Added 09/14/2023 Modified 11/04/2024 Description A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . Solution(s) update-xros References https://attackerkb.com/topics/cve-2023-20191 CVE - 2023-20191 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF cisco-sa-dnx-acl-PyzDkeYF

Google Chrome Vulnerability: CVE-2023-4907 Inappropriate implementation in Intents Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/13/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4907 CVE - 2023-4907 https://crbug.com/1462104

SUSE: CVE-2023-4039: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/13/2023 Created 09/20/2023 Added 09/19/2023 Modified 01/28/2025 Description **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. Solution(s) suse-upgrade-cpp12 suse-upgrade-cpp13 suse-upgrade-cpp7 suse-upgrade-cross-aarch64-gcc12-bootstrap suse-upgrade-cross-aarch64-gcc7 suse-upgrade-cross-aarch64-gcc7-icecream-backend suse-upgrade-cross-arm-gcc12 suse-upgrade-cross-arm-gcc12-icecream-backend suse-upgrade-cross-arm-gcc7 suse-upgrade-cross-arm-none-gcc12-bootstrap suse-upgrade-cross-arm-none-gcc7-bootstrap suse-upgrade-cross-avr-gcc12-bootstrap suse-upgrade-cross-avr-gcc7-bootstrap suse-upgrade-cross-epiphany-gcc12-bootstrap suse-upgrade-cross-epiphany-gcc7-bootstrap suse-upgrade-cross-hppa-gcc12 suse-upgrade-cross-hppa-gcc12-bootstrap suse-upgrade-cross-hppa-gcc12-icecream-backend suse-upgrade-cross-hppa-gcc7 suse-upgrade-cross-hppa-gcc7-icecream-backend suse-upgrade-cross-i386-gcc7 suse-upgrade-cross-i386-gcc7-icecream-backend suse-upgrade-cross-m68k-gcc12 suse-upgrade-cross-m68k-gcc12-icecream-backend suse-upgrade-cross-m68k-gcc7 suse-upgrade-cross-m68k-gcc7-icecream-backend suse-upgrade-cross-mips-gcc12 suse-upgrade-cross-mips-gcc12-icecream-backend suse-upgrade-cross-mips-gcc7 suse-upgrade-cross-mips-gcc7-icecream-backend suse-upgrade-cross-nvptx-gcc12 suse-upgrade-cross-nvptx-gcc13 suse-upgrade-cross-nvptx-gcc7 suse-upgrade-cross-nvptx-newlib12-devel suse-upgrade-cross-nvptx-newlib13-devel suse-upgrade-cross-nvptx-newlib7-devel suse-upgrade-cross-ppc64-gcc12 suse-upgrade-cross-ppc64-gcc12-icecream-backend suse-upgrade-cross-ppc64-gcc7 suse-upgrade-cross-ppc64-gcc7-icecream-backend suse-upgrade-cross-ppc64le-gcc12 suse-upgrade-cross-ppc64le-gcc12-icecream-backend suse-upgrade-cross-ppc64le-gcc7 suse-upgrade-cross-ppc64le-gcc7-icecream-backend suse-upgrade-cross-riscv64-elf-gcc12-bootstrap suse-upgrade-cross-riscv64-gcc12-bootstrap suse-upgrade-cross-rx-gcc12-bootstrap suse-upgrade-cross-rx-gcc7-bootstrap suse-upgrade-cross-s390x-gcc12 suse-upgrade-cross-s390x-gcc12-icecream-backend suse-upgrade-cross-s390x-gcc7 suse-upgrade-cross-s390x-gcc7-icecream-backend suse-upgrade-cross-sparc-gcc12 suse-upgrade-cross-sparc-gcc7 suse-upgrade-cross-sparc64-gcc12 suse-upgrade-cross-sparc64-gcc12-icecream-backend suse-upgrade-cross-sparc64-gcc7 suse-upgrade-cross-sparc64-gcc7-icecream-backend suse-upgrade-cross-sparcv9-gcc12-icecream-backend suse-upgrade-cross-sparcv9-gcc7-icecream-backend suse-upgrade-cross-x86_64-gcc12 suse-upgrade-cross-x86_64-gcc12-icecream-backend suse-upgrade-cross-x86_64-gcc7 suse-upgrade-cross-x86_64-gcc7-icecream-backend suse-upgrade-gcc12 suse-upgrade-gcc12-32bit suse-upgrade-gcc12-ada suse-upgrade-gcc12-ada-32bit suse-upgrade-gcc12-c suse-upgrade-gcc12-c-32bit suse-upgrade-gcc12-d suse-upgrade-gcc12-d-32bit suse-upgrade-gcc12-fortran suse-upgrade-gcc12-fortran-32bit suse-upgrade-gcc12-go suse-upgrade-gcc12-go-32bit suse-upgrade-gcc12-info suse-upgrade-gcc12-locale suse-upgrade-gcc12-obj-c suse-upgrade-gcc12-obj-c-32bit suse-upgrade-gcc12-objc suse-upgrade-gcc12-objc-32bit