ISHACK AI BOT

Ubuntu: (CVE-2023-4208): linux vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-6-2 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-6-2 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fde-6-2 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-6-2 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-hwe-6-2 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-15 ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-lowlatency-hwe-6-2 ubuntu-upgrade-linux-lts-xenial ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oem-6-1 ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv ubuntu-upgrade-linux-riscv-5-15 ubuntu-upgrade-linux-starfive ubuntu-upgrade-linux-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-4208 CVE - 2023-4208 https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 https://kernel.dance/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 https://www.cve.org/CVERecord?id=CVE-2023-4208

Huawei EulerOS: CVE-2023-4208: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4208 CVE - 2023-4208 EulerOS-SA-2023-3217

Ubuntu: (CVE-2023-4207): linux vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-6-2 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-6-2 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fde-6-2 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-6-2 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-hwe-6-2 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-15 ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-lowlatency-hwe-6-2 ubuntu-upgrade-linux-lts-xenial ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oem-6-1 ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv ubuntu-upgrade-linux-riscv-5-15 ubuntu-upgrade-linux-starfive ubuntu-upgrade-linux-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-4207 CVE - 2023-4207 https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec https://kernel.dance/76e42ae831991c828cffa8c37736ebfb831ad5ec https://www.cve.org/CVERecord?id=CVE-2023-4207

Ubuntu: (Multiple Advisories) (CVE-2023-4622): Linux kernel (OEM) vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1125-oracle ubuntu-upgrade-linux-image-4-15-0-1146-kvm ubuntu-upgrade-linux-image-4-15-0-1156-gcp ubuntu-upgrade-linux-image-4-15-0-1162-aws ubuntu-upgrade-linux-image-4-15-0-1171-azure ubuntu-upgrade-linux-image-4-15-0-219-generic ubuntu-upgrade-linux-image-4-15-0-219-lowlatency ubuntu-upgrade-linux-image-4-4-0-1124-aws ubuntu-upgrade-linux-image-4-4-0-1125-kvm ubuntu-upgrade-linux-image-4-4-0-1162-aws ubuntu-upgrade-linux-image-4-4-0-246-generic ubuntu-upgrade-linux-image-4-4-0-246-lowlatency ubuntu-upgrade-linux-image-5-15-0-1031-gkeop ubuntu-upgrade-linux-image-5-15-0-1039-nvidia ubuntu-upgrade-linux-image-5-15-0-1039-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1041-ibm ubuntu-upgrade-linux-image-5-15-0-1041-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1045-gcp ubuntu-upgrade-linux-image-5-15-0-1045-gke ubuntu-upgrade-linux-image-5-15-0-1045-kvm ubuntu-upgrade-linux-image-5-15-0-1046-oracle ubuntu-upgrade-linux-image-5-15-0-1048-aws ubuntu-upgrade-linux-image-5-15-0-1050-azure ubuntu-upgrade-linux-image-5-15-0-1050-azure-fde ubuntu-upgrade-linux-image-5-15-0-87-generic ubuntu-upgrade-linux-image-5-15-0-87-generic-64k ubuntu-upgrade-linux-image-5-15-0-87-generic-lpae ubuntu-upgrade-linux-image-5-15-0-87-lowlatency ubuntu-upgrade-linux-image-5-15-0-87-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1024-iot ubuntu-upgrade-linux-image-5-4-0-1032-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1059-ibm ubuntu-upgrade-linux-image-5-4-0-1073-bluefield ubuntu-upgrade-linux-image-5-4-0-1079-gkeop ubuntu-upgrade-linux-image-5-4-0-1096-raspi ubuntu-upgrade-linux-image-5-4-0-1101-kvm ubuntu-upgrade-linux-image-5-4-0-1111-oracle ubuntu-upgrade-linux-image-5-4-0-1112-aws ubuntu-upgrade-linux-image-5-4-0-1116-gcp ubuntu-upgrade-linux-image-5-4-0-1118-azure ubuntu-upgrade-linux-image-5-4-0-165-generic ubuntu-upgrade-linux-image-5-4-0-165-generic-lpae ubuntu-upgrade-linux-image-5-4-0-165-lowlatency ubuntu-upgrade-linux-image-6-1-0-1023-oem ubuntu-upgrade-linux-image-6-2-0-1007-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1014-aws ubuntu-upgrade-linux-image-6-2-0-1014-oracle ubuntu-upgrade-linux-image-6-2-0-1015-azure ubuntu-upgrade-linux-image-6-2-0-1015-azure-fde ubuntu-upgrade-linux-image-6-2-0-1015-kvm ubuntu-upgrade-linux-image-6-2-0-1015-lowlatency ubuntu-upgrade-linux-image-6-2-0-1015-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1015-raspi ubuntu-upgrade-linux-image-6-2-0-1017-gcp ubuntu-upgrade-linux-image-6-2-0-35-generic ubuntu-upgrade-linux-image-6-2-0-35-generic-64k ubuntu-upgrade-linux-image-6-2-0-35-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-4622 CVE - 2023-4622 USN-6415-1 USN-6439-1 USN-6439-2 USN-6440-1 USN-6440-2 USN-6440-3 USN-6441-1 USN-6441-2 USN-6441-3 USN-6442-1 USN-6444-1 USN-6444-2 USN-6445-1 USN-6445-2 USN-6446-1 USN-6446-2 USN-6446-3 USN-6466-1 View more

