ISHACK AI BOT

Moodle: Exposure of Resource to Wrong Sphere (CVE-2023-28336) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 03/23/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/28/2025 Description Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. Solution(s) moodle-upgrade-3_11_13 moodle-upgrade-3_9_20 moodle-upgrade-4_0_7 References https://attackerkb.com/topics/cve-2023-28336 CVE - 2023-28336 https://bugzilla.redhat.com/show_bug.cgi?id=2179426 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/ https://moodle.org/mod/forum/discuss.php?d=445068

Moodle: Unspecified Security Vulnerability (CVE-2023-28330) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 03/23/2023 Created 03/29/2023 Added 03/29/2023 Modified 01/28/2025 Description Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. Solution(s) moodle-upgrade-3_11_13 moodle-upgrade-3_9_20 moodle-upgrade-4_0_7 References https://attackerkb.com/topics/cve-2023-28330 CVE - 2023-28330 https://bugzilla.redhat.com/show_bug.cgi?id=2179412 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/ https://moodle.org/mod/forum/discuss.php?d=445062

Ubuntu: (CVE-2023-1249): linux-hwe-5.15 vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/23/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. Solution(s) ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-oem-5-14 ubuntu-upgrade-linux-oem-5-17 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-realtime References https://attackerkb.com/topics/cve-2023-1249 CVE - 2023-1249 https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 https://www.cve.org/CVERecord?id=CVE-2023-1249

Moodle: Cross-Site Request Forgery (CSRF) (CVE-2023-28335) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/23/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/28/2025 Description The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. Solution(s) moodle-upgrade-latest References https://attackerkb.com/topics/cve-2023-28335 CVE - 2023-28335 https://bugzilla.redhat.com/show_bug.cgi?id=2179424 https://moodle.org/mod/forum/discuss.php?d=445067

CentOS Linux: CVE-2023-0056: Moderate: haproxy security update (CESA-2023:1696) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/23/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Solution(s) centos-upgrade-haproxy centos-upgrade-haproxy-debuginfo centos-upgrade-haproxy-debugsource References CVE-2023-0056

Huawei EulerOS: CVE-2023-0056: haproxy security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/23/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Solution(s) huawei-euleros-2_0_sp11-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-0056 CVE - 2023-0056 EulerOS-SA-2023-2293

Ubuntu: (Multiple Advisories) (CVE-2022-37705): amanda vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/23/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), Solution(s) ubuntu-upgrade-amanda-client References https://attackerkb.com/topics/cve-2022-37705 CVE - 2022-37705 USN-5966-1 USN-5966-2 USN-5966-3

Rocky Linux: CVE-2023-1513: kernel (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 03/23/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-1513 CVE - 2023-1513 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Huawei EulerOS: CVE-2023-0590: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 03/23/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/30/2025 Description A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-0590 CVE - 2023-0590 EulerOS-SA-2023-1781

Huawei EulerOS: CVE-2023-1513: kernel security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 03/23/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-1513 CVE - 2023-1513 EulerOS-SA-2023-2689

Amazon Linux AMI 2: CVE-2023-1252: Security patch for kernel (ALASKERNEL-5.10-2024-049) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/23/2023 Created 02/08/2024 Added 02/07/2024 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-82-83-359 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-1252 AL2/ALASKERNEL-5.10-2024-049 CVE - 2023-1252

Amazon Linux AMI 2: CVE-2023-28772: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/23/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-241-184-433 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-59-52-142 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-28772 AL2/ALAS-2021-1696 AL2/ALASKERNEL-5.10-2022-004 AL2/ALASKERNEL-5.4-2022-006 CVE - 2023-28772

Huawei EulerOS: CVE-2023-1513: kernel security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 03/23/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-1513 CVE - 2023-1513 EulerOS-SA-2023-2315

Amazon Linux AMI 2: CVE-2023-1249: Security patch for kernel (ALASKERNEL-5.10-2023-036) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/23/2023 Created 02/08/2024 Added 02/07/2024 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-112-108-499 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-1249 AL2/ALASKERNEL-5.10-2023-036 CVE - 2023-1249