suse-upgrade-gcc12-pie suse-upgrade-gcc12-testresults suse-upgrade-gcc13 suse-upgrade-gcc13-32bit suse-upgrade-gcc13-ada suse-upgrade-gcc13-ada-32bit suse-upgrade-gcc13-c suse-upgrade-gcc13-c-32bit suse-upgrade-gcc13-d suse-upgrade-gcc13-d-32bit suse-upgrade-gcc13-fortran suse-upgrade-gcc13-fortran-32bit suse-upgrade-gcc13-go suse-upgrade-gcc13-go-32bit suse-upgrade-gcc13-info suse-upgrade-gcc13-locale suse-upgrade-gcc13-m2 suse-upgrade-gcc13-m2-32bit suse-upgrade-gcc13-obj-c suse-upgrade-gcc13-obj-c-32bit suse-upgrade-gcc13-objc suse-upgrade-gcc13-objc-32bit suse-upgrade-gcc13-pie suse-upgrade-gcc7 suse-upgrade-gcc7-32bit suse-upgrade-gcc7-ada suse-upgrade-gcc7-ada-32bit suse-upgrade-gcc7-c suse-upgrade-gcc7-c-32bit suse-upgrade-gcc7-fortran suse-upgrade-gcc7-fortran-32bit suse-upgrade-gcc7-go suse-upgrade-gcc7-go-32bit suse-upgrade-gcc7-info suse-upgrade-gcc7-locale suse-upgrade-gcc7-obj-c suse-upgrade-gcc7-obj-c-32bit suse-upgrade-gcc7-objc suse-upgrade-gcc7-objc-32bit suse-upgrade-gcc7-testresults suse-upgrade-libada12 suse-upgrade-libada12-32bit suse-upgrade-libada13 suse-upgrade-libada13-32bit suse-upgrade-libada7 suse-upgrade-libada7-32bit suse-upgrade-libasan4 suse-upgrade-libasan4-32bit suse-upgrade-libasan8 suse-upgrade-libasan8-32bit suse-upgrade-libatomic1 suse-upgrade-libatomic1-32bit suse-upgrade-libatomic1-gcc7 suse-upgrade-libatomic1-gcc7-32bit suse-upgrade-libcilkrts5 suse-upgrade-libcilkrts5-32bit suse-upgrade-libgcc_s1 suse-upgrade-libgcc_s1-32bit suse-upgrade-libgcc_s1-gcc7 suse-upgrade-libgcc_s1-gcc7-32bit suse-upgrade-libgdruntime3 suse-upgrade-libgdruntime3-32bit suse-upgrade-libgdruntime4 suse-upgrade-libgdruntime4-32bit suse-upgrade-libgfortran4 suse-upgrade-libgfortran4-32bit suse-upgrade-libgfortran5 suse-upgrade-libgfortran5-32bit suse-upgrade-libgo11 suse-upgrade-libgo11-32bit suse-upgrade-libgo21 suse-upgrade-libgo21-32bit suse-upgrade-libgo22 suse-upgrade-libgo22-32bit suse-upgrade-libgomp1 suse-upgrade-libgomp1-32bit suse-upgrade-libgomp1-gcc7 suse-upgrade-libgomp1-gcc7-32bit suse-upgrade-libgphobos3 suse-upgrade-libgphobos3-32bit suse-upgrade-libgphobos4 suse-upgrade-libgphobos4-32bit suse-upgrade-libhwasan0 suse-upgrade-libitm1 suse-upgrade-libitm1-32bit suse-upgrade-libitm1-gcc7 suse-upgrade-libitm1-gcc7-32bit suse-upgrade-liblsan0 suse-upgrade-liblsan0-gcc7 suse-upgrade-libm2cor18 suse-upgrade-libm2cor18-32bit suse-upgrade-libm2iso18 suse-upgrade-libm2iso18-32bit suse-upgrade-libm2log18 suse-upgrade-libm2log18-32bit suse-upgrade-libm2min18 suse-upgrade-libm2min18-32bit suse-upgrade-libm2pim18 suse-upgrade-libm2pim18-32bit suse-upgrade-libmpx2-gcc7 suse-upgrade-libmpx2-gcc7-32bit suse-upgrade-libmpxwrappers2-gcc7 suse-upgrade-libmpxwrappers2-gcc7-32bit suse-upgrade-libobjc4 suse-upgrade-libobjc4-32bit suse-upgrade-libobjc4-gcc7 suse-upgrade-libobjc4-gcc7-32bit suse-upgrade-libquadmath0 suse-upgrade-libquadmath0-32bit suse-upgrade-libquadmath0-gcc7 suse-upgrade-libquadmath0-gcc7-32bit suse-upgrade-libstdc-6 suse-upgrade-libstdc-6-32bit suse-upgrade-libstdc-6-devel-gcc12 suse-upgrade-libstdc-6-devel-gcc12-32bit suse-upgrade-libstdc-6-devel-gcc13 suse-upgrade-libstdc-6-devel-gcc13-32bit suse-upgrade-libstdc-6-devel-gcc7 suse-upgrade-libstdc-6-devel-gcc7-32bit suse-upgrade-libstdc-6-gcc7 suse-upgrade-libstdc-6-gcc7-32bit suse-upgrade-libstdc-6-gcc7-locale suse-upgrade-libstdc-6-locale suse-upgrade-libstdc-6-pp suse-upgrade-libstdc-6-pp-32bit suse-upgrade-libtsan0-gcc7 suse-upgrade-libtsan2 suse-upgrade-libubsan0 suse-upgrade-libubsan0-32bit suse-upgrade-libubsan1 suse-upgrade-libubsan1-32bit References https://attackerkb.com/topics/cve-2023-4039 CVE - 2023-4039

