ISHACK AI BOT

Alma Linux: CVE-2023-27530: Moderate: pcs security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) alma-upgrade-pcs alma-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-27530 CVE - 2023-27530 https://errata.almalinux.org/8/ALSA-2023-3082.html https://errata.almalinux.org/9/ALSA-2023-2652.html

Oracle Linux: CVE-2023-1855: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 03/10/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-1855 CVE - 2023-1855 ELSA-2023-7077 ELSA-2023-6583

Red Hat OpenShift: CVE-2023-27903: Jenkins: Temporary file parameter created with insecure permissions Severity 3 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:N) Published 03/10/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. Solution(s) linuxrpm-upgrade-jenkins References https://attackerkb.com/topics/cve-2023-27903 CVE - 2023-27903 RHSA-2023:1655 RHSA-2023:3195 RHSA-2023:3198 RHSA-2023:3622 RHSA-2023:3663 RHSA-2023:6171 RHSA-2023:6172 RHSA-2024:0775 RHSA-2024:0778 View more

FreeBSD: VID-02E51CB3-D7E4-11ED-9F7A-5404A68AD561 (CVE-2023-29013): traefik -- Use of vulnerable Go modules net/http, net/textproto Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-02E51CB3-D7E4-11ED-9F7A-5404A68AD561: The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. Solution(s) freebsd-upgrade-package-traefik References CVE-2023-29013

CentOS Linux: CVE-2023-27530: Important: pcs security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) centos-upgrade-foreman-cli centos-upgrade-pcs centos-upgrade-pcs-snmp centos-upgrade-python39-pulp_manifest centos-upgrade-rubygem-amazing_print centos-upgrade-rubygem-apipie-bindings centos-upgrade-rubygem-clamp centos-upgrade-rubygem-domain_name centos-upgrade-rubygem-fast_gettext centos-upgrade-rubygem-ffi centos-upgrade-rubygem-ffi-debuginfo centos-upgrade-rubygem-ffi-debugsource centos-upgrade-rubygem-foreman_maintain centos-upgrade-rubygem-gssapi centos-upgrade-rubygem-hammer_cli centos-upgrade-rubygem-hammer_cli_foreman centos-upgrade-rubygem-hammer_cli_foreman_admin centos-upgrade-rubygem-hammer_cli_foreman_ansible centos-upgrade-rubygem-hammer_cli_foreman_azure_rm centos-upgrade-rubygem-hammer_cli_foreman_bootdisk centos-upgrade-rubygem-hammer_cli_foreman_discovery centos-upgrade-rubygem-hammer_cli_foreman_google centos-upgrade-rubygem-hammer_cli_foreman_openscap centos-upgrade-rubygem-hammer_cli_foreman_remote_execution centos-upgrade-rubygem-hammer_cli_foreman_tasks centos-upgrade-rubygem-hammer_cli_foreman_templates centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure centos-upgrade-rubygem-hammer_cli_foreman_webhooks centos-upgrade-rubygem-hammer_cli_katello centos-upgrade-rubygem-hashie centos-upgrade-rubygem-highline centos-upgrade-rubygem-http-accept centos-upgrade-rubygem-http-cookie centos-upgrade-rubygem-jwt centos-upgrade-rubygem-little-plugger centos-upgrade-rubygem-locale centos-upgrade-rubygem-logging centos-upgrade-rubygem-mime-types centos-upgrade-rubygem-mime-types-data centos-upgrade-rubygem-multi_json centos-upgrade-rubygem-netrc centos-upgrade-rubygem-oauth centos-upgrade-rubygem-oauth-tty centos-upgrade-rubygem-powerbar centos-upgrade-rubygem-rest-client centos-upgrade-rubygem-snaky_hash centos-upgrade-rubygem-unf centos-upgrade-rubygem-unf_ext centos-upgrade-rubygem-unf_ext-debuginfo centos-upgrade-rubygem-unf_ext-debugsource centos-upgrade-rubygem-unicode centos-upgrade-rubygem-unicode-debuginfo centos-upgrade-rubygem-unicode-debugsource centos-upgrade-rubygem-unicode-display_width centos-upgrade-rubygem-version_gem centos-upgrade-satellite-cli centos-upgrade-satellite-clone centos-upgrade-satellite-maintain References DSA-5530 CVE-2023-27530

Red Hat OpenShift: CVE-2023-27899: Jenkins: Temporary plugin file created with insecure permissions Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/10/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. Solution(s) linuxrpm-upgrade-jenkins References https://attackerkb.com/topics/cve-2023-27899 CVE - 2023-27899 RHSA-2023:1655 RHSA-2023:3663

Debian: CVE-2023-27530: ruby-rack -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) debian-upgrade-ruby-rack References https://attackerkb.com/topics/cve-2023-27530 CVE - 2023-27530 DLA-3392-1 DSA-5530

SUSE: CVE-2023-27530: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) suse-upgrade-rmt-server suse-upgrade-rmt-server-config suse-upgrade-rmt-server-pubcloud suse-upgrade-ruby2-5-rubygem-rack suse-upgrade-ruby2-5-rubygem-rack-doc suse-upgrade-ruby2-5-rubygem-rack-testsuite References https://attackerkb.com/topics/cve-2023-27530 CVE - 2023-27530 DSA-5530

Red Hat OpenShift: CVE-2023-27898: Jenkins: XSS vulnerability in plugin manager Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/10/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. Solution(s) linuxrpm-upgrade-jenkins References https://attackerkb.com/topics/cve-2023-27898 CVE - 2023-27898 RHSA-2023:1655 RHSA-2023:3663

