ISHACK AI BOT

Huawei EulerOS: CVE-2023-0179: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/27/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-0179 CVE - 2023-0179 EulerOS-SA-2023-1781

OS X update for NetworkExtension (CVE-2023-28182) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28182 CVE - 2023-28182 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

Alma Linux: CVE-2023-28427: Important: thunderbird security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/28/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/30/2025 Description matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-28427 CVE - 2023-28427 https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1809.html

Huawei EulerOS: CVE-2023-0466: openssl security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) huawei-euleros-2_0_sp8-upgrade-openssl huawei-euleros-2_0_sp8-upgrade-openssl-devel huawei-euleros-2_0_sp8-upgrade-openssl-libs huawei-euleros-2_0_sp8-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 EulerOS-SA-2023-2195

Red Hat: CVE-2023-0465: Invalid certificate policies in leaf certificates are silently ignored (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/30/2025 Description Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) redhat-upgrade-openssl redhat-upgrade-openssl-debuginfo redhat-upgrade-openssl-debugsource redhat-upgrade-openssl-devel redhat-upgrade-openssl-libs redhat-upgrade-openssl-libs-debuginfo redhat-upgrade-openssl-perl References CVE-2023-0465 RHSA-2023:3722

Amazon Linux AMI 2: CVE-2023-0466: Security patch for edk2, openssl, openssl-snapsafe, openssl11 (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl amazon-linux-ami-2-upgrade-openssl-debuginfo amazon-linux-ami-2-upgrade-openssl-devel amazon-linux-ami-2-upgrade-openssl-libs amazon-linux-ami-2-upgrade-openssl-perl amazon-linux-ami-2-upgrade-openssl-snapsafe amazon-linux-ami-2-upgrade-openssl-snapsafe-debuginfo amazon-linux-ami-2-upgrade-openssl-snapsafe-devel amazon-linux-ami-2-upgrade-openssl-snapsafe-libs amazon-linux-ami-2-upgrade-openssl-snapsafe-perl amazon-linux-ami-2-upgrade-openssl-snapsafe-static amazon-linux-ami-2-upgrade-openssl-static amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2023-0466 AL2/ALAS-2023-2039 AL2/ALAS-2023-2073 AL2/ALAS-2024-2502 AL2/ALASOPENSSL-SNAPSAFE-2023-002 CVE - 2023-0466

Amazon Linux AMI 2: CVE-2023-0465: Security patch for edk2, openssl, openssl-snapsafe, openssl11 (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/30/2025 Description Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl amazon-linux-ami-2-upgrade-openssl-debuginfo amazon-linux-ami-2-upgrade-openssl-devel amazon-linux-ami-2-upgrade-openssl-libs amazon-linux-ami-2-upgrade-openssl-perl amazon-linux-ami-2-upgrade-openssl-snapsafe amazon-linux-ami-2-upgrade-openssl-snapsafe-debuginfo amazon-linux-ami-2-upgrade-openssl-snapsafe-devel amazon-linux-ami-2-upgrade-openssl-snapsafe-libs amazon-linux-ami-2-upgrade-openssl-snapsafe-perl amazon-linux-ami-2-upgrade-openssl-snapsafe-static amazon-linux-ami-2-upgrade-openssl-static amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2023-0465 AL2/ALAS-2023-2039 AL2/ALAS-2023-2073 AL2/ALAS-2024-2502 AL2/ALASOPENSSL-SNAPSAFE-2023-002 CVE - 2023-0465

OS X update for System Settings (CVE-2023-23542) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-23542 CVE - 2023-23542 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

OS X update for System Settings (CVE-2023-28192) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28192 CVE - 2023-28192 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

Foxit Reader: Out-of-bounds Read (CVE-2022-24908) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16187. Solution(s) foxit-reader-upgrade-11_2_1 References https://attackerkb.com/topics/cve-2022-24908 CVE - 2022-24908 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-22-351/

Rapid7 Insight Agent: CVE-2023-0466: Improper Certificate Validation Severity 1 CVSS (AV:L/AC:H/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 03/20/2024 Added 03/19/2024 Modified 04/23/2024 Description Rapid7 Insight Agent versions below 4.0.6.14 suffer from a Improper Certificate Validation vulnerability. Solution(s) rapid7-insightagent-upgrade-4_0_6_14 References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 https://docs.rapid7.com/release-notes/insightagent/20240314/

OS X update for PackageKit (CVE-2023-23538) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-23538 CVE - 2023-23538 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

OS X update for Kernel (CVE-2023-27933) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27933 CVE - 2023-27933 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213677

