ISHACK AI BOT

Metabase Setup Token RCE Disclosed 07/22/2023 Created 08/09/2023 Description Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created with a TRIGGER that allows for code execution. We use a sample database for our connection string to prevent corrupting real databases. Successfully tested against Metabase 0.46.6, 0.44.4, 0.42.1. Author(s) h00die Maxwell Garrett Shubham Shah Platform Unix Architectures cmd Development Source Code History

Huawei EulerOS: CVE-2023-38633: librsvg2 security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) huawei-euleros-2_0_sp11-upgrade-librsvg2 huawei-euleros-2_0_sp11-upgrade-librsvg2-help References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 EulerOS-SA-2023-3035

Oracle Linux: CVE-2023-38633: ELSA-2023-5081:librsvg2 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 09/14/2023 Added 09/13/2023 Modified 11/22/2024 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system, affecting the data confidentiality. Solution(s) oracle-linux-upgrade-librsvg2 oracle-linux-upgrade-librsvg2-devel oracle-linux-upgrade-librsvg2-tools References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 ELSA-2023-5081

Ubuntu: USN-6266-1 (CVE-2023-38633): librsvg vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/30/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) ubuntu-upgrade-librsvg2-2 References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 DSA-5484 USN-6266-1

Alma Linux: CVE-2023-3247: Important: php:8.0 security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 10/24/2023 Added 10/23/2023 Modified 02/11/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-3247 CVE - 2023-3247 https://errata.almalinux.org/8/ALSA-2023-5927.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2023-5926.html https://errata.almalinux.org/9/ALSA-2024-0387.html

Debian: CVE-2023-38633: librsvg -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/30/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) debian-upgrade-librsvg References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 DSA-5484 DSA-5484-1

Red Hat: CVE-2023-38633: Arbitrary file read when xinclude href has special characters (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/30/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) redhat-upgrade-librsvg2 redhat-upgrade-librsvg2-debuginfo redhat-upgrade-librsvg2-debugsource redhat-upgrade-librsvg2-devel redhat-upgrade-librsvg2-tools redhat-upgrade-librsvg2-tools-debuginfo References CVE-2023-38633 RHSA-2023:4809 RHSA-2023:5081

Red Hat: CVE-2023-3247: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 11/01/2023 Added 11/01/2023 Modified 02/10/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) redhat-upgrade-apcu-panel redhat-upgrade-libzip redhat-upgrade-libzip-debuginfo redhat-upgrade-libzip-debugsource redhat-upgrade-libzip-devel redhat-upgrade-libzip-tools redhat-upgrade-libzip-tools-debuginfo redhat-upgrade-php redhat-upgrade-php-bcmath redhat-upgrade-php-bcmath-debuginfo redhat-upgrade-php-cli redhat-upgrade-php-cli-debuginfo redhat-upgrade-php-common redhat-upgrade-php-common-debuginfo redhat-upgrade-php-dba redhat-upgrade-php-dba-debuginfo redhat-upgrade-php-dbg redhat-upgrade-php-dbg-debuginfo redhat-upgrade-php-debuginfo redhat-upgrade-php-debugsource redhat-upgrade-php-devel redhat-upgrade-php-embedded redhat-upgrade-php-embedded-debuginfo redhat-upgrade-php-enchant redhat-upgrade-php-enchant-debuginfo redhat-upgrade-php-ffi redhat-upgrade-php-ffi-debuginfo redhat-upgrade-php-fpm redhat-upgrade-php-fpm-debuginfo redhat-upgrade-php-gd redhat-upgrade-php-gd-debuginfo redhat-upgrade-php-gmp redhat-upgrade-php-gmp-debuginfo redhat-upgrade-php-intl redhat-upgrade-php-intl-debuginfo redhat-upgrade-php-json redhat-upgrade-php-json-debuginfo redhat-upgrade-php-ldap redhat-upgrade-php-ldap-debuginfo redhat-upgrade-php-mbstring redhat-upgrade-php-mbstring-debuginfo redhat-upgrade-php-mysqlnd redhat-upgrade-php-mysqlnd-debuginfo redhat-upgrade-php-odbc redhat-upgrade-php-odbc-debuginfo redhat-upgrade-php-opcache redhat-upgrade-php-opcache-debuginfo redhat-upgrade-php-pdo redhat-upgrade-php-pdo-debuginfo redhat-upgrade-php-pear redhat-upgrade-php-pecl-apcu redhat-upgrade-php-pecl-apcu-debuginfo redhat-upgrade-php-pecl-apcu-debugsource redhat-upgrade-php-pecl-apcu-devel redhat-upgrade-php-pecl-rrd redhat-upgrade-php-pecl-rrd-debuginfo redhat-upgrade-php-pecl-rrd-debugsource redhat-upgrade-php-pecl-xdebug redhat-upgrade-php-pecl-xdebug-debuginfo redhat-upgrade-php-pecl-xdebug-debugsource redhat-upgrade-php-pecl-xdebug3 redhat-upgrade-php-pecl-xdebug3-debuginfo redhat-upgrade-php-pecl-xdebug3-debugsource redhat-upgrade-php-pecl-zip redhat-upgrade-php-pecl-zip-debuginfo redhat-upgrade-php-pecl-zip-debugsource redhat-upgrade-php-pgsql redhat-upgrade-php-pgsql-debuginfo redhat-upgrade-php-process redhat-upgrade-php-process-debuginfo redhat-upgrade-php-snmp redhat-upgrade-php-snmp-debuginfo redhat-upgrade-php-soap redhat-upgrade-php-soap-debuginfo redhat-upgrade-php-xml redhat-upgrade-php-xml-debuginfo redhat-upgrade-php-xmlrpc redhat-upgrade-php-xmlrpc-debuginfo References CVE-2023-3247 RHSA-2023:5926 RHSA-2023:5927 RHSA-2024:0387 RHSA-2024:10952

