ISHACK AI BOT

Amazon Linux AMI 2: CVE-2022-48502: Security patch for kernel (ALASKERNEL-5.15-2023-025) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 05/31/2023 Created 08/10/2023 Added 08/10/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-122-77-145 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48502 AL2/ALASKERNEL-5.15-2023-025 CVE - 2022-48502

Huawei EulerOS: CVE-2023-34256: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-34256 CVE - 2023-34256 EulerOS-SA-2023-3132

JetBrains TeamCity: CVE-2023-34220: Stored XSS in the Commit Status Publisher window was possible (TW-80262) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34220 CVE - 2023-34220 https://www.jetbrains.com/privacy-security/issues-fixed/

JetBrains TeamCity: CVE-2023-34223: Parameters of the "password" type from build dependencies could be logged in some cases (TW-81338) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34223 CVE - 2023-34223 https://www.jetbrains.com/privacy-security/issues-fixed/

Red Hat: CVE-2023-3006: RHEL: Add Spectre-BHB mitigation for AmpereOne (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 05/31/2023 Created 05/31/2024 Added 05/30/2024 Modified 05/30/2024 Description A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. Solution(s) redhat-upgrade-kernel References CVE-2023-3006 RHSA-2024:3462

JetBrains TeamCity: CVE-2023-34229: Stored XSS in GitLab Connection page was possible (TW-80174) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34229 CVE - 2023-34229 https://www.jetbrains.com/privacy-security/issues-fixed/

JetBrains TeamCity: CVE-2023-34222: Possible XSS in the Plugin Vendor URL was possible (TW-80378) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 05/31/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-34222 CVE - 2023-34222 https://www.jetbrains.com/privacy-security/issues-fixed/

VMware Photon OS: CVE-2022-48502 Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 05/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-48502 CVE - 2022-48502

Ubuntu: (Multiple Advisories) (CVE-2022-48502): Linux kernel vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 05/31/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1025-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-nvidia ubuntu-upgrade-linux-image-5-15-0-1030-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-ibm ubuntu-upgrade-linux-image-5-15-0-1035-raspi ubuntu-upgrade-linux-image-5-15-0-1037-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1039-gcp ubuntu-upgrade-linux-image-5-15-0-1039-gke ubuntu-upgrade-linux-image-5-15-0-1039-kvm ubuntu-upgrade-linux-image-5-15-0-1040-oracle ubuntu-upgrade-linux-image-5-15-0-1041-aws ubuntu-upgrade-linux-image-5-15-0-1042-aws ubuntu-upgrade-linux-image-5-15-0-1043-azure-fde ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-79-generic ubuntu-upgrade-linux-image-5-15-0-79-generic-64k ubuntu-upgrade-linux-image-5-15-0-79-generic-lpae ubuntu-upgrade-linux-image-5-15-0-79-lowlatency ubuntu-upgrade-linux-image-5-15-0-79-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1029-aws ubuntu-upgrade-linux-image-5-19-0-1030-gcp ubuntu-upgrade-linux-image-5-19-0-50-generic ubuntu-upgrade-linux-image-5-19-0-50-generic-64k ubuntu-upgrade-linux-image-5-19-0-50-generic-lpae ubuntu-upgrade-linux-image-6-1-0-1019-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2022-48502 CVE - 2022-48502 USN-6260-1 USN-6285-1 USN-6300-1 USN-6311-1 USN-6332-1 USN-6347-1 View more

Amazon Linux AMI: CVE-2023-34256: Security patch for kernel (ALAS-2023-1773) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/31/2023 Created 07/05/2023 Added 07/04/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1773 CVE-2023-34256

Ubuntu: (Multiple Advisories) (CVE-2023-3006): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/31/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/30/2025 Description A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1129-oracle ubuntu-upgrade-linux-image-4-15-0-1150-kvm ubuntu-upgrade-linux-image-4-15-0-1160-gcp ubuntu-upgrade-linux-image-4-15-0-1166-aws ubuntu-upgrade-linux-image-4-15-0-1175-azure ubuntu-upgrade-linux-image-4-15-0-223-generic ubuntu-upgrade-linux-image-4-15-0-223-lowlatency ubuntu-upgrade-linux-image-5-4-0-1028-iot ubuntu-upgrade-linux-image-5-4-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1063-ibm ubuntu-upgrade-linux-image-5-4-0-1076-bluefield ubuntu-upgrade-linux-image-5-4-0-1083-gkeop ubuntu-upgrade-linux-image-5-4-0-1100-raspi ubuntu-upgrade-linux-image-5-4-0-1104-kvm ubuntu-upgrade-linux-image-5-4-0-1115-oracle ubuntu-upgrade-linux-image-5-4-0-1116-aws ubuntu-upgrade-linux-image-5-4-0-1120-gcp ubuntu-upgrade-linux-image-5-4-0-1121-azure ubuntu-upgrade-linux-image-5-4-0-169-generic ubuntu-upgrade-linux-image-5-4-0-169-generic-lpae ubuntu-upgrade-linux-image-5-4-0-169-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-3006 CVE - 2023-3006 USN-6548-1 USN-6548-2 USN-6548-3 USN-6548-4 USN-6548-5 USN-6701-1 USN-6701-2 USN-6701-3 USN-6701-4 View more