Gentoo Linux: CVE-2022-23121: Netatalk: Multiple Vulnerabilities including root remote code execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 11/02/2023 Added 11/02/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819. Solution(s) gentoo-linux-upgrade-net-fs-netatalk References https://attackerkb.com/topics/cve-2022-23121 CVE - 2022-23121 202311-02

CentOS Linux: CVE-2023-1076: Important: kernel security, bug fix, and enhancement update (CESA-2023:6583) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 03/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. Solution(s) centos-upgrade-kernel References CVE-2023-1076

CentOS Linux: CVE-2023-1637: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/27/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-1637

CentOS Linux: CVE-2023-0778: Moderate: container-tools:rhel8 security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:N) Published 03/27/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. Solution(s) centos-upgrade-aardvark-dns centos-upgrade-buildah centos-upgrade-buildah-debuginfo centos-upgrade-buildah-debugsource centos-upgrade-buildah-tests centos-upgrade-buildah-tests-debuginfo centos-upgrade-cockpit-podman centos-upgrade-conmon centos-upgrade-conmon-debuginfo centos-upgrade-conmon-debugsource centos-upgrade-container-selinux centos-upgrade-containernetworking-plugins centos-upgrade-containernetworking-plugins-debuginfo centos-upgrade-containernetworking-plugins-debugsource centos-upgrade-containers-common centos-upgrade-crit centos-upgrade-criu centos-upgrade-criu-debuginfo centos-upgrade-criu-debugsource centos-upgrade-criu-devel centos-upgrade-criu-libs centos-upgrade-criu-libs-debuginfo centos-upgrade-crun centos-upgrade-crun-debuginfo centos-upgrade-crun-debugsource centos-upgrade-fuse-overlayfs centos-upgrade-fuse-overlayfs-debuginfo centos-upgrade-fuse-overlayfs-debugsource centos-upgrade-libslirp centos-upgrade-libslirp-debuginfo centos-upgrade-libslirp-debugsource centos-upgrade-libslirp-devel centos-upgrade-netavark centos-upgrade-oci-seccomp-bpf-hook centos-upgrade-oci-seccomp-bpf-hook-debuginfo centos-upgrade-oci-seccomp-bpf-hook-debugsource centos-upgrade-podman centos-upgrade-podman-catatonit centos-upgrade-podman-catatonit-debuginfo centos-upgrade-podman-debuginfo centos-upgrade-podman-debugsource centos-upgrade-podman-docker centos-upgrade-podman-gvproxy centos-upgrade-podman-gvproxy-debuginfo centos-upgrade-podman-plugins centos-upgrade-podman-plugins-debuginfo centos-upgrade-podman-remote centos-upgrade-podman-remote-debuginfo centos-upgrade-podman-tests centos-upgrade-python3-criu centos-upgrade-python3-podman centos-upgrade-runc centos-upgrade-runc-debuginfo centos-upgrade-runc-debugsource centos-upgrade-skopeo centos-upgrade-skopeo-debuginfo centos-upgrade-skopeo-debugsource centos-upgrade-skopeo-tests centos-upgrade-slirp4netns centos-upgrade-slirp4netns-debuginfo centos-upgrade-slirp4netns-debugsource centos-upgrade-toolbox centos-upgrade-toolbox-debuginfo centos-upgrade-toolbox-debugsource centos-upgrade-toolbox-tests centos-upgrade-udica References CVE-2023-0778

CentOS Linux: CVE-2023-1073: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-1073

CentOS Linux: CVE-2023-1074: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-1074

CentOS Linux: CVE-2023-1079: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-1079

Red Hat OpenShift: CVE-2023-20860: springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/27/2023 Created 06/27/2023 Added 06/26/2023 Modified 01/30/2025 Description Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. Solution(s) linuxrpm-upgrade-jenkins References https://attackerkb.com/topics/cve-2023-20860 CVE - 2023-20860 RHSA-2023:2100 RHSA-2023:3185 RHSA-2023:3610 RHSA-2023:3622 RHSA-2023:3625 RHSA-2023:3663 RHSA-2023:3771 RHSA-2023:3954 RHSA-2023:4612 RHSA-2023:4983 View more

Red Hat: CVE-2023-1079: kernel: hid: Use After Free in asus_remove() (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-1079 RHSA-2023:6583 RHSA-2023:6901 RHSA-2023:7077 RHSA-2024:0412 RHSA-2024:0575

Red Hat: CVE-2023-28866: kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/27/2023 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-28866 RHSA-2024:2394

JetBrains TeamCity: CVE-2022-48428: Stored XSS on the SSH keys page was possible (TW-80097) Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 03/27/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2022-48428 CVE - 2022-48428 https://www.jetbrains.com/privacy-security/issues-fixed/

SUSE: CVE-2023-1380: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 03/27/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-1380 CVE - 2023-1380 DSA-5480