ISHACK AI BOT

CentOS Linux: CVE-2023-2235: Important: kpatch-patch security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-5_14_0-284_11_1 centos-upgrade-kpatch-patch-5_14_0-284_11_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_11_1-debugsource References CVE-2023-2235

Debian: CVE-2023-1999: firefox-esr, libwebp, thunderbird -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/01/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) debian-upgrade-firefox-esr debian-upgrade-libwebp debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 DLA-3391-1 DLA-3400-1 DSA-5385-1 DSA-5392-1

HP iLO: CVE-2023-28092: Remote Execution of Arbitrary Code, Local Disclosure of Sensitive Information Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/01/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis. Solution(s) hp-ilo-6-upgrade-1_05 References https://attackerkb.com/topics/cve-2023-28092 CVE - 2023-28092 https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04472en_us

Debian: CVE-2023-1859: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 05/01/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-1859 CVE - 2023-1859 DLA-3403-1 DLA-3404-1

Debian: CVE-2023-2235: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-2235 CVE - 2023-2235

Debian: CVE-2023-2236: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/01/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-2236 CVE - 2023-2236

Oracle Linux: CVE-2023-32233: ELSA-2023-3723:kernel security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/02/2023 Created 06/02/2023 Added 06/01/2023 Modified 01/23/2025 Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-32233 CVE - 2023-32233 ELSA-2023-3723 ELSA-2023-12394 ELSA-2023-12413 ELSA-2023-3349 ELSA-2023-12393 ELSA-2023-5622 ELSA-2023-12412 View more

Debian: CVE-2023-0459: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/01/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/30/2025 Description Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-0459 CVE - 2023-0459 DLA-3403-1 DLA-3404-1

Amazon Linux AMI 2: CVE-2023-0459: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/30/2025 Description Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-304-226-531 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-165-143-735 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-90-54-138 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-0459 AL2/ALAS-2023-1932 AL2/ALASKERNEL-5.10-2023-026 AL2/ALASKERNEL-5.15-2023-013 AL2/ALASKERNEL-5.4-2023-042 CVE - 2023-0459

Amazon Linux 2023: CVE-2023-32233: Important priority package update for kernel Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/02/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-29-47-49 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-32233 CVE - 2023-32233 https://alas.aws.amazon.com/AL2023/ALAS-2023-184.html

Red Hat OpenShift: CVE-2023-30861: flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/30/2025 Description Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. Solution(s) linuxrpm-upgrade-python-flask References https://attackerkb.com/topics/cve-2023-30861 CVE - 2023-30861 RHSA-2023:3440 RHSA-2023:3444 RHSA-2023:3446 RHSA-2023:3525 RHSA-2023:3536 RHSA-2023:3541 RHSA-2023:3545 RHSA-2023:7341 View more

Apple Safari security update for CVE-2023-28201 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution. Solution(s) apple-safari-upgrade-16_4 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-28201 CVE - 2023-28201 http://support.apple.com/kb/HT213671

OS X update for Mail (CVE-2023-28189) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to view sensitive information. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28189 CVE - 2023-28189 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

Ubuntu: USN-6111-1 (CVE-2023-30861): Flask vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 05/31/2023 Added 05/30/2023 Modified 01/30/2025 Description Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. Solution(s) ubuntu-upgrade-python3-flask References https://attackerkb.com/topics/cve-2023-30861 CVE - 2023-30861 USN-6111-1

OS X update for dcerpc (CVE-2023-23539) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-13_2 References https://attackerkb.com/topics/cve-2023-23539 CVE - 2023-23539 https://support.apple.com/kb/HT213605

FreeBSD: VID-4FFCCCAE-E924-11ED-9C88-001B217B3468 (CVE-2022-4376): Gitlab -- Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-4FFCCCAE-E924-11ED-9C88-001B217B3468: Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release. Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. XSS and content injection and iframe injection when viewing raw files on iOS devices Authenticated users can find other users by their private email Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-4376

OS X update for Kernel (CVE-2023-23516) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-11_7_3 apple-osx-upgrade-12_6_3 apple-osx-upgrade-13_2 References https://attackerkb.com/topics/cve-2023-23516 CVE - 2023-23516 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604 https://support.apple.com/kb/HT213605

OS X update for Mail (CVE-2022-42834) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression Solution(s) apple-osx-upgrade-11_7_3 apple-osx-upgrade-12_6_3 apple-osx-upgrade-13 References https://attackerkb.com/topics/cve-2022-42834 CVE - 2022-42834 https://support.apple.com/kb/HT213488 https://support.apple.com/kb/HT213603 https://support.apple.com/kb/HT213604

OS X update for TCC (CVE-2022-46718) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information Solution(s) apple-osx-upgrade-11_7_2 apple-osx-upgrade-12_6_2 apple-osx-upgrade-13_1 References https://attackerkb.com/topics/cve-2022-46718 CVE - 2022-46718 https://support.apple.com/kb/HT213532 https://support.apple.com/kb/HT213533 https://support.apple.com/kb/HT213534

SUSE: CVE-2023-30861: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/02/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. Solution(s) suse-upgrade-python3-flask suse-upgrade-python3-flask-doc References https://attackerkb.com/topics/cve-2023-30861 CVE - 2023-30861

FreeBSD: VID-4FFCCCAE-E924-11ED-9C88-001B217B3468 (CVE-2023-0756): Gitlab -- Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 05/02/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-4FFCCCAE-E924-11ED-9C88-001B217B3468: Gitlab reports: Privilege escalation for external users when OIDC is enabled under certain conditions Account takeover through open redirect for Group SAML accounts Users on banned IP addresses can still commit to projects User with developer role (group) can modify Protected branches setting on imported project and leak group CI/CD variables The Gitlab web interface does not guarantee file integrity when downloading source code or installation packages from a tag or from a release. Banned group member continues to have access to the public projects of a public group with the access level as same as before the ban. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. XSS and content injection and iframe injection when viewing raw files on iOS devices Authenticated users can find other users by their private email Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0756

Huawei EulerOS: CVE-2023-2426: vim security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-2426 CVE - 2023-2426 EulerOS-SA-2023-2714

Debian: CVE-2023-2426: vim -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/29/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-2426 CVE - 2023-2426

Huawei EulerOS: CVE-2023-31484: perl security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Solution(s) huawei-euleros-2_0_sp11-upgrade-perl huawei-euleros-2_0_sp11-upgrade-perl-libs References https://attackerkb.com/topics/cve-2023-31484 CVE - 2023-31484 EulerOS-SA-2023-2703

IBM AIX: perl_advisory7 (CVE-2023-31486): Security vulnerability in Perl for AIX Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Solution(s) ibm-aix-perl_advisory7 References https://attackerkb.com/topics/cve-2023-31486 CVE - 2023-31486 https://aix.software.ibm.com/aix/efixes/security/perl_advisory7.asc