ISHACK AI BOT

VMware Photon OS: CVE-2023-24537 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/06/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-24537 CVE - 2023-24537

Red Hat: CVE-2023-24538: golang: html/template: backticks not treated as string delimiters (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/06/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/30/2025 Description Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2023-24538 RHSA-2023:3318 RHSA-2023:3319 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6938 RHSA-2023:6939 View more

Alma Linux: CVE-2023-24537: Moderate: container-tools:4.0 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/06/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-24537 CVE - 2023-24537 https://errata.almalinux.org/8/ALSA-2023-6938.html https://errata.almalinux.org/8/ALSA-2023-6939.html https://errata.almalinux.org/9/ALSA-2023-6363.html https://errata.almalinux.org/9/ALSA-2023-6474.html

Aruba AOS-10: CVE-2023-0286: X.400 address type confusion in X.509 GeneralName Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:C) Published 04/05/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. Solution(s) aruba-aos-10-cve-2023-0286 References https://attackerkb.com/topics/cve-2023-0286 CVE - 2023-0286 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-001.json

Huawei EulerOS: CVE-2023-24538: golang security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/06/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/30/2025 Description Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. Solution(s) huawei-euleros-2_0_sp9-upgrade-golang huawei-euleros-2_0_sp9-upgrade-golang-devel huawei-euleros-2_0_sp9-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-24538 CVE - 2023-24538 EulerOS-SA-2023-2334

Huawei EulerOS: CVE-2023-24538: golang security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/06/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-24538 CVE - 2023-24538 EulerOS-SA-2023-2686

Rocky Linux: CVE-2022-31631: php (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/06/2023 Created 03/13/2024 Added 03/12/2024 Modified 02/14/2025 Description In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. Solution(s) rocky-upgrade-libzip rocky-upgrade-libzip-debuginfo rocky-upgrade-libzip-debugsource rocky-upgrade-libzip-devel rocky-upgrade-libzip-tools rocky-upgrade-libzip-tools-debuginfo rocky-upgrade-php rocky-upgrade-php-bcmath rocky-upgrade-php-bcmath-debuginfo rocky-upgrade-php-cli rocky-upgrade-php-cli-debuginfo rocky-upgrade-php-common rocky-upgrade-php-common-debuginfo rocky-upgrade-php-dba rocky-upgrade-php-dba-debuginfo rocky-upgrade-php-dbg rocky-upgrade-php-dbg-debuginfo rocky-upgrade-php-debuginfo rocky-upgrade-php-debugsource rocky-upgrade-php-devel rocky-upgrade-php-embedded rocky-upgrade-php-embedded-debuginfo rocky-upgrade-php-enchant rocky-upgrade-php-enchant-debuginfo rocky-upgrade-php-ffi rocky-upgrade-php-ffi-debuginfo rocky-upgrade-php-fpm rocky-upgrade-php-fpm-debuginfo rocky-upgrade-php-gd rocky-upgrade-php-gd-debuginfo rocky-upgrade-php-gmp rocky-upgrade-php-gmp-debuginfo rocky-upgrade-php-intl rocky-upgrade-php-intl-debuginfo rocky-upgrade-php-ldap rocky-upgrade-php-ldap-debuginfo rocky-upgrade-php-mbstring rocky-upgrade-php-mbstring-debuginfo rocky-upgrade-php-mysqlnd rocky-upgrade-php-mysqlnd-debuginfo rocky-upgrade-php-odbc rocky-upgrade-php-odbc-debuginfo rocky-upgrade-php-opcache rocky-upgrade-php-opcache-debuginfo rocky-upgrade-php-pdo rocky-upgrade-php-pdo-debuginfo rocky-upgrade-php-pecl-apcu rocky-upgrade-php-pecl-apcu-debuginfo rocky-upgrade-php-pecl-apcu-debugsource rocky-upgrade-php-pecl-apcu-devel rocky-upgrade-php-pecl-rrd rocky-upgrade-php-pecl-rrd-debuginfo rocky-upgrade-php-pecl-rrd-debugsource rocky-upgrade-php-pecl-xdebug3 rocky-upgrade-php-pecl-xdebug3-debuginfo rocky-upgrade-php-pecl-xdebug3-debugsource rocky-upgrade-php-pecl-zip rocky-upgrade-php-pecl-zip-debuginfo rocky-upgrade-php-pecl-zip-debugsource rocky-upgrade-php-pgsql rocky-upgrade-php-pgsql-debuginfo rocky-upgrade-php-process rocky-upgrade-php-process-debuginfo rocky-upgrade-php-snmp rocky-upgrade-php-snmp-debuginfo rocky-upgrade-php-soap rocky-upgrade-php-soap-debuginfo rocky-upgrade-php-xml rocky-upgrade-php-xml-debuginfo References https://attackerkb.com/topics/cve-2022-31631 CVE - 2022-31631 https://errata.rockylinux.org/RLSA-2023:0848 https://errata.rockylinux.org/RLSA-2023:0965

Aruba AOS-10: CVE-2022-4450: Double free after calling PEM_read_bio_ex Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/05/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) aruba-aos-10-cve-2022-4450 References https://attackerkb.com/topics/cve-2022-4450 CVE - 2022-4450 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-001.json

Google Chrome Vulnerability: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1814 CVE - 2023-1814 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

