ISHACK AI BOT

MediaWiki: Exposure of Resource to Wrong Sphere (CVE-2021-30153) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 04/15/2023 Created 05/05/2023 Added 04/27/2023 Modified 01/30/2025 Description An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor. Solution(s) mediawiki-upgrade-1_31_13 mediawiki-upgrade-1_35_2 References https://attackerkb.com/topics/cve-2021-30153 CVE - 2021-30153 https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/message/XYBF5RSTJRMVCP7QBYK7643W75A3KCIY/ https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html https://phabricator.wikimedia.org/T270453

Alma Linux: CVE-2021-43612: Moderate: lldpd security update (ALSA-2024-9158) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/15/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/30/2025 Description In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. Solution(s) alma-upgrade-lldpd alma-upgrade-lldpd-devel References https://attackerkb.com/topics/cve-2021-43612 CVE - 2021-43612 https://errata.almalinux.org/9/ALSA-2024-9158.html

Red Hat: CVE-2021-43612: lldpd: out-of-bounds read when decoding SONMP packets (Multiple Advisories) Severity 7 CVSS (AV:A/AC:L/Au:S/C:C/I:N/A:C) Published 04/15/2023 Created 11/14/2024 Added 11/13/2024 Modified 11/13/2024 Description In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets. Solution(s) redhat-upgrade-lldpd redhat-upgrade-lldpd-debuginfo redhat-upgrade-lldpd-debugsource redhat-upgrade-lldpd-devel References CVE-2021-43612 RHSA-2024:9158

VMware Photon OS: CVE-2023-26463 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-26463 CVE - 2023-26463

Huawei EulerOS: CVE-2023-29383: shadow security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 04/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. Solution(s) huawei-euleros-2_0_sp11-upgrade-shadow References https://attackerkb.com/topics/cve-2023-29383 CVE - 2023-29383 EulerOS-SA-2023-2710

VMware Photon OS: CVE-2023-2008 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2008 CVE - 2023-2008

CentOS Linux: CVE-2023-1945: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-1945

CentOS Linux: CVE-2023-29491: Moderate: ncurses security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) centos-upgrade-ncurses centos-upgrade-ncurses-base centos-upgrade-ncurses-c-libs centos-upgrade-ncurses-c-libs-debuginfo centos-upgrade-ncurses-compat-libs centos-upgrade-ncurses-compat-libs-debuginfo centos-upgrade-ncurses-debuginfo centos-upgrade-ncurses-debugsource centos-upgrade-ncurses-devel centos-upgrade-ncurses-libs centos-upgrade-ncurses-libs-debuginfo centos-upgrade-ncurses-term References CVE-2023-29491

CentOS Linux: CVE-2023-1999: Important: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-libwebp centos-upgrade-libwebp-debuginfo centos-upgrade-libwebp-devel centos-upgrade-libwebp-java centos-upgrade-libwebp-tools centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-1999

CentOS Linux: CVE-2023-29533: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-29533

Huawei EulerOS: CVE-2023-2004: freetype security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 07/17/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Solution(s) huawei-euleros-2_0_sp11-upgrade-freetype References https://attackerkb.com/topics/cve-2023-2004 CVE - 2023-2004 EulerOS-SA-2023-2682

CentOS Linux: CVE-2023-29541: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-29541

Red Hat: CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29541 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Red Hat: CVE-2023-29491: Local users can trigger security-relevant memory corruption via malformed data (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) redhat-upgrade-ncurses redhat-upgrade-ncurses-base redhat-upgrade-ncurses-c-libs redhat-upgrade-ncurses-c-libs-debuginfo redhat-upgrade-ncurses-compat-libs redhat-upgrade-ncurses-compat-libs-debuginfo redhat-upgrade-ncurses-debuginfo redhat-upgrade-ncurses-debugsource redhat-upgrade-ncurses-devel redhat-upgrade-ncurses-libs redhat-upgrade-ncurses-libs-debuginfo redhat-upgrade-ncurses-term References CVE-2023-29491 RHSA-2023:5249 RHSA-2023:6698 RHSA-2023:7361 RHSA-2024:0416

Red Hat: CVE-2023-29533: Fullscreen notification obscured (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29533 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Red Hat: CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29535 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Red Hat: CVE-2023-29536: Invalid free from JavaScript code (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29536 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Red Hat: CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29550 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Red Hat: CVE-2023-29548: Incorrect optimization result on ARM64 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29548 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Red Hat: CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-29539 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

VMware Photon OS: CVE-2023-30772 Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 04/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-30772 CVE - 2023-30772

Amazon Linux AMI 2: CVE-2020-27545: Security patch for libdwarf (ALAS-2024-2688) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/16/2023 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. Solution(s) amazon-linux-ami-2-upgrade-libdwarf amazon-linux-ami-2-upgrade-libdwarf-debuginfo amazon-linux-ami-2-upgrade-libdwarf-devel amazon-linux-ami-2-upgrade-libdwarf-static amazon-linux-ami-2-upgrade-libdwarf-tools References https://attackerkb.com/topics/cve-2020-27545 AL2/ALAS-2024-2688 CVE - 2020-27545

Debian: CVE-2022-37705: amanda -- security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 04/16/2023 Created 12/12/2023 Added 12/11/2023 Modified 01/28/2025 Description A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), Solution(s) debian-upgrade-amanda References https://attackerkb.com/topics/cve-2022-37705 CVE - 2022-37705 DLA-3681-1

Debian: CVE-2023-30772: linux -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/16/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-30772 CVE - 2023-30772 DLA-3403-1

SUSE: CVE-2020-27545: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/16/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. Solution(s) suse-upgrade-libdwarf-devel suse-upgrade-libdwarf-devel-static suse-upgrade-libdwarf-doc suse-upgrade-libdwarf-tools suse-upgrade-libdwarf1 References https://attackerkb.com/topics/cve-2020-27545 CVE - 2020-27545