Huawei EulerOS: CVE-2023-4206: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-4206 CVE - 2023-4206 EulerOS-SA-2024-1144

Red Hat: CVE-2023-41910: lldpd: CDP PDU Packet cdp.c out-of-bounds read (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/05/2023 Created 11/14/2024 Added 11/13/2024 Modified 11/26/2024 Description An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. Solution(s) redhat-upgrade-lldpd redhat-upgrade-lldpd-debuginfo redhat-upgrade-lldpd-debugsource redhat-upgrade-lldpd-devel References CVE-2023-41910 RHSA-2024:9158

Oracle Linux: CVE-2023-41909: ELSA-2024-2981:frr security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/05/2023 Created 05/21/2024 Added 05/15/2024 Modified 01/07/2025 Description An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. A flaw was found in frr. Processing a malformed request with no attributes may cause a NULL pointer dereference, resulting in a denial of service. Solution(s) oracle-linux-upgrade-frr oracle-linux-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-41909 CVE - 2023-41909 ELSA-2024-2981 ELSA-2024-2156

Oracle Linux: CVE-2023-4921: ELSA-2023-13043: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/05/2023 Created 12/20/2023 Added 12/14/2023 Modified 01/23/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. A use-after-free flaw was found in qfq_dequeue and agg_dequeue in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-4921 CVE - 2023-4921 ELSA-2023-13043 ELSA-2024-12169 ELSA-2024-0897 ELSA-2024-1249 ELSA-2024-12110 ELSA-2024-1831 View more

SUSE: CVE-2023-39516: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 09/05/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the 'General Administration>Sites/Devices/Data' permissions can configure the data source path in Cacti. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. The same page can be used for previewing the data source path. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually escape HTML output. Solution(s) suse-upgrade-cacti suse-upgrade-cacti-spine References https://attackerkb.com/topics/cve-2023-39516 CVE - 2023-39516

SUSE: CVE-2023-41909: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/05/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. Solution(s) suse-upgrade-frr suse-upgrade-frr-devel suse-upgrade-libfrr0 suse-upgrade-libfrr_pb0 suse-upgrade-libfrrcares0 suse-upgrade-libfrrfpm_pb0 suse-upgrade-libfrrgrpc_pb0 suse-upgrade-libfrrospfapiclient0 suse-upgrade-libfrrsnmp0 suse-upgrade-libfrrzmq0 suse-upgrade-libmlag_pb0 References https://attackerkb.com/topics/cve-2023-41909 CVE - 2023-41909

SUSE: CVE-2023-39360: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/05/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. Solution(s) suse-upgrade-cacti suse-upgrade-cacti-spine References https://attackerkb.com/topics/cve-2023-39360 CVE - 2023-39360

SUSE: CVE-2023-39362: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/05/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-cacti suse-upgrade-cacti-spine References https://attackerkb.com/topics/cve-2023-39362 CVE - 2023-39362

