ISHACK AI BOT

Microsoft Windows: CVE-2023-35339: Windows CryptoAPIDenial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 08/07/2024 Description Windows CryptoAPIDenial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35339 CVE - 2023-35339 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 View more

Microsoft Windows: CVE-2023-35316: Remote Procedure Call Runtime Information Disclosure Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Remote Procedure Call Runtime Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-35316 CVE - 2023-35316 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Fortinet FortiAnalyzer: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2023-25606) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/11/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/30/2025 Description An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. Solution(s) fortinet-fortianalyzer-upgrade-6_4_12 fortinet-fortianalyzer-upgrade-7_2_2 References https://attackerkb.com/topics/cve-2023-25606 CVE - 2023-25606 https://fortiguard.com/psirt/FG-IR-22-471

Microsoft SharePoint: CVE-2023-33160: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/14/2025 Description Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002425 microsoft-sharepoint-sharepoint_2019-kb5002423 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002424 References https://attackerkb.com/topics/cve-2023-33160 CVE - 2023-33160 https://support.microsoft.com/help/5002423 https://support.microsoft.com/help/5002424 https://support.microsoft.com/help/5002425

Aruba AOS-10: CVE-2023-35976: Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. Solution(s) aruba-aos-10-cve-2023-35976 References https://attackerkb.com/topics/cve-2023-35976 CVE - 2023-35976 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Microsoft Windows: CVE-2023-35329: Windows Authentication Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Authentication Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35329 CVE - 2023-35329 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Windows: CVE-2023-35360: Windows Kernel Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35360 CVE - 2023-35360 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Windows: CVE-2023-35348: Active Directory Federation Service Security Feature Bypass Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 08/13/2024 Description Active Directory Federation Service Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35348 CVE - 2023-35348 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171

Microsoft Windows: CVE-2023-35345: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-35345 CVE - 2023-35345 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Windows: CVE-2023-35331: Windows Local Security Authority (LSA) Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Local Security Authority (LSA) Denial of Service Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-35331 CVE - 2023-35331 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Windows: CVE-2023-35310: Windows DNS Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows DNS Server Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-35310 CVE - 2023-35310 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Windows: CVE-2023-35322: Windows Deployment Services Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Deployment Services Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-35322 CVE - 2023-35322 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Aruba AOS-8: CVE-2023-35978: Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Solution(s) aruba-aos-8-cve-2023-35978 References https://attackerkb.com/topics/cve-2023-35978 CVE - 2023-35978 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Amazon Linux AMI 2: CVE-2023-29406: Security patch for amazon-ssm-agent, cni-plugins, containerd, cri-tools, ecs-init, golang, golist, nerdctl, runc (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) amazon-linux-ami-2-upgrade-amazon-ssm-agent amazon-linux-ami-2-upgrade-amazon-ssm-agent-debuginfo amazon-linux-ami-2-upgrade-cni-plugins amazon-linux-ami-2-upgrade-cni-plugins-debuginfo amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress amazon-linux-ami-2-upgrade-cri-tools amazon-linux-ami-2-upgrade-cri-tools-debuginfo amazon-linux-ami-2-upgrade-ecs-init amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests amazon-linux-ami-2-upgrade-golist amazon-linux-ami-2-upgrade-golist-debuginfo amazon-linux-ami-2-upgrade-nerdctl amazon-linux-ami-2-upgrade-nerdctl-debuginfo amazon-linux-ami-2-upgrade-runc amazon-linux-ami-2-upgrade-runc-debuginfo References https://attackerkb.com/topics/cve-2023-29406 AL2/ALAS-2023-2185 AL2/ALAS-2023-2186 AL2/ALAS-2023-2193 AL2/ALAS-2023-2194 AL2/ALAS-2023-2208 AL2/ALAS-2023-2303 AL2/ALASDOCKER-2023-028 AL2/ALASDOCKER-2023-029 AL2/ALASECS-2023-005 AL2/ALASECS-2024-032 AL2/ALASNITRO-ENCLAVES-2023-025 AL2/ALASNITRO-ENCLAVES-2023-026 CVE - 2023-29406 View more

Aruba AOS-10: CVE-2023-35972: Authenticated Remote Command Execution in ArubaOS Web-based Management Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated remote command injection vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. Solution(s) aruba-aos-10-cve-2023-35972 References https://attackerkb.com/topics/cve-2023-35972 CVE - 2023-35972 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Microsoft Windows: CVE-2023-21756: Windows Win32k Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Win32k Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-21756 CVE - 2023-21756 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft Windows: CVE-2023-21526: Windows Netlogon Information Disclosure Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Windows Netlogon Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5028186 microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-21526 CVE - 2023-21526 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 https://support.microsoft.com/help/5028186 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft SharePoint: CVE-2023-33134: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/14/2025 Description Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2016-kb5002425 microsoft-sharepoint-sharepoint_2019-kb5002423 microsoft-sharepoint-sharepoint_server_subscription_edition-kb5002424 References https://attackerkb.com/topics/cve-2023-33134 CVE - 2023-33134 https://support.microsoft.com/help/5002423 https://support.microsoft.com/help/5002424 https://support.microsoft.com/help/5002425

OS X update for WebKit (CVE-2023-37450) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-osx-upgrade-13_4_1 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-37450 CVE - 2023-37450 https://support.apple.com/kb/HT213825 https://support.apple.com/kb/HT213843

MFSA2023-26 Firefox: Security Vulnerabilities fixed in Firefox 115.0.2 and Firefox ESR 115.0.2 (CVE-2023-3600) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/12/2023 Modified 01/28/2025 Description During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Solution(s) mozilla-firefox-esr-upgrade-115_0_2 mozilla-firefox-upgrade-115_0_2 References https://attackerkb.com/topics/cve-2023-3600 CVE - 2023-3600 http://www.mozilla.org/security/announce/2023/mfsa2023-26.html

Huawei EulerOS: CVE-2023-29406: golang security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 EulerOS-SA-2023-3029

Microsoft Office: CVE-2023-33151: Microsoft Outlook Spoofing Vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Microsoft Outlook Spoofing Vulnerability Solution(s) microsoft-outlook_2016-kb5002427 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33151 CVE - 2023-33151 https://support.microsoft.com/help/5002427

Aruba AOS-8: CVE-2023-35974: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-35974 References https://attackerkb.com/topics/cve-2023-35974 CVE - 2023-35974 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Alpine Linux: CVE-2023-33170: Race Condition Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description ASP.NET and Visual Studio Security Feature Bypass Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime References https://attackerkb.com/topics/cve-2023-33170 CVE - 2023-33170 https://security.alpinelinux.org/vuln/CVE-2023-33170

Microsoft Office: CVE-2023-33149: Microsoft Office Graphics Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Microsoft Office Graphics Remote Code Execution Vulnerability Solution(s) microsoft-office_2016-kb4493154 microsoft-office_2016-kb5002419 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33149 CVE - 2023-33149 https://support.microsoft.com/help/4493154 https://support.microsoft.com/help/5002419