ISHACK AI BOT

Alma Linux: CVE-2023-24936: Important: .NET 6.0 security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 06/14/2023 Created 06/27/2023 Added 06/26/2023 Modified 02/14/2025 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-6.0 alma-upgrade-aspnetcore-runtime-7.0 alma-upgrade-aspnetcore-targeting-pack-6.0 alma-upgrade-aspnetcore-targeting-pack-7.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-6.0 alma-upgrade-dotnet-apphost-pack-7.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-6.0 alma-upgrade-dotnet-hostfxr-7.0 alma-upgrade-dotnet-runtime-6.0 alma-upgrade-dotnet-runtime-7.0 alma-upgrade-dotnet-sdk-6.0 alma-upgrade-dotnet-sdk-6.0-source-built-artifacts alma-upgrade-dotnet-sdk-7.0 alma-upgrade-dotnet-sdk-7.0-source-built-artifacts alma-upgrade-dotnet-targeting-pack-6.0 alma-upgrade-dotnet-targeting-pack-7.0 alma-upgrade-dotnet-templates-6.0 alma-upgrade-dotnet-templates-7.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-24936 CVE - 2023-24936 https://errata.almalinux.org/8/ALSA-2023-3582.html https://errata.almalinux.org/8/ALSA-2023-3593.html https://errata.almalinux.org/9/ALSA-2023-3581.html https://errata.almalinux.org/9/ALSA-2023-3592.html

Zoom: CVE-2023-28601: Improper Restriction of Operations within the Bounds of a Memory Buffer in Zoom Clients Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-28601 CVE - 2023-28601 https://explore.zoom.us/en/trust/security/security-bulletin

Microsoft Office: CVE-2023-33133: Microsoft Excel Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002405 microsoft-office_online_server-kb5002401 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33133 CVE - 2023-33133 https://support.microsoft.com/help/5002401 https://support.microsoft.com/help/5002405

Microsoft Office: CVE-2023-32029: Microsoft Excel Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002405 microsoft-office_online_server-kb5002401 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-32029 CVE - 2023-32029 https://support.microsoft.com/help/5002401 https://support.microsoft.com/help/5002405

FreeBSD: VID-F0250129-FDB8-41ED-AA9E-661FF5026845 (CVE-2023-33144): vscode -- VS Code Information Disclosure Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:N) Published 06/13/2023 Created 06/15/2023 Added 06/14/2023 Modified 01/28/2025 Description Visual Studio Code Spoofing Vulnerability Solution(s) freebsd-upgrade-package-vscode References CVE-2023-33144

FreeBSD: (Multiple Advisories) (CVE-2023-3215): electron{23,24} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/15/2023 Added 06/14/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron23 freebsd-upgrade-package-electron24 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-3215

Alpine Linux: CVE-2023-33135: Vulnerability in Multiple Components Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description .NET and Visual Studio Elevation of Privilege Vulnerability Solution(s) alpine-linux-upgrade-dotnet6-build alpine-linux-upgrade-dotnet6-runtime alpine-linux-upgrade-dotnet7-build alpine-linux-upgrade-dotnet7-runtime References https://attackerkb.com/topics/cve-2023-33135 CVE - 2023-33135 https://security.alpinelinux.org/vuln/CVE-2023-33135

Zoom: CVE-2023-34113: Insufficient Verification of Data Authenticity Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-34113 CVE - 2023-34113 https://explore.zoom.us/en/trust/security/security-bulletin

Zoom: CVE-2023-34120: Improper Privilege Management Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:P) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-34120 CVE - 2023-34120 https://explore.zoom.us/en/trust/security/security-bulletin

SUSE: CVE-2023-3217: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3217 CVE - 2023-3217

SUSE: CVE-2023-3215: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3215 CVE - 2023-3215

VMware VMware Tools: Authentication Bypass vulnerability (VMSA-2023-0013) (CVE-2023-20867) Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:N) Published 06/13/2023 Created 06/27/2023 Added 06/27/2023 Modified 06/28/2023 Description VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) vmware-vmware_tools-upgrade-latest References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867 https://www.vmware.com/security/advisories/VMSA-2023-0013.html

Rocky Linux: CVE-2023-20867: open-vm-tools (Multiple Advisories) Severity 3 CVSS (AV:L/AC:M/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) rocky-upgrade-open-vm-tools rocky-upgrade-open-vm-tools-debuginfo rocky-upgrade-open-vm-tools-debugsource rocky-upgrade-open-vm-tools-desktop rocky-upgrade-open-vm-tools-desktop-debuginfo rocky-upgrade-open-vm-tools-salt-minion rocky-upgrade-open-vm-tools-sdmp rocky-upgrade-open-vm-tools-sdmp-debuginfo rocky-upgrade-open-vm-tools-test rocky-upgrade-open-vm-tools-test-debuginfo References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867 https://errata.rockylinux.org/RLSA-2023:3948 https://errata.rockylinux.org/RLSA-2023:3949

Microsoft Edge Chromium: CVE-2023-3216 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-3216 CVE - 2023-3216 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3216

Amazon Linux AMI 2: CVE-2021-32912: Security patch for webkitgtk4 (ALAS-2023-2088) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 11/08/2023 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2021-32912 AL2/ALAS-2023-2088 CVE - 2021-32912

Microsoft SharePoint: CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/14/2025 Description Microsoft SharePoint Server Elevation of Privilege Vulnerability Solution(s) microsoft-sharepoint-sharepoint_2019-kb5002402 microsoft-sharepoint-sharepoint_2019-kb5002403 References https://attackerkb.com/topics/cve-2023-29357 CVE - 2023-29357 https://support.microsoft.com/help/5002402 https://support.microsoft.com/help/5002403

Amazon Linux AMI 2: CVE-2023-32373: Security patch for webkitgtk4 (ALAS-2023-2088) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2023-32373 AL2/ALAS-2023-2088 CVE - 2023-32373

Ubuntu: USN-6257-1 (CVE-2023-20867): Open VM Tools vulnerability Severity 3 CVSS (AV:L/AC:M/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) ubuntu-pro-upgrade-open-vm-tools References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867 USN-6257-1

FreeBSD: VID-1567BE8C-0A15-11EE-8290-A8A1599412C6 (CVE-2023-3217): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/15/2023 Added 06/14/2023 Modified 01/28/2025 Description Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-3217

Microsoft Edge Chromium: CVE-2023-3214 Use after free in Autofill payments Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-3214 CVE - 2023-3214 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3214

FreeBSD: (Multiple Advisories) (CVE-2023-3216): electron{23,24} -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/15/2023 Added 06/14/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron23 freebsd-upgrade-package-electron24 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-3216

Microsoft Edge Chromium: CVE-2023-3215 Use after free in WebRTC Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-3215 CVE - 2023-3215 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-3215

Microsoft Office: CVE-2023-33131: Microsoft Outlook Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Microsoft Outlook Remote Code Execution Vulnerability Solution(s) microsoft-outlook_2016-kb5002387 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33131 CVE - 2023-33131 https://support.microsoft.com/help/5002387

Zoom: CVE-2023-34121: Improper Input Validation Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-34121 CVE - 2023-34121 https://explore.zoom.us/en/trust/security/security-bulletin

Microsoft Office: CVE-2023-33137: Microsoft Excel Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Microsoft Excel Remote Code Execution Vulnerability Solution(s) microsoft-excel_2016-kb5002405 microsoft-office_online_server-kb5002401 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33137 CVE - 2023-33137 https://support.microsoft.com/help/5002401 https://support.microsoft.com/help/5002405