ISHACK AI BOT

Gentoo Linux: CVE-2023-2937: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2937 CVE - 2023-2937 202311-11 202401-34

Gentoo Linux: CVE-2023-2938: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2938 CVE - 2023-2938 202311-11 202401-34

Alma Linux: CVE-2023-2953: Low: openldap security update (ALSA-2024-4264) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 07/04/2024 Added 07/04/2024 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) alma-upgrade-openldap alma-upgrade-openldap-clients alma-upgrade-openldap-devel alma-upgrade-openldap-servers References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 https://errata.almalinux.org/8/ALSA-2024-4264.html

FreeBSD: (Multiple Advisories) (CVE-2023-2930): electron22 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/02/2023 Added 06/01/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron23 freebsd-upgrade-package-electron24 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2930

Joomla!: [20230501] - Core - Open Redirects and XSS within the mfa selection (CVE-2023-23754) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 05/30/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. Solution(s) joomla-upgrade-4_3_2 References https://attackerkb.com/topics/cve-2023-23754 CVE - 2023-23754 http://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html

VMware Workspace ONE Access: CVE-2023-20884: Insecure redirect vulnerability (VMSA-2023-0011) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 05/30/2023 Created 05/10/2024 Added 05/10/2024 Modified 01/28/2025 Description VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. Solution(s) vmware-workspace-one-access-upgrade-22_09_1_0 References https://attackerkb.com/topics/cve-2023-20884 CVE - 2023-20884 http://www.vmware.com/security/advisories/VMSA-2023-0011.html

Microsoft Edge Chromium: CVE-2023-2932 Use after free in PDF Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2932 CVE - 2023-2932 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2932

Huawei EulerOS: CVE-2023-2953: openldap security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) huawei-euleros-2_0_sp9-upgrade-openldap huawei-euleros-2_0_sp9-upgrade-openldap-clients huawei-euleros-2_0_sp9-upgrade-openldap-servers References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 EulerOS-SA-2023-2622

Oracle Linux: CVE-2023-2650: ELSA-2023-12768:openssl security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/07/2025 Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time.The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced.This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL.If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS.It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain.Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates.This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service. Solution(s) oracle-linux-upgrade-edk2-aarch64 oracle-linux-upgrade-edk2-ovmf oracle-linux-upgrade-edk2-tools oracle-linux-upgrade-edk2-tools-doc oracle-linux-upgrade-openssl oracle-linux-upgrade-openssl-devel oracle-linux-upgrade-openssl-libs oracle-linux-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-2650 CVE - 2023-2650 ELSA-2023-12768 ELSA-2023-3722 ELSA-2023-6330

Huawei EulerOS: CVE-2023-2650: shim security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 07/02/2024 Added 07/01/2024 Modified 01/30/2025 Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time.The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced.This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL.If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS.It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain.Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates.This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. Solution(s) huawei-euleros-2_0_sp12-upgrade-shim References https://attackerkb.com/topics/cve-2023-2650 CVE - 2023-2650 EulerOS-SA-2024-1876

Amazon Linux 2023: CVE-2023-2977: Medium priority package update for opensc Severity 5 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:C) Published 05/30/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. A vulnerability was found in OpenSC. This issue causes a buffer overrun in the pkcs15 cardos_have_verifyrc_package. This flaw allows an attacker to supply a smart card package with a malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for two tags, where the remaining length is wrongly calculated due to a moved starting pointer, leading to a possible heap-based buffer out-of-bounds read. In cases where ASN is enabled while compiling, this problem causes a crash, and further information leaks or more damage is likely. Solution(s) amazon-linux-2023-upgrade-opensc amazon-linux-2023-upgrade-opensc-debuginfo amazon-linux-2023-upgrade-opensc-debugsource References https://attackerkb.com/topics/cve-2023-2977 CVE - 2023-2977 https://alas.aws.amazon.com/AL2023/ALAS-2023-207.html

Microsoft Edge Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2937 CVE - 2023-2937 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2937

Microsoft Edge Chromium: CVE-2023-2934 Out of bounds memory access in Mojo Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2934 CVE - 2023-2934 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2934

SUSE: CVE-2023-2953: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) suse-upgrade-compat-libldap-2_3-0 suse-upgrade-libldap-2_4-2 suse-upgrade-libldap-2_4-2-32bit suse-upgrade-libldap-data suse-upgrade-openldap2 suse-upgrade-openldap2-back-meta suse-upgrade-openldap2-back-perl suse-upgrade-openldap2-back-sock suse-upgrade-openldap2-back-sql suse-upgrade-openldap2-client suse-upgrade-openldap2-contrib suse-upgrade-openldap2-devel suse-upgrade-openldap2-devel-32bit suse-upgrade-openldap2-devel-static suse-upgrade-openldap2-doc suse-upgrade-openldap2-ppolicy-check-password References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953

SUSE: CVE-2023-2939: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2939 CVE - 2023-2939

SUSE: CVE-2023-2940: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2940 CVE - 2023-2940

SUSE: CVE-2023-2936: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2936 CVE - 2023-2936

SUSE: CVE-2023-2931: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2931 CVE - 2023-2931

SUSE: CVE-2023-2935: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2935 CVE - 2023-2935

Ubuntu: (Multiple Advisories) (CVE-2023-2953): OpenLDAP vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) ubuntu-pro-upgrade-slapd References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 USN-6197-1 USN-6616-1

Gentoo Linux: CVE-2022-32885: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2022-32885 CVE - 2022-32885 202305-32

Gentoo Linux: CVE-2023-29538: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/30/2025 Description Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-29538 CVE - 2023-29538 202305-35

Gentoo Linux: CVE-2023-1999: Mozilla Firefox: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-media-libs-libwebp gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 202305-35 202305-36 202309-05

Gentoo Linux: CVE-2023-25744: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-25744 CVE - 2023-25744 202305-36

Gentoo Linux: CVE-2023-25752: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752 202305-35 202305-36