Amazon Linux AMI 2: CVE-2023-3247: Security patch for php (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 09/14/2023 Added 09/14/2023 Modified 01/30/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2023-3247 AL2/ALASPHP8.0-2023-009 AL2/ALASPHP8.1-2023-004 AL2/ALASPHP8.2-2023-002 CVE - 2023-3247

Alpine Linux: CVE-2023-38633: Path Traversal Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) alpine-linux-upgrade-librsvg References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 https://security.alpinelinux.org/vuln/CVE-2023-38633

Gentoo Linux: CVE-2023-38633: Librsvg: Arbitrary File Read Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/30/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) gentoo-linux-upgrade-gnome-base-librsvg References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 202408-14

Amazon Linux 2023: CVE-2023-38633: Important priority package update for librsvg2 Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system, affecting the data confidentiality. Solution(s) amazon-linux-2023-upgrade-librsvg2 amazon-linux-2023-upgrade-librsvg2-debuginfo amazon-linux-2023-upgrade-librsvg2-debugsource amazon-linux-2023-upgrade-librsvg2-devel amazon-linux-2023-upgrade-librsvg2-tools amazon-linux-2023-upgrade-librsvg2-tools-debuginfo References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 https://alas.aws.amazon.com/AL2023/ALAS-2023-295.html

PHP Vulnerability: CVE-2023-3247 Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 08/11/2023 Added 08/11/2023 Modified 01/30/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) php-upgrade-8_0_29 php-upgrade-8_1_20 php-upgrade-8_2_7 References https://attackerkb.com/topics/cve-2023-3247 CVE - 2023-3247

Rocky Linux: CVE-2023-3247: php-8.1 (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) rocky-upgrade-libzip rocky-upgrade-libzip-debuginfo rocky-upgrade-libzip-debugsource rocky-upgrade-libzip-devel rocky-upgrade-libzip-tools rocky-upgrade-libzip-tools-debuginfo rocky-upgrade-php rocky-upgrade-php-bcmath rocky-upgrade-php-bcmath-debuginfo rocky-upgrade-php-cli rocky-upgrade-php-cli-debuginfo rocky-upgrade-php-common rocky-upgrade-php-common-debuginfo rocky-upgrade-php-dba rocky-upgrade-php-dba-debuginfo rocky-upgrade-php-dbg rocky-upgrade-php-dbg-debuginfo rocky-upgrade-php-debuginfo rocky-upgrade-php-debugsource rocky-upgrade-php-devel rocky-upgrade-php-embedded rocky-upgrade-php-embedded-debuginfo rocky-upgrade-php-enchant rocky-upgrade-php-enchant-debuginfo rocky-upgrade-php-ffi rocky-upgrade-php-ffi-debuginfo rocky-upgrade-php-fpm rocky-upgrade-php-fpm-debuginfo rocky-upgrade-php-gd rocky-upgrade-php-gd-debuginfo rocky-upgrade-php-gmp rocky-upgrade-php-gmp-debuginfo rocky-upgrade-php-intl rocky-upgrade-php-intl-debuginfo rocky-upgrade-php-ldap rocky-upgrade-php-ldap-debuginfo rocky-upgrade-php-mbstring rocky-upgrade-php-mbstring-debuginfo rocky-upgrade-php-mysqlnd rocky-upgrade-php-mysqlnd-debuginfo rocky-upgrade-php-odbc rocky-upgrade-php-odbc-debuginfo rocky-upgrade-php-opcache rocky-upgrade-php-opcache-debuginfo rocky-upgrade-php-pdo rocky-upgrade-php-pdo-debuginfo rocky-upgrade-php-pecl-apcu rocky-upgrade-php-pecl-apcu-debuginfo rocky-upgrade-php-pecl-apcu-debugsource rocky-upgrade-php-pecl-apcu-devel rocky-upgrade-php-pecl-rrd rocky-upgrade-php-pecl-rrd-debuginfo rocky-upgrade-php-pecl-rrd-debugsource rocky-upgrade-php-pecl-xdebug3 rocky-upgrade-php-pecl-xdebug3-debuginfo rocky-upgrade-php-pecl-xdebug3-debugsource rocky-upgrade-php-pecl-zip rocky-upgrade-php-pecl-zip-debuginfo rocky-upgrade-php-pecl-zip-debugsource rocky-upgrade-php-pgsql rocky-upgrade-php-pgsql-debuginfo rocky-upgrade-php-process rocky-upgrade-php-process-debuginfo rocky-upgrade-php-snmp rocky-upgrade-php-snmp-debuginfo rocky-upgrade-php-soap rocky-upgrade-php-soap-debuginfo rocky-upgrade-php-xml rocky-upgrade-php-xml-debuginfo References https://attackerkb.com/topics/cve-2023-3247 CVE - 2023-3247 https://errata.rockylinux.org/RLSA-2023:5926 https://errata.rockylinux.org/RLSA-2023:5927 https://errata.rockylinux.org/RLSA-2024:0387

