ISHACK AI BOT

Splunk "edit_user" Capability Privilege Escalation Disclosed 06/01/2023 Created 10/26/2023 Description A low-privileged user who holds a role that has the "edit_user" capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the "edit_user" capability does not honor the "grantableRoles" setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving RCE. Author(s) Mr Hack (try_to_hack) Santiago Lopez Heyder Andrade Redway Security <redwaysecurity.com> Platform Linux,OSX,Unix,Windows Development Source Code History

Debian: CVE-2023-32324: cups -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/01/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. Solution(s) debian-upgrade-cups References https://attackerkb.com/topics/cve-2023-32324 CVE - 2023-32324 DLA-3440-1

Amazon Linux 2023: CVE-2023-32324: Medium priority package update for cups Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 06/01/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. A flaw was found in the Cups package. A buffer overflow vulnerability in the |format_log_line| function could allow remote attackers to cause a denial of service. Exploitation is only possible when the configuration file, cupsd.conf, has the value of loglevel set to DEBUG. Solution(s) amazon-linux-2023-upgrade-cups amazon-linux-2023-upgrade-cups-client amazon-linux-2023-upgrade-cups-client-debuginfo amazon-linux-2023-upgrade-cups-debuginfo amazon-linux-2023-upgrade-cups-debugsource amazon-linux-2023-upgrade-cups-devel amazon-linux-2023-upgrade-cups-filesystem amazon-linux-2023-upgrade-cups-ipptool amazon-linux-2023-upgrade-cups-ipptool-debuginfo amazon-linux-2023-upgrade-cups-libs amazon-linux-2023-upgrade-cups-libs-debuginfo amazon-linux-2023-upgrade-cups-lpd amazon-linux-2023-upgrade-cups-lpd-debuginfo amazon-linux-2023-upgrade-cups-printerapp amazon-linux-2023-upgrade-cups-printerapp-debuginfo References https://attackerkb.com/topics/cve-2023-32324 CVE - 2023-32324 https://alas.aws.amazon.com/AL2023/ALAS-2023-215.html

Red Hat: CVE-2023-22652: stack-based buffer overflow in read_file() in lib/getfilecontents.c (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/01/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/30/2025 Description A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. Solution(s) redhat-upgrade-libeconf redhat-upgrade-libeconf-debuginfo redhat-upgrade-libeconf-debugsource redhat-upgrade-libeconf-utils-debuginfo References CVE-2023-22652 RHSA-2023:4347

Huawei EulerOS: CVE-2023-32324: cups security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/01/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. Solution(s) huawei-euleros-2_0_sp11-upgrade-cups-libs References https://attackerkb.com/topics/cve-2023-32324 CVE - 2023-32324 EulerOS-SA-2023-2834

Amazon Linux AMI: CVE-2023-32324: Security patch for cups (ALAS-2023-1796) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/01/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. Solution(s) amazon-linux-upgrade-cups References ALAS-2023-1796 CVE-2023-32324

JetBrains TeamCity: CVE-2023-34225: Stored XSS in the NuGet feed page was possible (TW-81031) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34225 CVE - 2023-34225 https://www.jetbrains.com/privacy-security/issues-fixed/

JetBrains TeamCity: CVE-2023-34226: Reflected XSS in the Subscriptions page was possible (TW-80881) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34226 CVE - 2023-34226 https://www.jetbrains.com/privacy-security/issues-fixed/

JetBrains TeamCity: CVE-2023-34227: A specific endpoint was vulnerable to brute force attacks (TW-80842) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34227 CVE - 2023-34227 https://www.jetbrains.com/privacy-security/issues-fixed/

Huawei EulerOS: CVE-2023-3006: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3006 CVE - 2023-3006 EulerOS-SA-2023-2879

Progress MOVEit Transfer Critical Vulnerability (CVE-2023-34362): Privilege Escalation and Unauthorized Access (Remote) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/31/2023 Created 06/07/2023 Added 06/07/2023 Modified 10/31/2024 Description Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. This check remotely interacts with the MOVEit Transfer API to detect versions to assess vulnerability. Solution(s) progress-moveit-transfer-critical-may-2023 References https://attackerkb.com/topics/cve-2023-34362 CVE - 2023-34362 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/

Huawei EulerOS: CVE-2023-34256: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/31/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/30/2025 Description An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-34256 CVE - 2023-34256 EulerOS-SA-2023-2614

Debian: CVE-2022-48502: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 05/31/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48502 CVE - 2022-48502

Huawei EulerOS: CVE-2023-34256: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-34256 CVE - 2023-34256 EulerOS-SA-2023-2860

MOVEit SQL Injection vulnerability Disclosed 05/31/2023 Created 06/22/2023 Description This module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer’s database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker can leverage an information leak be able to upload a .NET deserialization payload. Author(s) sfewer-r7 rbowes-r7 bwatters-r7 Platform Windows Architectures cmd Development Source Code History

Ubuntu: USN-6125-1 (CVE-2023-1523): snapd vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/31/2023 Created 06/01/2023 Added 06/01/2023 Modified 01/28/2025 Description Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Solution(s) ubuntu-pro-upgrade-snapd References https://attackerkb.com/topics/cve-2023-1523 CVE - 2023-1523 USN-6125-1

Debian: CVE-2023-3012: gpac -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/31/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-3012 CVE - 2023-3012 DSA-5452 DSA-5452-1

Red Hat: CVE-2023-0119: Moderate: Satellite 6.13.1 Async Security Update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 05/31/2023 Created 06/01/2023 Added 06/01/2023 Modified 01/28/2025 Description A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite redhat-upgrade-satellite-branding redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References CVE-2023-0119

Google Chrome Vulnerability: CVE-2023-2941 Inappropriate implementation in Extensions API Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/31/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2941 CVE - 2023-2941 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html

Google Chrome Vulnerability: CVE-2023-2937 Inappropriate implementation in Picture In Picture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/31/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2937 CVE - 2023-2937 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html

Google Chrome Vulnerability: CVE-2023-2939 Insufficient data validation in Installer Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/31/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2939 CVE - 2023-2939 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1427431

Google Chrome Vulnerability: CVE-2023-2929 Out of bounds write in Swiftshader Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/31/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2929 CVE - 2023-2929 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html

Google Chrome Vulnerability: CVE-2023-2931 Use after free in PDF Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/31/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2931 CVE - 2023-2931 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html

Debian: CVE-2023-3006: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/31/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3006 CVE - 2023-3006

Amazon Linux AMI 2: CVE-2023-34256: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/31/2023 Created 06/30/2023 Added 06/30/2023 Modified 01/30/2025 Description An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-318-240-529 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-184-174-730 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-117-72-142 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-34256 AL2/ALAS-2023-2100 AL2/ALASKERNEL-5.10-2023-034 AL2/ALASKERNEL-5.15-2023-021 AL2/ALASKERNEL-5.4-2023-047 CVE - 2023-34256