ISHACK AI BOT

Oracle Linux: CVE-2023-29403: ELSA-2023-3922:go-toolset:ol8 security update (CRITICAL) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 06/08/2023 Created 07/06/2023 Added 07/05/2023 Modified 01/08/2025 Description On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. Solution(s) oracle-linux-upgrade-delve oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-race oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset References https://attackerkb.com/topics/cve-2023-29403 CVE - 2023-29403 ELSA-2023-3922 ELSA-2023-3923

Oracle Linux: CVE-2023-29404: ELSA-2023-3922:go-toolset:ol8 security update (CRITICAL) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 06/08/2023 Created 07/06/2023 Added 07/05/2023 Modified 01/08/2025 Description The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. Solution(s) oracle-linux-upgrade-delve oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-race oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset References https://attackerkb.com/topics/cve-2023-29404 CVE - 2023-29404 ELSA-2023-3922 ELSA-2023-3923

Microsoft Edge Chromium: CVE-2023-29345 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/08/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-29345 CVE - 2023-29345 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345

Huawei EulerOS: CVE-2023-34969: dbus security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. Solution(s) huawei-euleros-2_0_sp8-upgrade-dbus huawei-euleros-2_0_sp8-upgrade-dbus-common huawei-euleros-2_0_sp8-upgrade-dbus-daemon huawei-euleros-2_0_sp8-upgrade-dbus-devel huawei-euleros-2_0_sp8-upgrade-dbus-libs huawei-euleros-2_0_sp8-upgrade-dbus-tools huawei-euleros-2_0_sp8-upgrade-dbus-x11 References https://attackerkb.com/topics/cve-2023-34969 CVE - 2023-34969 EulerOS-SA-2023-3122

OS X update for Accessibility (CVE-2023-32400) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32400 CVE - 2023-32400 https://support.apple.com/kb/HT213758

Huawei EulerOS: CVE-2023-34969: dbus security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. Solution(s) huawei-euleros-2_0_sp9-upgrade-dbus huawei-euleros-2_0_sp9-upgrade-dbus-common huawei-euleros-2_0_sp9-upgrade-dbus-daemon huawei-euleros-2_0_sp9-upgrade-dbus-libs huawei-euleros-2_0_sp9-upgrade-dbus-tools References https://attackerkb.com/topics/cve-2023-34969 CVE - 2023-34969 EulerOS-SA-2023-2609

Ubuntu: (Multiple Advisories) (CVE-2023-29405): Go vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/08/2023 Created 10/12/2024 Added 10/11/2024 Modified 01/30/2025 Description The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src References https://attackerkb.com/topics/cve-2023-29405 CVE - 2023-29405 USN-7061-1 USN-7109-1

SUSE: CVE-2023-34414: SUSE Linux Security Advisory Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 06/07/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-34414 CVE - 2023-34414

SUSE: CVE-2023-3152: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/07/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability. Solution(s) suse-upgrade-libopenvswitch-3_1-0 suse-upgrade-libovn-23_03-0 suse-upgrade-openvswitch3 suse-upgrade-openvswitch3-devel suse-upgrade-openvswitch3-doc suse-upgrade-openvswitch3-ipsec suse-upgrade-openvswitch3-pki suse-upgrade-openvswitch3-test suse-upgrade-openvswitch3-vtep suse-upgrade-ovn3 suse-upgrade-ovn3-central suse-upgrade-ovn3-devel suse-upgrade-ovn3-doc suse-upgrade-ovn3-docker suse-upgrade-ovn3-host suse-upgrade-ovn3-vtep suse-upgrade-python3-ovs3 References https://attackerkb.com/topics/cve-2023-3152 CVE - 2023-3152

Cisco ASA: CVE-2023-20006: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/07/2023 Created 07/10/2023 Added 07/10/2023 Modified 07/16/2024 Description A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload. Solution(s) cisco-asa-update-latest References https://attackerkb.com/topics/cve-2023-20006 CVE - 2023-20006 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6 cisco-sa-asaftd-ssl-dos-uu7mV5p6

SUSE: CVE-2023-33863: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/07/2023 Created 09/26/2023 Added 09/26/2023 Modified 01/28/2025 Description SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1. Solution(s) suse-upgrade-renderdoc suse-upgrade-renderdoc-devel References https://attackerkb.com/topics/cve-2023-33863 CVE - 2023-33863

SUSE: CVE-2023-33865: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/07/2023 Created 09/26/2023 Added 09/26/2023 Modified 01/28/2025 Description RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. Solution(s) suse-upgrade-renderdoc suse-upgrade-renderdoc-devel References https://attackerkb.com/topics/cve-2023-33865 CVE - 2023-33865

SUSE: CVE-2023-34416: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/07/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2023-34416 CVE - 2023-34416

OS X update for WebKit (CVE-2023-32409) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32409 CVE - 2023-32409 https://support.apple.com/kb/HT213758

OS X update for Shortcuts (CVE-2023-32404) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32404 CVE - 2023-32404 https://support.apple.com/kb/HT213758

OS X update for SQLite (CVE-2023-32422) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32422 CVE - 2023-32422 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

OS X update for WebKit (CVE-2023-32423) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32423 CVE - 2023-32423 https://support.apple.com/kb/HT213758

OS X update for Siri (CVE-2023-32394) Severity 2 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32394 CVE - 2023-32394 https://support.apple.com/kb/HT213758

OS X update for StorageKit (CVE-2023-32376) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32376 CVE - 2023-32376 https://support.apple.com/kb/HT213758

Ivanti EPM Agent Portal Command Execution Disclosed 06/07/2023 Created 11/21/2024 Description This module leverages an unauthenticated RCE in Ivanti's EPM Agent Portal where a RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior to EPM 2021.1 Su4 and EPM 2022 Su2. Author(s) James Horseman Zach Hanley Spencer McIntyre Platform Windows Architectures cmd Development Source Code History

OS X update for ImageIO (CVE-2023-32372) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/07/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32372 CVE - 2023-32372 https://support.apple.com/kb/HT213758

Wireshark : CVE-2023-0668 : IEEE C37.118 Synchrophasor dissector crash Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/07/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. Solution(s) wireshark-upgrade-3_6_14 wireshark-upgrade-4_0_6 References https://attackerkb.com/topics/cve-2023-0668 CVE - 2023-0668 https://www.wireshark.org/security/wnpa-sec-2023-19.html

VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE Disclosed 06/07/2023 Created 07/25/2023 Description VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are vulnerable. This module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0. Author(s) Sina Kheirkhah Anonymous with Trend Micro Zero Day Initiative h00die Platform Linux,Unix Architectures cmd, x64 Development Source Code History

SUSE: CVE-2023-0667: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/07/2023 Created 08/10/2023 Added 08/10/2023 Modified 01/28/2025 Description Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-0667 CVE - 2023-0667

Ubuntu: USN-6745-1 (CVE-2022-25834): Percona XtraBackup vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/07/2023 Created 04/24/2024 Added 04/23/2024 Modified 01/28/2025 Description In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands. Solution(s) ubuntu-pro-upgrade-percona-xtrabackup References https://attackerkb.com/topics/cve-2022-25834 CVE - 2022-25834 USN-6745-1