Alpine Linux: CVE-2023-3247: Use of Insufficiently Random Values Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) alpine-linux-upgrade-php8 alpine-linux-upgrade-php81 References https://attackerkb.com/topics/cve-2023-3247 CVE - 2023-3247 https://security.alpinelinux.org/vuln/CVE-2023-3247

Alma Linux: CVE-2023-38633: Moderate: librsvg2 security update (ALSA-2023-5081) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/22/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/30/2025 Description A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. Solution(s) alma-upgrade-librsvg2 alma-upgrade-librsvg2-devel alma-upgrade-librsvg2-tools References https://attackerkb.com/topics/cve-2023-38633 CVE - 2023-38633 https://errata.almalinux.org/9/ALSA-2023-5081.html

Huawei EulerOS: CVE-2023-3247: php security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/22/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) huawei-euleros-2_0_sp8-upgrade-php huawei-euleros-2_0_sp8-upgrade-php-cli huawei-euleros-2_0_sp8-upgrade-php-common huawei-euleros-2_0_sp8-upgrade-php-fpm huawei-euleros-2_0_sp8-upgrade-php-gd huawei-euleros-2_0_sp8-upgrade-php-ldap huawei-euleros-2_0_sp8-upgrade-php-odbc huawei-euleros-2_0_sp8-upgrade-php-pdo huawei-euleros-2_0_sp8-upgrade-php-process huawei-euleros-2_0_sp8-upgrade-php-recode huawei-euleros-2_0_sp8-upgrade-php-soap huawei-euleros-2_0_sp8-upgrade-php-xml huawei-euleros-2_0_sp8-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-3247 CVE - 2023-3247 EulerOS-SA-2023-3145

VMware Photon OS: CVE-2023-3610 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3610 CVE - 2023-3610

Amazon Linux 2023: CVE-2023-40745: Medium priority package update for libtiff (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-40745 CVE - 2023-40745 https://alas.aws.amazon.com/AL2023/ALAS-2023-364.html https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html

Oracle Linux: CVE-2023-3609: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 10/12/2023 Added 10/11/2023 Modified 01/07/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-3609 CVE - 2023-3609 ELSA-2023-7077 ELSA-2023-5622 ELSA-2023-6583

Huawei EulerOS: CVE-2023-3776: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3776 CVE - 2023-3776 EulerOS-SA-2023-2860

CentOS Linux: CVE-2023-3776: Important: kpatch-patch security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-3_10_0-1160_102_1 centos-upgrade-kpatch-patch-3_10_0-1160_102_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_90_1 centos-upgrade-kpatch-patch-3_10_0-1160_90_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_92_1 centos-upgrade-kpatch-patch-3_10_0-1160_92_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_95_1 centos-upgrade-kpatch-patch-3_10_0-1160_95_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_99_1 centos-upgrade-kpatch-patch-3_10_0-1160_99_1-debuginfo References CVE-2023-3776

Amazon Linux 2023: CVE-2023-41175: Medium priority package update for libtiff (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-41175 CVE - 2023-41175 https://alas.aws.amazon.com/AL2023/ALAS-2023-364.html https://alas.aws.amazon.com/AL2023/ALAS-2024-634.html

Amazon Linux AMI 2: CVE-2023-3428: Security patch for ImageMagick (ALAS-2023-2123) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/21/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description A heap-based buffer overflow vulnerability was foundin coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. Solution(s) amazon-linux-ami-2-upgrade-imagemagick amazon-linux-ami-2-upgrade-imagemagick-c amazon-linux-ami-2-upgrade-imagemagick-c-devel amazon-linux-ami-2-upgrade-imagemagick-debuginfo amazon-linux-ami-2-upgrade-imagemagick-devel amazon-linux-ami-2-upgrade-imagemagick-doc amazon-linux-ami-2-upgrade-imagemagick-perl References https://attackerkb.com/topics/cve-2023-3428 AL2/ALAS-2023-2123 CVE - 2023-3428

Amazon Linux AMI 2: CVE-2023-37328: Security patch for gstreamer1-plugins-base (ALAS-2023-2120) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/21/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994. Solution(s) amazon-linux-ami-2-upgrade-gstreamer1-plugins-base amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-devel amazon-linux-ami-2-upgrade-gstreamer1-plugins-base-tools References https://attackerkb.com/topics/cve-2023-37328 AL2/ALAS-2023-2120 CVE - 2023-37328