ISHACK AI BOT

Microsoft Edge Chromium: CVE-2023-2466 Inappropriate implementation in Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2466 CVE - 2023-2466 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466

Microsoft Edge Chromium: CVE-2023-2467 Inappropriate implementation in Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2467 CVE - 2023-2467 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467

Oracle Linux: CVE-2022-40318: ELSA-2023-6434:frr security and bug fix update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/03/2023 Created 07/26/2024 Added 07/22/2024 Modified 11/25/2024 Description An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. A vulnerability was found in FRRouting. The issue occurs in bgpd in FRRouting (FRR). By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart or out-of-bounds read). This flaw is possible due to inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. This behavior occurs in the bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. Solution(s) oracle-linux-upgrade-frr oracle-linux-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2022-40318 CVE - 2022-40318 ELSA-2023-6434

Google Chrome Vulnerability: CVE-2023-2466 Inappropriate implementation in Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2466 CVE - 2023-2466

Google Chrome Vulnerability: CVE-2023-2460 Insufficient validation of untrusted input in Extensions Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2460 CVE - 2023-2460

Alma Linux: CVE-2022-40318: Moderate: frr security and bug fix update (ALSA-2023-6434) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/03/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2022-40318 CVE - 2022-40318 https://errata.almalinux.org/9/ALSA-2023-6434.html

Google Chrome Vulnerability: CVE-2023-2467 Inappropriate implementation in Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2467 CVE - 2023-2467

Google Chrome Vulnerability: CVE-2023-2464 Inappropriate implementation in PictureInPicture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-2464 CVE - 2023-2464

F5 Networks: CVE-2023-24594: K000133132: BIG-IP TMM SSL vulnerability CVE-2023-24594 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 05/03/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-24594 CVE - 2023-24594 https://my.f5.com/manage/s/article/K000133132

Debian: CVE-2023-2465: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/03/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2465 CVE - 2023-2465 DSA-5398-1

Debian: CVE-2023-2463: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2463 CVE - 2023-2463 DSA-5398-1

FreeBSD: VID-246174D3-E979-11ED-8290-A8A1599412C6 (CVE-2023-2462): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2462

Oracle Linux: CVE-2023-30570: ELSA-2023-2122:libreswan security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/03/2023 Created 05/22/2024 Added 05/21/2024 Modified 01/07/2025 Description pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. Solution(s) oracle-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-30570 CVE - 2023-30570 ELSA-2023-2122 ELSA-2023-2120

Amazon Linux AMI 2: CVE-2023-29536: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-29536 AL2/ALAS-2023-2028 AL2/ALASFIREFOX-2023-006 CVE - 2023-29536

SUSE: CVE-2023-2468: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 06/01/2023 Added 06/01/2023 Modified 01/28/2025 Description Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2468 CVE - 2023-2468

Gentoo Linux: CVE-2023-2465: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/03/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2465 CVE - 2023-2465 202309-17

Gentoo Linux: CVE-2023-2462: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2462 CVE - 2023-2462 202309-17

Gentoo Linux: CVE-2023-23601: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23601 CVE - 2023-23601 202305-06 202305-13

Gentoo Linux: CVE-2023-23598: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/30/2025 Description Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23598 CVE - 2023-23598 202305-06 202305-13

Gentoo Linux: CVE-2023-23599: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23599 CVE - 2023-23599 202305-06 202305-13

Gentoo Linux: CVE-2023-23602: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23602 CVE - 2023-23602 202305-06 202305-13

Gentoo Linux: CVE-2023-23603: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/30/2025 Description Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23603 CVE - 2023-23603 202305-06 202305-13

Gentoo Linux: CVE-2023-2459: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/03/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2459 CVE - 2023-2459 202309-17

Gentoo Linux: CVE-2023-2460: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:N) Published 05/03/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2460 CVE - 2023-2460 202309-17

Gentoo Linux: CVE-2023-2468: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2468 CVE - 2023-2468 202309-17