ISHACK AI BOT

Oracle Linux: CVE-2023-40181: ELSA-2024-2208:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/01/2023 Created 05/22/2024 Added 05/07/2024 Modified 11/30/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181 ELSA-2024-2208

Huawei EulerOS: CVE-2023-4735: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-4735 CVE - 2023-4735 EulerOS-SA-2023-3288

VMware Photon OS: CVE-2023-4736 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4736 CVE - 2023-4736

Alpine Linux: CVE-2023-4734: Integer Overflow or Wraparound Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/01/2024 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-4734 CVE - 2023-4734 https://security.alpinelinux.org/vuln/CVE-2023-4734

VMware Photon OS: CVE-2023-4735 Severity 4 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:P) Published 09/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4735 CVE - 2023-4735

VMware Photon OS: CVE-2023-4734 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4734 CVE - 2023-4734

SUSE: CVE-2023-4738: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 10/04/2023 Added 10/04/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-4738 CVE - 2023-4738

Oracle Linux: CVE-2023-4732: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 09/02/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-4732 CVE - 2023-4732 ELSA-2023-7077

Huawei EulerOS: CVE-2023-4734: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Solution(s) huawei-euleros-2_0_sp9-upgrade-vim-common huawei-euleros-2_0_sp9-upgrade-vim-enhanced huawei-euleros-2_0_sp9-upgrade-vim-filesystem huawei-euleros-2_0_sp9-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-4734 CVE - 2023-4734 EulerOS-SA-2023-3352

Huawei EulerOS: CVE-2023-4738: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-4738 CVE - 2023-4738 EulerOS-SA-2023-3288

Amazon Linux 2023: CVE-2023-4734: Important priority package update for vim Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 09/02/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-4734 CVE - 2023-4734 https://alas.aws.amazon.com/AL2023/ALAS-2023-360.html

Amazon Linux AMI 2: CVE-2023-36328: Security patch for libtommath (ALASANSIBLE2-2023-010) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/01/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Solution(s) amazon-linux-ami-2-upgrade-libtommath amazon-linux-ami-2-upgrade-libtommath-debuginfo amazon-linux-ami-2-upgrade-libtommath-devel References https://attackerkb.com/topics/cve-2023-36328 AL2/ALASANSIBLE2-2023-010 CVE - 2023-36328

Huawei EulerOS: CVE-2023-36328: libtommath security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/01/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Solution(s) huawei-euleros-2_0_sp9-upgrade-libtommath References https://attackerkb.com/topics/cve-2023-36328 CVE - 2023-36328 EulerOS-SA-2023-3340

IBM AIX: tcl_advisory (CVE-2023-36328): Vulnerability in tcl affects AIX Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/01/2023 Created 11/09/2024 Added 11/08/2024 Modified 01/28/2025 Description Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Solution(s) ibm-aix-tcl_advisory References https://attackerkb.com/topics/cve-2023-36328 CVE - 2023-36328 https://aix.software.ibm.com/aix/efixes/security/tcl_advisory.asc

Huawei EulerOS: CVE-2023-36328: libtommath security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/01/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Solution(s) huawei-euleros-2_0_sp8-upgrade-libtommath References https://attackerkb.com/topics/cve-2023-36328 CVE - 2023-36328 EulerOS-SA-2024-1278

FreeBSD: VID-E59FED96-60DA-11EE-9102-000C29DE725B (CVE-2023-3550): mediawiki -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:N) Published 09/01/2023 Created 10/04/2023 Added 10/02/2023 Modified 01/28/2025 Description Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. Solution(s) freebsd-upgrade-package-mediawiki135 freebsd-upgrade-package-mediawiki139 freebsd-upgrade-package-mediawiki140 References CVE-2023-3550

Fortinet FortiAnalyzer: Improper Certificate Validation (CVE-2022-22305) Severity 4 CVSS (AV:A/AC:M/Au:N/C:P/I:P/A:N) Published 09/01/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. Solution(s) fortinet-fortianalyzer-upgrade-latest References https://attackerkb.com/topics/cve-2022-22305 CVE - 2022-22305 https://fortiguard.com/psirt/FG-IR-18-292

Oracle Linux: CVE-2023-40567: ELSA-2024-2208:freerdp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/01/2023 Created 05/22/2024 Added 05/07/2024 Modified 11/30/2024 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. A flaw was found in FreeRDP. Improper validation in the `clear_decompress_bands_data` function may allow for an out-of-bounds write, resulting in a crash. Solution(s) oracle-linux-upgrade-freerdp oracle-linux-upgrade-freerdp-devel oracle-linux-upgrade-freerdp-libs oracle-linux-upgrade-libwinpr oracle-linux-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40567 CVE - 2023-40567 ELSA-2024-2208

Alpine Linux: CVE-2023-20900: Authentication Bypass by Capture-replay Severity 7 CVSS (AV:A/AC:M/Au:S/C:C/I:C/A:C) Published 08/31/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Solution(s) alpine-linux-upgrade-open-vm-tools References https://attackerkb.com/topics/cve-2023-20900 CVE - 2023-20900 https://security.alpinelinux.org/vuln/CVE-2023-20900

Amazon Linux AMI 2: CVE-2023-39353: Security patch for freerdp (ALAS-2023-2269) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-39353 AL2/ALAS-2023-2269 CVE - 2023-39353

Amazon Linux AMI 2: CVE-2023-40186: Security patch for freerdp (ALAS-2023-2269) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40186 AL2/ALAS-2023-2269 CVE - 2023-40186

Amazon Linux AMI 2: CVE-2023-40181: Security patch for freerdp (ALAS-2023-2269) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40181 AL2/ALAS-2023-2269 CVE - 2023-40181

Amazon Linux AMI 2: CVE-2023-40188: Security patch for freerdp (ALAS-2023-2269) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) amazon-linux-ami-2-upgrade-freerdp amazon-linux-ami-2-upgrade-freerdp-debuginfo amazon-linux-ami-2-upgrade-freerdp-devel amazon-linux-ami-2-upgrade-freerdp-libs amazon-linux-ami-2-upgrade-libwinpr amazon-linux-ami-2-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-40188 AL2/ALAS-2023-2269 CVE - 2023-40188

SUSE: CVE-2023-40589: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2023-40589 CVE - 2023-40589

SUSE: CVE-2023-40186: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) suse-upgrade-freerdp suse-upgrade-freerdp-devel suse-upgrade-freerdp-proxy suse-upgrade-freerdp-server suse-upgrade-freerdp-wayland suse-upgrade-libfreerdp2 suse-upgrade-libuwac0-0 suse-upgrade-libwinpr2 suse-upgrade-uwac0-0-devel suse-upgrade-winpr2-devel References https://attackerkb.com/topics/cve-2023-40186 CVE - 2023-40186