VMware Photon OS: CVE-2023-3006 Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3006 CVE - 2023-3006

VMware Photon OS: CVE-2023-34256 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-34256 CVE - 2023-34256

Huawei EulerOS: CVE-2023-2953: openldap security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) huawei-euleros-2_0_sp11-upgrade-openldap huawei-euleros-2_0_sp11-upgrade-openldap-clients huawei-euleros-2_0_sp11-upgrade-openldap-servers References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 EulerOS-SA-2023-2701

OS X update for OpenLDAP (CVE-2023-2953) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 07/25/2023 Added 07/25/2023 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

Debian: CVE-2023-2939: chromium -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2939 CVE - 2023-2939 DSA-5418-1

Amazon Linux AMI: CVE-2023-2650: Security patch for openssl (ALAS-2023-1762) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 06/12/2023 Added 06/09/2023 Modified 01/28/2025 Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time.The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced.This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL.If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS.It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain.Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates.This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. Solution(s) amazon-linux-upgrade-openssl References ALAS-2023-1762 CVE-2023-2650

IBM AIX: openssl_advisory39 (CVE-2023-2650): Vulnerability in openssl affects AIX Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/30/2025 Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time.The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced.This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL.If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS.It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain.Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates.This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. Solution(s) ibm-aix-openssl_advisory39 References https://attackerkb.com/topics/cve-2023-2650 CVE - 2023-2650 https://aix.software.ibm.com/aix/efixes/security/openssl_advisory39.asc

Microsoft Edge Chromium: CVE-2023-2933 Use after free in PDF Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2933 CVE - 2023-2933 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2933

Amazon Linux AMI 2: CVE-2023-2953: Security patch for openldap (ALAS-2023-2095) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) amazon-linux-ami-2-upgrade-openldap amazon-linux-ami-2-upgrade-openldap-clients amazon-linux-ami-2-upgrade-openldap-debuginfo amazon-linux-ami-2-upgrade-openldap-devel amazon-linux-ami-2-upgrade-openldap-servers amazon-linux-ami-2-upgrade-openldap-servers-sql References https://attackerkb.com/topics/cve-2023-2953 AL2/ALAS-2023-2095 CVE - 2023-2953

Microsoft Edge Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2941 CVE - 2023-2941 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2941

Microsoft Edge Chromium: CVE-2023-2940 Inappropriate implementation in Downloads Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2940 CVE - 2023-2940 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2940

Ubuntu: (Multiple Advisories) (CVE-2023-34151): ImageMagick vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Solution(s) ubuntu-pro-upgrade-imagemagick ubuntu-pro-upgrade-imagemagick-6-common ubuntu-pro-upgrade-imagemagick-6-q16 ubuntu-pro-upgrade-imagemagick-6-q16hdri ubuntu-pro-upgrade-imagemagick-common ubuntu-pro-upgrade-libimage-magick-perl ubuntu-pro-upgrade-libimage-magick-q16-perl ubuntu-pro-upgrade-libimage-magick-q16hdri-perl ubuntu-pro-upgrade-libmagick-6-headers ubuntu-pro-upgrade-libmagick-6-q16-5v5 ubuntu-pro-upgrade-libmagick-6-q16-7 ubuntu-pro-upgrade-libmagick-6-q16-8 ubuntu-pro-upgrade-libmagick-6-q16-dev ubuntu-pro-upgrade-libmagick-6-q16hdri-7 ubuntu-pro-upgrade-libmagick-6-q16hdri-8 ubuntu-pro-upgrade-libmagick-6-q16hdri-dev ubuntu-pro-upgrade-libmagick-dev ubuntu-pro-upgrade-libmagickcore-6-headers ubuntu-pro-upgrade-libmagickcore-6-q16-2 ubuntu-pro-upgrade-libmagickcore-6-q16-3 ubuntu-pro-upgrade-libmagickcore-6-q16-6 ubuntu-pro-upgrade-libmagickcore-6-q16-dev ubuntu-pro-upgrade-libmagickcore-6-q16hdri-3 ubuntu-pro-upgrade-libmagickcore-6-q16hdri-6 ubuntu-pro-upgrade-libmagickcore-6-q16hdri-dev ubuntu-pro-upgrade-libmagickcore-dev ubuntu-pro-upgrade-libmagickwand-6-headers ubuntu-pro-upgrade-libmagickwand-6-q16-2 ubuntu-pro-upgrade-libmagickwand-6-q16-3 ubuntu-pro-upgrade-libmagickwand-6-q16-6 ubuntu-pro-upgrade-libmagickwand-6-q16-dev ubuntu-pro-upgrade-libmagickwand-6-q16hdri-6 ubuntu-pro-upgrade-libmagickwand-6-q16hdri-dev ubuntu-pro-upgrade-libmagickwand-dev ubuntu-pro-upgrade-perlmagick References https://attackerkb.com/topics/cve-2023-34151 CVE - 2023-34151 USN-6200-1 USN-6200-2

Microsoft Edge Chromium: CVE-2023-2935 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2935 CVE - 2023-2935 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2935

Microsoft Edge Chromium: CVE-2023-2936 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2936 CVE - 2023-2936 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2936