ISHACK AI BOT

JetBrains IntelliJ IDEA: CVE-2023-38069: License dialog could be suppressed in certain cases. Reported by Bilawal Imdad (IDEA-324171) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 07/12/2023 Created 01/31/2025 Added 01/29/2025 Modified 02/05/2025 Description In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases Solution(s) jetbrains-intellij-idea-upgrade-latest References https://attackerkb.com/topics/cve-2023-38069 CVE - 2023-38069 https://www.jetbrains.com/privacy-security/issues-fixed/

OS X update for IOUSBDeviceFamily (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

JetBrains TeamCity: CVE-2023-38064: Build chain parameters of the "password" type could be written to the agent log (TW-81846) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 07/12/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-38064 CVE - 2023-38064 https://www.jetbrains.com/privacy-security/issues-fixed/

SonicWall GMS: CVE-2023-34123: Predictable Password Reset Key Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/14/2023 Description A vulnerability in SonicWall GMS allows for unauthorised password resets via a predictable password reset key. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34123 CVE - 2023-34123 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

SonicWall GMS: CVE-2023-34125: Post-Authenticated Arbitrary File Read via Backup File Directory Traversal Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/14/2023 Description A vulnerability in SonicWall GMS allows for Post-Authenticated Arbitrary File Read via Backup File Directory Traversal. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34125 CVE - 2023-34125 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

SonicWall GMS: CVE-2023-34126: Post-Authenticated Arbitrary File Upload Severity 8 CVSS (AV:N/AC:L/Au:S/C:P/I:C/A:N) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/24/2023 Description A vulnerability in SonicWall GMS allows for Post-Authenticated Arbitrary File Upload. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34126 CVE - 2023-34126 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

OS X update for IOKit (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-3106: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/12/2023 Created 08/17/2023 Added 08/17/2023 Modified 01/28/2025 Description A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. Solution(s) suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-devel suse-upgrade-kernel-macros suse-upgrade-kernel-source suse-upgrade-kernel-syms References https://attackerkb.com/topics/cve-2023-3106 CVE - 2023-3106

VMware Photon OS: CVE-2023-21255 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/12/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-21255 CVE - 2023-21255

Debian: CVE-2023-3618: tiff -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-3618 CVE - 2023-3618 DLA-3513-1

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-29317) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/12/2023 Created 07/17/2023 Added 07/17/2023 Modified 02/14/2025 Description Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-29317 CVE - 2023-29317 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-29316) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/12/2023 Created 07/17/2023 Added 07/17/2023 Modified 02/14/2025 Description Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-29316 CVE - 2023-29316 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

OS X update for Find My (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleEvents (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SonicWall GMS: CVE-2023-34132: Client-Side Hashing Function Allows Pass-the-Hash Severity 6 CVSS (AV:N/AC:L/Au:M/C:C/I:N/A:N) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/27/2023 Description A vulnerability in SonicWall GMS allows for a Pass-the-Hash attack. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34132 CVE - 2023-34132 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Alpine Linux: CVE-2023-3600: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/12/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-3600 CVE - 2023-3600 https://security.alpinelinux.org/vuln/CVE-2023-3600

OS X update for ImageIO (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for FileURL (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleGraphicsControl (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2023-3600: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/12/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-3600 CVE - 2023-3600 202402-25

SonicWall GMS: CVE-2023-34131: Unauthenticated Sensitive Information Leak Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/14/2023 Description A vulnerability in SonicWall GMS allows for an Unauthenticated Sensitive Information Leak. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34131 CVE - 2023-34131 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Alma Linux: CVE-2023-3618: Moderate: libtiff security update (ALSA-2024-2289) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-3618 CVE - 2023-3618 https://errata.almalinux.org/9/ALSA-2024-2289.html

Rocky Linux: CVE-2023-3600: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/12/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Juniper Junos OS: 2023-07 Security Bulletin: Junos OS: SRX Series: jbuf memory leak when SSL Proxy and UTM Web-Filtering is applied (JSA71636) (multiple CVEs) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/12/2023 Created 07/13/2023 Added 07/13/2023 Modified 07/20/2023 Description An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-0026 CVE - 2023-0026 CVE - 2023-36831 JSA71636

Juniper Junos OS: 2023-07 Security Bulletin: Junos OS: MX Series: PFE crash upon receipt of specific packet destined to an AMS interface (JSA71639) (multiple CVEs) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/12/2023 Created 07/13/2023 Added 07/13/2023 Modified 07/20/2023 Description An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-0026 CVE - 2023-0026 CVE - 2023-36832 JSA71639