Ubuntu: (Multiple Advisories) (CVE-2023-1513): Linux kernel vulnerabilities Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 03/23/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1119-oracle ubuntu-upgrade-linux-image-4-15-0-1132-raspi2 ubuntu-upgrade-linux-image-4-15-0-1140-kvm ubuntu-upgrade-linux-image-4-15-0-1150-gcp ubuntu-upgrade-linux-image-4-15-0-1150-snapdragon ubuntu-upgrade-linux-image-4-15-0-1156-aws ubuntu-upgrade-linux-image-4-15-0-1165-azure ubuntu-upgrade-linux-image-4-15-0-211-generic ubuntu-upgrade-linux-image-4-15-0-211-generic-lpae ubuntu-upgrade-linux-image-4-15-0-211-lowlatency ubuntu-upgrade-linux-image-5-15-0-1020-gkeop ubuntu-upgrade-linux-image-5-15-0-1029-raspi ubuntu-upgrade-linux-image-5-15-0-1029-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1030-ibm ubuntu-upgrade-linux-image-5-15-0-1030-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1033-gke ubuntu-upgrade-linux-image-5-15-0-1033-kvm ubuntu-upgrade-linux-image-5-15-0-1034-gcp ubuntu-upgrade-linux-image-5-15-0-1035-oracle ubuntu-upgrade-linux-image-5-15-0-1036-aws ubuntu-upgrade-linux-image-5-15-0-1038-azure ubuntu-upgrade-linux-image-5-15-0-1038-azure-fde ubuntu-upgrade-linux-image-5-15-0-72-generic ubuntu-upgrade-linux-image-5-15-0-72-generic-64k ubuntu-upgrade-linux-image-5-15-0-72-generic-lpae ubuntu-upgrade-linux-image-5-15-0-72-lowlatency ubuntu-upgrade-linux-image-5-15-0-72-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1018-raspi ubuntu-upgrade-linux-image-5-19-0-1018-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1022-ibm ubuntu-upgrade-linux-image-5-19-0-1023-kvm ubuntu-upgrade-linux-image-5-19-0-1023-oracle ubuntu-upgrade-linux-image-5-19-0-1024-gcp ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1025-aws ubuntu-upgrade-linux-image-5-19-0-1026-azure ubuntu-upgrade-linux-image-5-19-0-42-generic ubuntu-upgrade-linux-image-5-19-0-42-generic-64k ubuntu-upgrade-linux-image-5-19-0-42-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1017-iot ubuntu-upgrade-linux-image-5-4-0-1024-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1049-ibm ubuntu-upgrade-linux-image-5-4-0-1064-bluefield ubuntu-upgrade-linux-image-5-4-0-1069-gkeop ubuntu-upgrade-linux-image-5-4-0-1085-raspi ubuntu-upgrade-linux-image-5-4-0-1091-kvm ubuntu-upgrade-linux-image-5-4-0-1099-gke ubuntu-upgrade-linux-image-5-4-0-1101-oracle ubuntu-upgrade-linux-image-5-4-0-1102-aws ubuntu-upgrade-linux-image-5-4-0-1103-aws ubuntu-upgrade-linux-image-5-4-0-1105-gcp ubuntu-upgrade-linux-image-5-4-0-1108-azure ubuntu-upgrade-linux-image-5-4-0-149-generic ubuntu-upgrade-linux-image-5-4-0-149-generic-lpae ubuntu-upgrade-linux-image-5-4-0-149-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-1513 CVE - 2023-1513 USN-6079-1 USN-6080-1 USN-6081-1 USN-6084-1 USN-6085-1 USN-6090-1 USN-6091-1 USN-6092-1 USN-6094-1 USN-6095-1 USN-6096-1 USN-6109-1 USN-6118-1 USN-6132-1 USN-6133-1 USN-6134-1 USN-6222-1 USN-6256-1 View more

Ubuntu: (Multiple Advisories) (CVE-2023-1544): QEMU vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/23/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/30/2025 Description A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. Solution(s) ubuntu-upgrade-qemu ubuntu-upgrade-qemu-system ubuntu-upgrade-qemu-system-arm ubuntu-upgrade-qemu-system-mips ubuntu-upgrade-qemu-system-misc ubuntu-upgrade-qemu-system-ppc ubuntu-upgrade-qemu-system-s390x ubuntu-upgrade-qemu-system-sparc ubuntu-upgrade-qemu-system-x86 ubuntu-upgrade-qemu-system-x86-microvm ubuntu-upgrade-qemu-system-x86-xen ubuntu-upgrade-qemu-system-xen References https://attackerkb.com/topics/cve-2023-1544 CVE - 2023-1544 USN-6567-1 USN-6567-2

Ubuntu: (Multiple Advisories) (CVE-2023-1195): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/23/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. Solution(s) ubuntu-upgrade-linux-image-5-19-0-1015-raspi ubuntu-upgrade-linux-image-5-19-0-1015-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1019-gcp ubuntu-upgrade-linux-image-5-19-0-1019-ibm ubuntu-upgrade-linux-image-5-19-0-1019-oracle ubuntu-upgrade-linux-image-5-19-0-1020-kvm ubuntu-upgrade-linux-image-5-19-0-1021-lowlatency ubuntu-upgrade-linux-image-5-19-0-1021-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1022-aws ubuntu-upgrade-linux-image-5-19-0-1022-azure ubuntu-upgrade-linux-image-5-19-0-38-generic ubuntu-upgrade-linux-image-5-19-0-38-generic-64k ubuntu-upgrade-linux-image-5-19-0-38-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-1195 CVE - 2023-1195 USN-5970-1 USN-5979-1