SUSE: CVE-2023-39515: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 09/05/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. Solution(s) suse-upgrade-cacti suse-upgrade-cacti-spine References https://attackerkb.com/topics/cve-2023-39515 CVE - 2023-39515

Oracle Linux: CVE-2023-42465: ELSA-2024-0811:sudo security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 09/05/2023 Created 02/16/2024 Added 02/14/2024 Modified 12/18/2024 Description Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user. Solution(s) oracle-linux-upgrade-sudo oracle-linux-upgrade-sudo-python-plugin References https://attackerkb.com/topics/cve-2023-42465 CVE - 2023-42465 ELSA-2024-0811

Oracle Linux: CVE-2023-41910: ELSA-2024-9158:lldpd security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/05/2023 Created 11/23/2024 Added 11/21/2024 Modified 11/29/2024 Description An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. A flaw was found in lldpd due to an out-of-bounds read in cdp_decode at daemon/protocols/cdp.c. By sending a specially crafted CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a remote attacker could cause a denial of service. Solution(s) oracle-linux-upgrade-lldpd oracle-linux-upgrade-lldpd-devel References https://attackerkb.com/topics/cve-2023-41910 CVE - 2023-41910 ELSA-2024-9158

Alma Linux: CVE-2023-41909: Moderate: frr security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/05/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-41909 CVE - 2023-41909 https://errata.almalinux.org/8/ALSA-2024-2981.html https://errata.almalinux.org/9/ALSA-2024-2156.html

Ubuntu: USN-6470-1 (CVE-2023-40743): Axis vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/05/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/30/2025 Description ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch fromhttps://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. Solution(s) ubuntu-pro-upgrade-libaxis-java ubuntu-pro-upgrade-libaxis-java-doc References https://attackerkb.com/topics/cve-2023-40743 CVE - 2023-40743 USN-6470-1

Microsoft Edge Chromium: CVE-2023-4761 Out of bounds memory access in FedCM Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 09/05/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4761 CVE - 2023-4761 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4761

Alpine Linux: CVE-2023-39360: Cross-site Scripting Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. Solution(s) alpine-linux-upgrade-cacti References https://attackerkb.com/topics/cve-2023-39360 CVE - 2023-39360 https://security.alpinelinux.org/vuln/CVE-2023-39360

Alpine Linux: CVE-2023-39362: OS Command Injection Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-cacti References https://attackerkb.com/topics/cve-2023-39362 CVE - 2023-39362 https://security.alpinelinux.org/vuln/CVE-2023-39362

Alpine Linux: CVE-2023-39359: SQL Injection Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 09/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-cacti References https://attackerkb.com/topics/cve-2023-39359 CVE - 2023-39359 https://security.alpinelinux.org/vuln/CVE-2023-39359

SUSE: CVE-2023-32643: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/05/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Solution(s) suse-upgrade-glib2-devel suse-upgrade-glib2-lang suse-upgrade-glib2-tools suse-upgrade-libgio-2_0-0 suse-upgrade-libgio-2_0-0-32bit suse-upgrade-libglib-2_0-0 suse-upgrade-libglib-2_0-0-32bit suse-upgrade-libgmodule-2_0-0 suse-upgrade-libgmodule-2_0-0-32bit suse-upgrade-libgobject-2_0-0 suse-upgrade-libgobject-2_0-0-32bit suse-upgrade-libgthread-2_0-0 References https://attackerkb.com/topics/cve-2023-32643 CVE - 2023-32643

Amazon Linux AMI: CVE-2023-39362: Security patch for cacti (ALAS-2023-1862) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/05/2023 Created 10/27/2023 Added 10/25/2023 Modified 01/28/2025 Description Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-upgrade-cacti References ALAS-2023-1862 CVE-2023-39362

Amazon Linux AMI: CVE-2023-40743: Security patch for axis (ALAS-2023-1840) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/05/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch fromhttps://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. Solution(s) amazon-linux-upgrade-axis References ALAS-2023-1840 CVE-2023-40743

Debian: CVE-2023-4761: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 09/05/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4761 CVE - 2023-4761 DSA-5491-1