ISHACK AI BOT

Alpine Linux: CVE-2023-2935: Type Confusion Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-2935 CVE - 2023-2935 https://security.alpinelinux.org/vuln/CVE-2023-2935

Gentoo Linux: CVE-2023-1945: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-1945 CVE - 2023-1945 202305-35 202305-36

Gentoo Linux: CVE-2022-46283: X.Org X server, XWayland: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 05/31/2023 Description Please review the referenced CVE identifiers for details. Solution(s) gentoo-linux-upgrade-x11-base-xorg-server gentoo-linux-upgrade-x11-base-xwayland References https://attackerkb.com/topics/cve-2022-46283 CVE - 2022-46283 202305-30

Gentoo Linux: CVE-2023-25729: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-25729 CVE - 2023-25729 202305-35 202305-36

Gentoo Linux: CVE-2023-25728: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/30/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 202305-35 202305-36

Gentoo Linux: CVE-2023-25748: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-25748 CVE - 2023-25748 202305-35

Gentoo Linux: CVE-2023-25743: Mozilla Thunderbird: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-25743 CVE - 2023-25743 202305-36

VMware Photon OS: CVE-2023-2953 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953

Gentoo Linux: CVE-2023-25730: Mozilla Firefox: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 202305-35 202305-36

FreeBSD: VID-FD87A250-FF78-11ED-8290-A8A1599412C6 (CVE-2023-2937): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/02/2023 Added 06/01/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2937

Amazon Linux AMI 2: CVE-2023-2952: Security patch for wireshark (ALAS-2023-2187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file Solution(s) amazon-linux-ami-2-upgrade-wireshark amazon-linux-ami-2-upgrade-wireshark-cli amazon-linux-ami-2-upgrade-wireshark-debuginfo amazon-linux-ami-2-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-2952 AL2/ALAS-2023-2187 CVE - 2023-2952

SUSE: CVE-2023-0668: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-0668 CVE - 2023-0668

SUSE: CVE-2023-2932: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2932 CVE - 2023-2932

Debian: CVE-2023-2650: openssl -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 06/02/2023 Added 06/02/2023 Modified 01/30/2025 Description Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time.The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced.This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL.If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS.It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain.Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates.This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2023-2650 CVE - 2023-2650 DSA-5417-1

SUSE: CVE-2023-2952: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 08/10/2023 Added 08/10/2023 Modified 01/28/2025 Description XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-2952 CVE - 2023-2952 DSA-5429

SUSE: CVE-2023-2941: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/12/2023 Added 06/12/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2941 CVE - 2023-2941

Microsoft Edge Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2938 CVE - 2023-2938 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2938

Debian: CVE-2023-2931: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2931 CVE - 2023-2931 DSA-5418-1

Debian: CVE-2023-2930: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2930 CVE - 2023-2930 DSA-5418-1

Debian: CVE-2023-32685: kanboard -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 05/30/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29. Solution(s) debian-upgrade-kanboard References https://attackerkb.com/topics/cve-2023-32685 CVE - 2023-32685

Debian: CVE-2023-34151: imagemagick -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 02/24/2024 Added 02/23/2024 Modified 01/28/2025 Description A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Solution(s) debian-upgrade-imagemagick References https://attackerkb.com/topics/cve-2023-34151 CVE - 2023-34151 DLA-3737-1

Debian: CVE-2023-2929: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2929 CVE - 2023-2929 DSA-5418-1

FreeBSD: VID-FD87A250-FF78-11ED-8290-A8A1599412C6 (CVE-2023-2938): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/02/2023 Added 06/01/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2938

Alpine Linux: CVE-2023-2933: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-2933 CVE - 2023-2933 https://security.alpinelinux.org/vuln/CVE-2023-2933

FreeBSD: VID-FD87A250-FF78-11ED-8290-A8A1599412C6 (CVE-2023-2929): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/30/2023 Created 06/02/2023 Added 06/01/2023 Modified 01/28/2025 Description Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2929