ISHACK AI BOT

SUSE: CVE-2023-4900: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4900 CVE - 2023-4900

SUSE: CVE-2023-4905: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4905 CVE - 2023-4905

Microsoft SharePoint: CVE-2023-36762: Microsoft Word Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:P) Published 09/12/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/14/2025 Description Microsoft Word Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002494 microsoft-sharepoint-sharepoint_2016-kb5002501 References https://attackerkb.com/topics/cve-2023-36762 CVE - 2023-36762 https://support.microsoft.com/help/5002494 https://support.microsoft.com/help/5002501

SUSE: CVE-2023-4907: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4907 CVE - 2023-4907

SUSE: CVE-2023-4904: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4904 CVE - 2023-4904

SUSE: CVE-2023-4921: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/12/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4921 CVE - 2023-4921

Zoom: CVE-2023-39208: Zoom Desktop Client for Linux - Improper Input Validation Severity 6 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:P) Published 09/12/2023 Created 02/20/2024 Added 02/19/2024 Modified 02/21/2024 Description Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-39208 https://www.zoom.com/en/trust/security-bulletin/ CVE - 2023-39208

CVE-2023-36766: Microsoft Excel Information Disclosure Vulnerability [Office for Mac] Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/12/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description CVE-2023-36766: Microsoft Excel Information Disclosure Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_77_0 References https://attackerkb.com/topics/cve-2023-36766 CVE - 2023-36766 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#september-12-2023

Debian: CVE-2023-4901: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4901 CVE - 2023-4901 DSA-5499-1

Debian: CVE-2023-4902: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4902 CVE - 2023-4902 DSA-5499-1

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4904): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4904

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4903): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4903

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4901): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4901

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4900): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4900

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4909): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4909

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4907): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4907

FreeBSD: (Multiple Advisories) (CVE-2023-4863): electron{24,25} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron24 freebsd-upgrade-package-electron25 freebsd-upgrade-package-tor-browser freebsd-upgrade-package-ungoogled-chromium freebsd-upgrade-package-webp References CVE-2023-4863

FreeBSD: VID-4BC66A81-89D2-4696-A04B-DEFD2EB77783 (CVE-2023-36742): vscode -- VS Code Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Visual Studio Code Remote Code Execution Vulnerability Solution(s) freebsd-upgrade-package-vscode References CVE-2023-36742

Huawei EulerOS: CVE-2023-4813: glibc security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/12/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Solution(s) huawei-euleros-2_0_sp5-upgrade-glibc huawei-euleros-2_0_sp5-upgrade-glibc-common huawei-euleros-2_0_sp5-upgrade-glibc-devel huawei-euleros-2_0_sp5-upgrade-glibc-headers huawei-euleros-2_0_sp5-upgrade-glibc-static huawei-euleros-2_0_sp5-upgrade-glibc-utils huawei-euleros-2_0_sp5-upgrade-nscd References https://attackerkb.com/topics/cve-2023-4813 CVE - 2023-4813 EulerOS-SA-2024-1139

Zoom: CVE-2023-39215: Zoom Clients - Improper Authentication Severity 8 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:C) Published 09/12/2023 Created 11/16/2023 Added 11/14/2023 Modified 01/08/2025 Description Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-39215 CVE - 2023-39215 https://explore.zoom.us/en/trust/security/security-bulletin

VMware Photon OS: CVE-2023-4900 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4900 CVE - 2023-4900

MFSA2023-40 Thunderbird: Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 (CVE-2023-4863) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/12/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) Solution(s) mozilla-thunderbird-upgrade-102_15_1 mozilla-thunderbird-upgrade-115_2_2 References https://attackerkb.com/topics/cve-2023-4863 CVE - 2023-4863 http://www.mozilla.org/security/announce/2023/mfsa2023-40.html

Gentoo Linux: CVE-2023-4909: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4909 CVE - 2023-4909 202401-34

Huawei EulerOS: CVE-2023-4921: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/12/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-4921 CVE - 2023-4921 EulerOS-SA-2024-1144

Gentoo Linux: CVE-2023-4900: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4900 CVE - 2023-4900 202401-34