Amazon Linux 2023: CVE-2023-36792: Important priority package update for dotnet6.0 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 09/13/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Visual Studio Remote Code Execution Vulnerability A vulnerability was found in dotnet. This issue can lead to a Heap-based out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-6-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet6-0-debuginfo amazon-linux-2023-upgrade-dotnet6-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-6-0 amazon-linux-2023-upgrade-dotnet-hostfxr-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-6-0 amazon-linux-2023-upgrade-dotnet-runtime-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0 amazon-linux-2023-upgrade-dotnet-sdk-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet-templates-6-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-36792 CVE - 2023-36792 https://alas.aws.amazon.com/AL2023/ALAS-2023-369.html

SUSE: CVE-2023-4155: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 09/13/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4155 CVE - 2023-4155

Microsoft Exchange: CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:S/C:C/I:N/A:N) Published 09/13/2023 Created 10/04/2023 Added 09/13/2023 Modified 01/28/2025 Description Microsoft Exchange: CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability Solution(s) microsoft-exchange-exchange_server_2016_CU23-kb5030524 microsoft-exchange-exchange_server_2019_CU12-kb5030524 microsoft-exchange-exchange_server_2019_CU13-kb5030524 References https://attackerkb.com/topics/cve-2023-36777 CVE - 2023-36777 https://support.microsoft.com/help/5030524

Microsoft Exchange: CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:L/Au:S/C:C/I:C/A:C) Published 09/13/2023 Created 10/04/2023 Added 09/13/2023 Modified 01/28/2025 Description Microsoft Exchange: CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability Solution(s) microsoft-exchange-exchange_server_2016_CU23-kb5030524 microsoft-exchange-exchange_server_2019_CU12-kb5030524 microsoft-exchange-exchange_server_2019_CU13-kb5030524 References https://attackerkb.com/topics/cve-2023-36745 CVE - 2023-36745 https://support.microsoft.com/help/5030524

Microsoft Exchange: CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:A/AC:L/Au:S/C:C/I:C/A:C) Published 09/13/2023 Created 10/04/2023 Added 09/13/2023 Modified 01/28/2025 Description Microsoft Exchange: CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability Solution(s) microsoft-exchange-exchange_server_2016_CU23-kb5030524 microsoft-exchange-exchange_server_2019_CU12-kb5030524 microsoft-exchange-exchange_server_2019_CU13-kb5030524 References https://attackerkb.com/topics/cve-2023-36756 CVE - 2023-36756 https://support.microsoft.com/help/5030524

Ubuntu: (Multiple Advisories) (CVE-2023-3301): QEMU vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 09/13/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/28/2025 Description A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. Solution(s) ubuntu-upgrade-qemu ubuntu-upgrade-qemu-system ubuntu-upgrade-qemu-system-arm ubuntu-upgrade-qemu-system-mips ubuntu-upgrade-qemu-system-misc ubuntu-upgrade-qemu-system-ppc ubuntu-upgrade-qemu-system-s390x ubuntu-upgrade-qemu-system-sparc ubuntu-upgrade-qemu-system-x86 ubuntu-upgrade-qemu-system-x86-microvm ubuntu-upgrade-qemu-system-x86-xen ubuntu-upgrade-qemu-system-xen References https://attackerkb.com/topics/cve-2023-3301 CVE - 2023-3301 USN-6567-1 USN-6567-2

Craft CMS unauthenticated Remote Code Execution (RCE) Disclosed 09/13/2023 Created 12/22/2023 Description This module exploits Remote Code Execution vulnerability (CVE-2023-41892) in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 areaffected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application. The vulnerability occurs using a PHP object creation in the `\craft\controllers\ConditionsController` class which allows to run arbitrary PHP code by escalating the object creation calling some methods available in `\GuzzleHttp\Psr7\FnStream`. Using this vulnerability in combination with The Imagick Extension and MSL which stands for Magick Scripting Language, a full RCE can be achieved. MSL is a built-in ImageMagick language that facilitates the reading of images, performance of image processing tasks, and writing of results back to the filesystem. This can be leveraged to create a dummy image containing malicious PHP code using the Imagick constructor class delivering a webshell that can be accessed by the attacker, thereby executing the malicious PHP code and gaining access to the system. Because of this, any remote attacker, without authentication, can exploit this vulnerability to gain access to the underlying operating system as the user that the web services are running as (typically www-data). Author(s) h00die-gr3y <[email protected]> Thanh chybeta Platform Linux,PHP,Unix Architectures cmd, php, x64, x86 Development Source Code History