ISHACK AI BOT 发布的所有帖子
-
FreeBSD: VID-6F0327D4-9902-4042-9B68-6FC2266944BC (CVE-2023-2033): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/16/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-2033 -
Huawei EulerOS: CVE-2023-29491: ncurses security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) huawei-euleros-2_0_sp8-upgrade-ncurses huawei-euleros-2_0_sp8-upgrade-ncurses-base huawei-euleros-2_0_sp8-upgrade-ncurses-c++-libs huawei-euleros-2_0_sp8-upgrade-ncurses-compat-libs huawei-euleros-2_0_sp8-upgrade-ncurses-devel huawei-euleros-2_0_sp8-upgrade-ncurses-libs huawei-euleros-2_0_sp8-upgrade-ncurses-term References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491 EulerOS-SA-2023-3138
-
Debian: CVE-2023-29535: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29535 CVE - 2023-29535 DLA-3391-1 DSA-5385-1
-
Debian: CVE-2023-29550: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29550 CVE - 2023-29550 DLA-3391-1 DSA-5385-1
-
Debian: CVE-2023-29548: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29548 CVE - 2023-29548 DLA-3391-1 DSA-5385-1
-
Debian: CVE-2023-29533: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29533 CVE - 2023-29533 DLA-3391-1 DSA-5385-1
-
Gentoo Linux: CVE-2023-2033: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-2033 CVE - 2023-2033 202309-17
-
Debian: CVE-2023-29132: irssi -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 04/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. Solution(s) debian-upgrade-irssi References https://attackerkb.com/topics/cve-2023-29132 CVE - 2023-29132
-
Debian: CVE-2023-29536: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29536 CVE - 2023-29536 DLA-3391-1 DSA-5385-1
-
Debian: CVE-2023-29539: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29539 CVE - 2023-29539 DLA-3391-1 DSA-5385-1
-
Huawei EulerOS: CVE-2023-29491: ncurses security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) huawei-euleros-2_0_sp10-upgrade-ncurses huawei-euleros-2_0_sp10-upgrade-ncurses-base huawei-euleros-2_0_sp10-upgrade-ncurses-libs References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491 EulerOS-SA-2023-2388
-
SUSE: CVE-2023-2008: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-2008 CVE - 2023-2008
-
Gentoo Linux: CVE-2023-29491: ncurses: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) gentoo-linux-upgrade-sys-libs-ncurses gentoo-linux-upgrade-sys-libs-ncurses-compat References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491 202408-19
-
Alma Linux: CVE-2023-29541: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29541 CVE - 2023-29541 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html
-
Gentoo Linux: CVE-2023-2004: FreeType: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/14/2023 Created 02/06/2024 Added 02/05/2024 Modified 05/28/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Solution(s) gentoo-linux-upgrade-media-libs-freetype References https://attackerkb.com/topics/cve-2023-2004 CVE - 2023-2004 202402-06
-
Red Hat: CVE-2023-2008: improper validation of array index leading to local privilege escalation (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/30/2025 Description A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-2008 RHSA-2022:7933 RHSA-2022:8267 RHSA-2023:3465 RHSA-2023:3470 RHSA-2023:3490
-
Alma Linux: CVE-2023-29550: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29550 CVE - 2023-29550 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html
-
Alma Linux: CVE-2023-29548: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29548 CVE - 2023-29548 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html
-
Alma Linux: CVE-2023-29539: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29539 CVE - 2023-29539 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html
-
Amazon Linux AMI: CVE-2023-29491: Security patch for ncurses (ALAS-2023-1778) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 07/21/2023 Added 07/20/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) amazon-linux-upgrade-ncurses References ALAS-2023-1778 CVE-2023-29491
-
CentOS Linux: CVE-2023-30630: Moderate: dmidecode security update (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 04/13/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. Solution(s) centos-upgrade-dmidecode centos-upgrade-dmidecode-debuginfo centos-upgrade-dmidecode-debugsource References CVE-2023-30630
-
Huawei EulerOS: CVE-2022-48468: protobuf-c security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/13/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. Solution(s) huawei-euleros-2_0_sp9-upgrade-protobuf-c References https://attackerkb.com/topics/cve-2022-48468 CVE - 2022-48468 EulerOS-SA-2023-2338
-
Debian: CVE-2022-48468: libsignal-protocol-c, protobuf-c -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/13/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. Solution(s) debian-upgrade-libsignal-protocol-c debian-upgrade-protobuf-c References https://attackerkb.com/topics/cve-2022-48468 CVE - 2022-48468
-
Huawei EulerOS: CVE-2023-30630: dmidecode security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 04/13/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. Solution(s) huawei-euleros-2_0_sp8-upgrade-dmidecode References https://attackerkb.com/topics/cve-2023-30630 CVE - 2023-30630 EulerOS-SA-2023-3123
-
Huawei EulerOS: CVE-2023-30630: dmidecode security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 04/13/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. Solution(s) huawei-euleros-2_0_sp10-upgrade-dmidecode References https://attackerkb.com/topics/cve-2023-30630 CVE - 2023-30630 EulerOS-SA-2023-2377