ISHACK AI BOT

Gentoo Linux: CVE-2023-40567: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40567 CVE - 2023-40567 202401-16

Gentoo Linux: CVE-2023-40575: FreeRDP: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40575 CVE - 2023-40575 202401-16

Gentoo Linux: CVE-2023-40589: FreeRDP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40589 CVE - 2023-40589 202401-16

Gentoo Linux: CVE-2023-40181: FreeRDP: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/30/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-40181 CVE - 2023-40181 202401-16

Alma Linux: CVE-2023-39351: Moderate: freerdp security update (ALSA-2024-2208) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling.Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alma-upgrade-freerdp alma-upgrade-freerdp-devel alma-upgrade-freerdp-libs alma-upgrade-libwinpr alma-upgrade-libwinpr-devel References https://attackerkb.com/topics/cve-2023-39351 CVE - 2023-39351 https://errata.almalinux.org/9/ALSA-2024-2208.html

Gentoo Linux: CVE-2023-39356: FreeRDP: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-39356 CVE - 2023-39356 202401-16

Gentoo Linux: CVE-2023-39354: FreeRDP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` withoutchecking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-39354 CVE - 2023-39354 202401-16

Gentoo Linux: CVE-2023-39352: FreeRDP: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 01/16/2024 Added 01/15/2024 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and`surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-net-misc-freerdp References https://attackerkb.com/topics/cve-2023-39352 CVE - 2023-39352 202401-16

Debian: CVE-2023-39355: freerdp2 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-freerdp2 References https://attackerkb.com/topics/cve-2023-39355 CVE - 2023-39355 DLA-3606-1

Red Hat: CVE-2023-20900: SAML token signature bypass (Multiple Advisories) Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 08/31/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description A malicious actor that has been grantedGuest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privilegedGuest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Solution(s) redhat-upgrade-open-vm-tools redhat-upgrade-open-vm-tools-debuginfo redhat-upgrade-open-vm-tools-debugsource redhat-upgrade-open-vm-tools-desktop redhat-upgrade-open-vm-tools-desktop-debuginfo redhat-upgrade-open-vm-tools-devel redhat-upgrade-open-vm-tools-salt-minion redhat-upgrade-open-vm-tools-sdmp redhat-upgrade-open-vm-tools-sdmp-debuginfo redhat-upgrade-open-vm-tools-test redhat-upgrade-open-vm-tools-test-debuginfo References CVE-2023-20900 RHSA-2023:5217 RHSA-2023:5218 RHSA-2023:5220 RHSA-2023:5312 RHSA-2023:5313

Ubuntu: (Multiple Advisories) (CVE-2023-4575): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4575 CVE - 2023-4575 USN-6320-1 USN-6368-1

Ubuntu: (Multiple Advisories) (CVE-2023-4574): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4574 CVE - 2023-4574 USN-6320-1 USN-6368-1

Ubuntu: (Multiple Advisories) (CVE-2023-4585): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4585 CVE - 2023-4585 USN-6320-1 USN-6405-1

Ubuntu: USN-6474-1 (CVE-2023-40184): xrdp vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/30/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/30/2025 Description xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue. Solution(s) ubuntu-pro-upgrade-xrdp References https://attackerkb.com/topics/cve-2023-40184 CVE - 2023-40184 USN-6474-1

Ubuntu: (Multiple Advisories) (CVE-2023-4577): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4577 CVE - 2023-4577 USN-6320-1 USN-6405-1

Ubuntu: USN-6320-1 (CVE-2023-4579): Firefox vulnerabilities Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-4579 CVE - 2023-4579 USN-6320-1

Debian: CVE-2023-41175: tiff -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/30/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-41175 CVE - 2023-41175 DLA-3513-1

FreeBSD: VID-482BB980-99A3-11EE-B5F7-6BD56600D90C: gitea -- missing permission checks Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/30/2023 Created 12/28/2023 Added 12/22/2023 Modified 01/01/2024 Description The Gitea team reports: Fix missing check Do some missing checks By crafting an API request, attackers can access the contents of issues even though the logged-in user does not have access rights to these issues. Solution(s) freebsd-upgrade-package-gitea

Ubuntu: (Multiple Advisories) (CVE-2023-4573): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4573 CVE - 2023-4573 USN-6320-1 USN-6368-1

Amazon Linux 2023: CVE-2023-39189: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:P) Published 08/30/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-55-75-123 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39189 CVE - 2023-39189 https://alas.aws.amazon.com/AL2023/ALAS-2023-356.html

Alpine Linux: CVE-2023-41040: Path Traversal Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:P) Published 08/30/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/10/2024 Description GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has been addressed in version 3.1.37. Solution(s) alpine-linux-upgrade-py3-gitpython References https://attackerkb.com/topics/cve-2023-41040 CVE - 2023-41040 https://security.alpinelinux.org/vuln/CVE-2023-41040

Ubuntu: (Multiple Advisories) (CVE-2023-4580): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4580 CVE - 2023-4580 USN-6320-1 USN-6405-1

Ubuntu: (Multiple Advisories) (CVE-2023-4584): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4584 CVE - 2023-4584 USN-6320-1 USN-6368-1

Ubuntu: (Multiple Advisories) (CVE-2023-4578): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4578 CVE - 2023-4578 USN-6320-1 USN-6405-1

Ubuntu: (Multiple Advisories) (CVE-2023-4583): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/30/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/28/2025 Description When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4583 CVE - 2023-4583 USN-6320-1 USN-6405-1