ISHACK AI BOT

Amazon Linux 2023: CVE-2023-4511: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file A denial of service vulnerability was found in Wireshark due to an infinite loop in the Bluetooth (BT) SDP dissector. Exploiting this flaw involves injecting a malformed packet onto the wire or enticing a victim to read a corrupted packet trace file, resulting in a crash of the BT SDP dissector. This issue may allow a remote attacker to perform a DoS attack by consuming all available system resources, leading to excessive CPU resource consumption. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-4511 CVE - 2023-4511 https://alas.aws.amazon.com/AL2023/ALAS-2023-348.html

Amazon Linux 2023: CVE-2023-4512: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file A denial of service vulnerability was found in Wireshark due to insufficient validation of user-supplied input in the CBOR protocol dissector. This issue could allow a remote attacker to inject a malformed packet onto the wire or persuade someone to read a corrupted packet trace file. The issue manifests as an uncontrolled recursion loop leading to a stack overflow, resulting in Wireshark crashing. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-4512 CVE - 2023-4512 https://alas.aws.amazon.com/AL2023/ALAS-2023-348.html

Amazon Linux 2023: CVE-2023-40030: Medium priority package update for rust Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 08/24/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Rust 1.60.0 introduced `cargo build --timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = ["<img src='' onerror=alert(0)"]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor. This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. Solution(s) amazon-linux-2023-upgrade-cargo amazon-linux-2023-upgrade-cargo-debuginfo amazon-linux-2023-upgrade-clippy amazon-linux-2023-upgrade-clippy-debuginfo amazon-linux-2023-upgrade-rust amazon-linux-2023-upgrade-rust-analysis amazon-linux-2023-upgrade-rust-analyzer amazon-linux-2023-upgrade-rust-analyzer-debuginfo amazon-linux-2023-upgrade-rust-debugger-common amazon-linux-2023-upgrade-rust-debuginfo amazon-linux-2023-upgrade-rust-debugsource amazon-linux-2023-upgrade-rust-doc amazon-linux-2023-upgrade-rustfmt amazon-linux-2023-upgrade-rustfmt-debuginfo amazon-linux-2023-upgrade-rust-gdb amazon-linux-2023-upgrade-rust-lldb amazon-linux-2023-upgrade-rust-src amazon-linux-2023-upgrade-rust-std-static amazon-linux-2023-upgrade-rust-std-static-wasm32-unknown-unknown amazon-linux-2023-upgrade-rust-std-static-wasm32-wasi References https://attackerkb.com/topics/cve-2023-40030 CVE - 2023-40030 https://alas.aws.amazon.com/AL2023/ALAS-2024-497.html

Rarlab WinRAR: The vulnerability allows remote attackers to execute arbitrary code on affected installations (CVE-2023-40477) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/24/2023 Created 08/24/2023 Added 08/24/2023 Modified 05/06/2024 Description RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233. Solution(s) rarlab-winrar-upgrade-6_23 References https://attackerkb.com/topics/cve-2023-40477 CVE - 2023-40477

Amazon Linux AMI 2: CVE-2023-34319: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/24/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/30/2025 Description The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece.Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together.Such an unusual packet would therefore trigger a buffer overrun in the driver. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-322-244-536 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-192-182-736 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-128-80-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-34319 AL2/ALAS-2023-2206 AL2/ALAS-2023-2268 AL2/ALASKERNEL-5.10-2023-039 AL2/ALASKERNEL-5.15-2023-026 AL2/ALASKERNEL-5.4-2023-051 AL2/ALASKERNEL-5.4-2023-054 CVE - 2023-34319 View more

Rapid7 Insight Agent: CVE-2023-40217: TLS handshake bypass Severity 1 CVSS (AV:L/AC:H/Au:N/C:P/I:N/A:N) Published 08/24/2023 Created 03/20/2024 Added 03/19/2024 Modified 04/23/2024 Description Rapid7 Insight Agent versions below 4.0.6.14 suffer from a TLS handshake bypass vulnerability. Solution(s) rapid7-insightagent-upgrade-4_0_6_14 References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 https://docs.rapid7.com/release-notes/insightagent/20240314/

SUSE: CVE-2023-4511: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-4511 CVE - 2023-4511

Amazon Linux AMI 2: CVE-2022-46884: Security patch for firefox (ALASFIREFOX-2023-017) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/24/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time.This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2022-46884 AL2/ALASFIREFOX-2023-017 CVE - 2022-46884

