ISHACK AI BOT

OS X update for Kernel (CVE-2023-23536) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-23536 CVE - 2023-23536 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

Red Hat: CVE-2023-30861: Important: python-flask security update (RHSA-2023:3525) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. Solution(s) redhat-upgrade-python-flask References CVE-2023-30861

Moodle: Externally Controlled Reference to a Resource in Another Sphere (CVE-2023-30943) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/02/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Solution(s) moodle-upgrade-4_1_3 References https://attackerkb.com/topics/cve-2023-30943 CVE - 2023-30943 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718 https://bugzilla.redhat.com/show_bug.cgi?id=2188605 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54TM5H5PDUDYXOQ7X7PPYWP4AJDAE73I/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZBWRVUJF7HI53XCJPJ3YJZPOV5HBRUY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBFSXRYLT4ICKJVQSRBAOUDMDRVSVBLS/ https://moodle.org/mod/forum/discuss.php?d=446285 View more

FreeBSD: VID-FD47FCFE-EC69-4000-B9CE-E5E62102C1C7 (CVE-2023-26268): couchdb -- information sharing via couchjs processes Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 05/02/2023 Created 12/20/2023 Added 12/17/2023 Modified 01/28/2025 Description Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: *validate_doc_update *list *filter *filter views (using view functions as filters) *rewrite *update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment. Solution(s) freebsd-upgrade-package-couchdb References CVE-2023-26268

CentOS Linux: CVE-2023-30861: Important: python-flask security update (CESA-2023:3525) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. Solution(s) centos-upgrade-python-flask References CVE-2023-30861

Alma Linux: CVE-2022-43681: Moderate: frr security and bug fix update (ALSA-2023-6434) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/03/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2022-43681 CVE - 2022-43681 https://errata.almalinux.org/9/ALSA-2023-6434.html

Microsoft Edge Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2463 CVE - 2023-2463 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463

Amazon Linux AMI 2: CVE-2023-29548: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-29548 AL2/ALAS-2023-2028 AL2/ALASFIREFOX-2023-006 CVE - 2023-29548

Amazon Linux AMI 2: CVE-2023-29533: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-29533 AL2/ALAS-2023-2028 AL2/ALASFIREFOX-2023-006 CVE - 2023-29533

Red Hat: CVE-2022-40302: denial of service by crafting a BGP OPEN message with an option of type 0xff (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/03/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2022-40302 RHSA-2023:6434

Gentoo Linux: CVE-2023-2463: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/03/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2463 CVE - 2023-2463 202309-17

Gentoo Linux: CVE-2023-23605: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23605 CVE - 2023-23605 202305-06 202305-13

FreeBSD: VID-4FFCCCAE-E924-11ED-9C88-001B217B3468 (CVE-2023-1621): Gitlab -- Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-4FFCCCAE-E924-11ED-9C88-001B217B3468: Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release. Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. XSS and content injection and iframe injection when viewing raw files on iOS devices Authenticated users can find other users by their private email Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1621

Gentoo Linux: CVE-2023-23597: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/03/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-23597 CVE - 2023-23597 202305-06

FreeBSD: VID-4FFCCCAE-E924-11ED-9C88-001B217B3468 (CVE-2023-0805): Gitlab -- Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-4FFCCCAE-E924-11ED-9C88-001B217B3468: Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release. Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. XSS and content injection and iframe injection when viewing raw files on iOS devices Authenticated users can find other users by their private email Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0805

FreeBSD: VID-4FFCCCAE-E924-11ED-9C88-001B217B3468 (CVE-2023-1178): Gitlab -- Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:C/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-4FFCCCAE-E924-11ED-9C88-001B217B3468: Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release. Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. XSS and content injection and iframe injection when viewing raw files on iOS devices Authenticated users can find other users by their private email Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1178

FreeBSD: VID-4FFCCCAE-E924-11ED-9C88-001B217B3468 (CVE-2023-1836): Gitlab -- Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-4FFCCCAE-E924-11ED-9C88-001B217B3468: Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release. Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. XSS and content injection and iframe injection when viewing raw files on iOS devices Authenticated users can find other users by their private email Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1836

Alma Linux: CVE-2023-1999: Important: libwebp security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/02/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) alma-upgrade-libwebp alma-upgrade-libwebp-devel References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 https://errata.almalinux.org/8/ALSA-2023-2076.html https://errata.almalinux.org/9/ALSA-2023-2078.html

Huawei EulerOS: CVE-2023-2248: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/01/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/10/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-2248 CVE - 2023-2248 EulerOS-SA-2023-2689

Alma Linux: CVE-2023-2235: Important: kernel security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 07/12/2023 Added 07/12/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2023-2235 CVE - 2023-2235 https://errata.almalinux.org/8/ALSA-2023-4517.html https://errata.almalinux.org/8/ALSA-2023-4541.html https://errata.almalinux.org/9/ALSA-2023-3708.html https://errata.almalinux.org/9/ALSA-2023-3723.html

Sharepoint Dynamic Proxy Generator Unauth RCE Disclosed 05/01/2023 Created 03/26/2024 Description This module exploits two vulnerabilities in Sharepoint 2019, an auth bypass CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955, an RCE which was patched in May of 2023. The auth bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated RCE vulnerability leverages the impersonated privileged account to replace the "/BusinessDataMetadataCatalog/BDCMetadata.bdcm" file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API. Author(s) Jang jheysel-r7 Platform Windows Architectures cmd Development Source Code History

Atlassian Confluence: Information Disclosure Vulnerability (CVE-2023-22503) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 05/01/2023 Created 06/27/2024 Added 06/26/2024 Modified 01/30/2025 Description Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0. Solution(s) atlassian-confluence-upgrade-7_13_15 atlassian-confluence-upgrade-7_19_7 atlassian-confluence-upgrade-8_2_0 References https://attackerkb.com/topics/cve-2023-22503 CVE - 2023-22503

Red Hat: CVE-2023-2235: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-2235 RHSA-2023:3705 RHSA-2023:3708 RHSA-2023:3723 RHSA-2023:4137 RHSA-2023:4138 RHSA-2023:4517 RHSA-2023:4541 RHSA-2023:5627 View more

Alpine Linux: CVE-2023-2197: Inadequate Encryption Strength Severity 2 CVSS (AV:L/AC:M/Au:S/C:P/I:N/A:N) Published 05/01/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 Solution(s) alpine-linux-upgrade-vault References https://attackerkb.com/topics/cve-2023-2197 CVE - 2023-2197 https://security.alpinelinux.org/vuln/CVE-2023-2197

Rocky Linux: CVE-2023-2235: kernel-rt (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2235 CVE - 2023-2235 https://errata.rockylinux.org/RLSA-2023:4517 https://errata.rockylinux.org/RLSA-2023:4541