Ubuntu: (Multiple Advisories) (CVE-2023-1289): ImageMagick vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/23/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/30/2025 Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. Solution(s) ubuntu-pro-upgrade-imagemagick ubuntu-pro-upgrade-imagemagick-6-common ubuntu-pro-upgrade-imagemagick-6-q16 ubuntu-pro-upgrade-imagemagick-6-q16hdri ubuntu-pro-upgrade-imagemagick-common ubuntu-pro-upgrade-libimage-magick-perl ubuntu-pro-upgrade-libimage-magick-q16-perl ubuntu-pro-upgrade-libimage-magick-q16hdri-perl ubuntu-pro-upgrade-libmagick-6-headers ubuntu-pro-upgrade-libmagick-6-q16-5v5 ubuntu-pro-upgrade-libmagick-6-q16-7 ubuntu-pro-upgrade-libmagick-6-q16-8 ubuntu-pro-upgrade-libmagick-6-q16-dev ubuntu-pro-upgrade-libmagick-6-q16hdri-7 ubuntu-pro-upgrade-libmagick-6-q16hdri-8 ubuntu-pro-upgrade-libmagick-6-q16hdri-dev ubuntu-pro-upgrade-libmagick-dev ubuntu-pro-upgrade-libmagickcore-6-headers ubuntu-pro-upgrade-libmagickcore-6-q16-2 ubuntu-pro-upgrade-libmagickcore-6-q16-3 ubuntu-pro-upgrade-libmagickcore-6-q16-6 ubuntu-pro-upgrade-libmagickcore-6-q16-dev ubuntu-pro-upgrade-libmagickcore-6-q16hdri-3 ubuntu-pro-upgrade-libmagickcore-6-q16hdri-6 ubuntu-pro-upgrade-libmagickcore-6-q16hdri-dev ubuntu-pro-upgrade-libmagickcore-dev ubuntu-pro-upgrade-libmagickwand-6-headers ubuntu-pro-upgrade-libmagickwand-6-q16-2 ubuntu-pro-upgrade-libmagickwand-6-q16-3 ubuntu-pro-upgrade-libmagickwand-6-q16-6 ubuntu-pro-upgrade-libmagickwand-6-q16-dev ubuntu-pro-upgrade-libmagickwand-6-q16hdri-6 ubuntu-pro-upgrade-libmagickwand-6-q16hdri-dev ubuntu-pro-upgrade-libmagickwand-dev ubuntu-pro-upgrade-perlmagick References https://attackerkb.com/topics/cve-2023-1289 CVE - 2023-1289 USN-6200-1 USN-6200-2

Ubuntu: (CVE-2023-28772): linux vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/23/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-dell300x ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-raspi2 ubuntu-upgrade-linux-snapdragon References https://attackerkb.com/topics/cve-2023-28772 CVE - 2023-28772 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 https://lkml.kernel.org/r/[email protected] https://lore.kernel.org/lkml/[email protected]/ https://www.cve.org/CVERecord?id=CVE-2023-28772 View more

Huawei EulerOS: CVE-2023-0464: shim security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/30/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) huawei-euleros-2_0_sp10-upgrade-shim References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 EulerOS-SA-2023-1830

Local Privilege Escalation via CVE-2023-0386 Disclosed 03/22/2023 Created 09/27/2024 Description This exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Author(s) xkaneiki sxlmnwb Takahiro Yokoyama Platform Linux Architectures x64 Development Source Code History

SUSE: CVE-2023-1281: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-1281 CVE - 2023-1281

Rapid7 Insight Agent: CVE-2023-0464: Improper Certificate Validation Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 03/20/2024 Added 03/19/2024 Modified 04/23/2024 Description Rapid7 Insight Agent versions below 4.0.6.14 suffer from a Improper Certificate Validation vulnerability. Solution(s) rapid7-insightagent-upgrade-4_0_6_14 References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 https://docs.rapid7.com/release-notes/insightagent/20240314/

SUSE: CVE-2023-1436: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/24/2023 Modified 01/28/2025 Description An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. Solution(s) suse-upgrade-jettison suse-upgrade-jettison-javadoc References https://attackerkb.com/topics/cve-2023-1436 CVE - 2023-1436

Alma Linux: CVE-2023-28708: Moderate: tomcat security and bug fix update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/22/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description When using the RemoteIpFilter with requests received from areverse proxy via HTTP that include the X-Forwarded-Protoheader set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Solution(s) alma-upgrade-tomcat alma-upgrade-tomcat-admin-webapps alma-upgrade-tomcat-docs-webapp alma-upgrade-tomcat-el-3.0-api alma-upgrade-tomcat-jsp-2.3-api alma-upgrade-tomcat-lib alma-upgrade-tomcat-servlet-4.0-api alma-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-28708 CVE - 2023-28708 https://errata.almalinux.org/8/ALSA-2023-7065.html https://errata.almalinux.org/9/ALSA-2023-6570.html