SUSE: CVE-2023-4512: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-4512 CVE - 2023-4512

MFSA2022-44 Firefox: Security Vulnerabilities fixed in Firefox 106 (CVE-2022-46884) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/24/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time.This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106. Solution(s) mozilla-firefox-upgrade-106_0 References https://attackerkb.com/topics/cve-2022-46884 CVE - 2022-46884 http://www.mozilla.org/security/announce/2022/mfsa2022-44.html

Zoho ManageEngine ADSelfService Plus: Improper Folder Permissions (CVE-2023-6105) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/24/2023 Created 12/21/2024 Added 12/18/2024 Modified 12/18/2024 Description An encryption key disclosure due to the improper folder permissions has been fixed and released in multiple manageengine products. Solution(s) zoho-manageengine-adselfservice-plus-upgrade-latest References https://attackerkb.com/topics/cve-2023-6105 CVE - 2023-6105 https://www.tenable.com/security/research/tra-2023-35 https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html

SUSE: CVE-2023-4513: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-4513 CVE - 2023-4513

Cisco NX-OS: CVE-2023-20168: Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 08/24/2023 Added 08/24/2023 Modified 11/13/2024 Description A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2023-20168 CVE - 2023-20168 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m cisco-sa-nxos-remoteauth-dos-XB6pv74m

Microsoft Edge Chromium: CVE-2023-4428: Out of bounds memory access in CSS Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4428 CVE - 2023-4428 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4428

Gentoo Linux: CVE-2023-4429: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4429 CVE - 2023-4429 202401-34

Debian: CVE-2023-4428: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4428 CVE - 2023-4428 DSA-5483-1

7-Zip: CVE-2023-31102: 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 09/15/2023 Added 09/15/2023 Modified 07/26/2024 Description Deprecated Solution(s)

Artifex Ghostscript: (CVE-2023-4042) The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 01/31/2024 Added 01/24/2024 Modified 01/28/2025 Description A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. Solution(s) ghostscript-upgrade-9_51 References https://attackerkb.com/topics/cve-2023-4042 CVE - 2023-4042

Debian: CVE-2023-4431: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4431 CVE - 2023-4431 DSA-5483-1

Debian: CVE-2023-4427: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4427 CVE - 2023-4427 DSA-5483-1

Red Hat: CVE-2023-41105: python: file path truncation at \0 characters (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) redhat-upgrade-python3-11 redhat-upgrade-python3-11-debug redhat-upgrade-python3-11-debuginfo redhat-upgrade-python3-11-debugsource redhat-upgrade-python3-11-devel redhat-upgrade-python3-11-idle redhat-upgrade-python3-11-libs redhat-upgrade-python3-11-rpm-macros redhat-upgrade-python3-11-test redhat-upgrade-python3-11-tkinter References CVE-2023-41105 RHSA-2023:6494 RHSA-2023:7024

Gentoo Linux: CVE-2023-41105: Python, PyPy3: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 05/06/2024 Added 05/06/2024 Modified 01/30/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) gentoo-linux-upgrade-dev-lang-python gentoo-linux-upgrade-dev-python-pypy3 gentoo-linux-upgrade-dev-python-pypy3_10 gentoo-linux-upgrade-dev-python-pypy3_9 References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105 202405-01

Gentoo Linux: CVE-2023-4427: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4427 CVE - 2023-4427 202401-34

Red Hat: CVE-2023-4042: ghostscript: Incomplete fix for CVE-2020-16305 (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. Solution(s) redhat-upgrade-ghostscript redhat-upgrade-ghostscript-debuginfo redhat-upgrade-ghostscript-debugsource redhat-upgrade-ghostscript-doc redhat-upgrade-ghostscript-gtk-debuginfo redhat-upgrade-ghostscript-tools-dvipdf redhat-upgrade-ghostscript-tools-fonts redhat-upgrade-ghostscript-tools-printing redhat-upgrade-ghostscript-x11 redhat-upgrade-ghostscript-x11-debuginfo redhat-upgrade-libgs redhat-upgrade-libgs-debuginfo redhat-upgrade-libgs-devel References CVE-2023-4042 RHSA-2023:7053

FreeBSD: (Multiple Advisories) (CVE-2023-4430): electron24 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/25/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron24 freebsd-upgrade-package-electron25 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4430