Aruba AOS-8: CVE-2022-4450: Double free after calling PEM_read_bio_ex Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/05/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) aruba-aos-8-cve-2022-4450 References https://attackerkb.com/topics/cve-2022-4450 CVE - 2022-4450 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-001.json

Google Chrome Vulnerability: CVE-2023-1810 Heap buffer overflow in Visuals Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1810 CVE - 2023-1810 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

SUSE: CVE-2023-1838: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 04/05/2023 Created 05/05/2023 Added 04/19/2023 Modified 01/28/2025 Description A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-1838 CVE - 2023-1838

Google Chrome Vulnerability: CVE-2023-1818 Use after free in Vulkan Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1818 CVE - 2023-1818 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

Huawei EulerOS: CVE-2023-1855: kernel security update Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:C) Published 04/05/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-1855 CVE - 2023-1855 EulerOS-SA-2023-2193

Google Chrome Vulnerability: CVE-2023-1822 Incorrect security UI in Navigation Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1822 CVE - 2023-1822 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

Ubuntu: (Multiple Advisories) (CVE-2023-1855): Linux kernel (OEM) vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:C) Published 04/05/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1025-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-nvidia ubuntu-upgrade-linux-image-5-15-0-1030-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-ibm ubuntu-upgrade-linux-image-5-15-0-1035-raspi ubuntu-upgrade-linux-image-5-15-0-1037-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1039-gcp ubuntu-upgrade-linux-image-5-15-0-1039-gke ubuntu-upgrade-linux-image-5-15-0-1039-kvm ubuntu-upgrade-linux-image-5-15-0-1040-oracle ubuntu-upgrade-linux-image-5-15-0-1041-aws ubuntu-upgrade-linux-image-5-15-0-1042-aws ubuntu-upgrade-linux-image-5-15-0-1043-azure-fde ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-79-generic ubuntu-upgrade-linux-image-5-15-0-79-generic-64k ubuntu-upgrade-linux-image-5-15-0-79-generic-lpae ubuntu-upgrade-linux-image-5-15-0-79-lowlatency ubuntu-upgrade-linux-image-5-15-0-79-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1019-iot ubuntu-upgrade-linux-image-5-4-0-1027-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1054-ibm ubuntu-upgrade-linux-image-5-4-0-1068-bluefield ubuntu-upgrade-linux-image-5-4-0-1074-gkeop ubuntu-upgrade-linux-image-5-4-0-1091-raspi ubuntu-upgrade-linux-image-5-4-0-1096-kvm ubuntu-upgrade-linux-image-5-4-0-1105-gke ubuntu-upgrade-linux-image-5-4-0-1106-oracle ubuntu-upgrade-linux-image-5-4-0-1107-aws ubuntu-upgrade-linux-image-5-4-0-1110-gcp ubuntu-upgrade-linux-image-5-4-0-1113-azure ubuntu-upgrade-linux-image-5-4-0-1114-azure ubuntu-upgrade-linux-image-5-4-0-156-generic ubuntu-upgrade-linux-image-5-4-0-156-generic-lpae ubuntu-upgrade-linux-image-5-4-0-156-lowlatency ubuntu-upgrade-linux-image-6-1-0-1009-oem ubuntu-upgrade-linux-image-6-2-0-1003-ibm ubuntu-upgrade-linux-image-6-2-0-1005-aws ubuntu-upgrade-linux-image-6-2-0-1005-azure ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1005-oracle ubuntu-upgrade-linux-image-6-2-0-1006-kvm ubuntu-upgrade-linux-image-6-2-0-1006-raspi ubuntu-upgrade-linux-image-6-2-0-1006-raspi-nolpae ubuntu-upgrade-linux-image-6-2-0-1007-gcp ubuntu-upgrade-linux-image-6-2-0-23-generic ubuntu-upgrade-linux-image-6-2-0-23-generic-64k ubuntu-upgrade-linux-image-6-2-0-23-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-1855 CVE - 2023-1855 USN-6033-1 USN-6175-1 USN-6186-1 USN-6284-1 USN-6300-1 USN-6301-1 USN-6311-1 USN-6312-1 USN-6314-1 USN-6331-1 USN-6332-1 USN-6337-1 USN-6347-1 View more

Google Chrome Vulnerability: CVE-2023-1812 Out of bounds memory access in DOM Bindings Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1812 CVE - 2023-1812 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

VMware Photon OS: CVE-2023-1855 Severity 5 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:C) Published 04/05/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1855 CVE - 2023-1855

VMware Photon OS: CVE-2023-1582 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 04/05/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1582 CVE - 2023-1582

Debian: CVE-2023-0842: node-xml2js -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 04/05/2023 Created 03/19/2024 Added 03/18/2024 Modified 01/28/2025 Description xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. Solution(s) debian-upgrade-node-xml2js References https://attackerkb.com/topics/cve-2023-0842 CVE - 2023-0842 DLA-3760-1

Debian: CVE-2023-1582: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 04/05/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-1582 CVE - 2023-1582

Google Chrome Vulnerability: CVE-2023-1817 Insufficient policy enforcement in Intents Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1817 CVE - 2023-1817 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

Google Chrome Vulnerability: CVE-2023-1815 Use after free in Networking APIs Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1815 CVE - 2023-1815 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

Google Chrome Vulnerability: CVE-2023-1819 Out of bounds read in Accessibility Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1819 CVE - 2023-1819 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

Google Chrome Vulnerability: CVE-2023-1816 Incorrect security UI in Picture In Picture Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/05/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-1816 CVE - 2023-1816 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html