Red Hat OpenShift: CVE-2023-27904: Jenkins: Information disclosure through error stack traces related to agents Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/10/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. Solution(s) linuxrpm-upgrade-jenkins References https://attackerkb.com/topics/cve-2023-27904 CVE - 2023-27904 RHSA-2023:1655 RHSA-2023:3195 RHSA-2023:3198 RHSA-2023:3299 RHSA-2023:3622 RHSA-2023:3663 RHSA-2023:6171 RHSA-2023:6172 RHSA-2024:0775 RHSA-2024:0778 View more

Ubuntu: (Multiple Advisories) (CVE-2023-27530): Rack vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2023 Created 06/21/2024 Added 06/21/2024 Modified 01/28/2025 Description A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. Solution(s) ubuntu-pro-upgrade-ruby-rack References https://attackerkb.com/topics/cve-2023-27530 CVE - 2023-27530 DSA-5530 USN-6837-1 USN-6905-1 USN-7036-1

Oracle Linux: CVE-2023-1989: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 03/09/2023 Created 11/15/2023 Added 11/13/2023 Modified 01/23/2025 Description A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-1989 CVE - 2023-1989 ELSA-2023-7077 ELSA-2024-12354 ELSA-2023-13005 ELSA-2023-6583 ELSA-2023-12974 ELSA-2023-13001 View more

Amazon Linux 2023: CVE-2023-1289: Medium priority package update for ImageMagick Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/09/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in &quot;/tmp,&quot; resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. Solution(s) amazon-linux-2023-upgrade-imagemagick amazon-linux-2023-upgrade-imagemagick-c amazon-linux-2023-upgrade-imagemagick-c-debuginfo amazon-linux-2023-upgrade-imagemagick-c-devel amazon-linux-2023-upgrade-imagemagick-debuginfo amazon-linux-2023-upgrade-imagemagick-debugsource amazon-linux-2023-upgrade-imagemagick-devel amazon-linux-2023-upgrade-imagemagick-doc amazon-linux-2023-upgrade-imagemagick-libs amazon-linux-2023-upgrade-imagemagick-libs-debuginfo amazon-linux-2023-upgrade-imagemagick-perl amazon-linux-2023-upgrade-imagemagick-perl-debuginfo References https://attackerkb.com/topics/cve-2023-1289 CVE - 2023-1289 https://alas.aws.amazon.com/AL2023/ALAS-2023-150.html

VMware Photon OS: CVE-2023-27985 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-27985 CVE - 2023-27985

VMware Photon OS: CVE-2023-27986 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-27986 CVE - 2023-27986

VMware Photon OS: CVE-2023-0845 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 03/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0845 CVE - 2023-0845

CentOS Linux: CVE-2023-28154: Important: pcs security update (CESA-2023:1591) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/13/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. Solution(s) centos-upgrade-pcs centos-upgrade-pcs-snmp References CVE-2023-28154

Alpine Linux: CVE-2023-27985: OS Command Injection Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/09/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 Solution(s) alpine-linux-upgrade-emacs References https://attackerkb.com/topics/cve-2023-27985 CVE - 2023-27985 https://security.alpinelinux.org/vuln/CVE-2023-27985

Amazon Linux 2023: CVE-2023-1032: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/13/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. A double-free vulnerability was found in handling the IORING_OP_SOCKET operation with io_uring in the Linux kernel. This issue requires a memory allocation failure to happen, which is followed by a double-free of a recently allocated object. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-19-30-43 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-1032 CVE - 2023-1032 https://alas.aws.amazon.com/AL2023/ALAS-2023-138.html

Lexmark Device Embedded Web Server RCE Disclosed 03/13/2023 Created 09/19/2023 Description A unauthenticated Remote Code Execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. If no Admin user is created the endpoint `/cgi-bin/fax_change_faxtrace_settings` is accessible without authentication. The endpoint allows the user to configure a number of different fax settings. A number of the configurable parameters on the page (ex. `FT_Custom_lbtrace`) fail to be sanitized properly before being used in an bash eval statement: `eval "$cmd" > /dev/null`, allowing for an unauthenticated user to run arbitrary commands. Author(s) James Horseman Zach Hanley jheysel-r7 Platform Unix Architectures cmd Development Source Code History

PaperCut PaperCutNG Authentication Bypass Disclosed 03/13/2023 Created 06/07/2023 Description This module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the 'print-and-device.script.enabled' and 'print.script.sandboxed' options to allow for arbitrary code execution running in the builtin RhinoJS engine. This module logs at most 2 events in the application log of papercut. Each event is tied to modifcation of server settings. Author(s) catatonicprime Platform Java Architectures java Development Source Code History

Alpine Linux: CVE-2021-45423: Classic Buffer Overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/13/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. Solution(s) alpine-linux-upgrade-pev References https://attackerkb.com/topics/cve-2021-45423 CVE - 2021-45423 https://security.alpinelinux.org/vuln/CVE-2021-45423

Rocky Linux: CVE-2023-28154: pcs (RLSA-2023-1591) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/13/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. Solution(s) rocky-upgrade-pcs rocky-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-28154 CVE - 2023-28154 https://errata.rockylinux.org/RLSA-2023:1591

Ubuntu: USN-5943-1 (CVE-2023-25746): Thunderbird vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25746 CVE - 2023-25746 USN-5943-1

Oracle Linux: CVE-2023-28154: ELSA-2023-12235:pcs security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 03/13/2023 Created 05/05/2023 Added 04/05/2023 Modified 01/07/2025 Description Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. A flaw was found in the webpack package, which could allow a remote attacker to bypass security restrictions caused by the mishandling of the magic comment feature by the ImportParserPlugin.js. This flaw allows an attacker to gain access to the real global object by sending a specially-crafted request. Solution(s) oracle-linux-upgrade-pcs oracle-linux-upgrade-pcs-snmp References https://attackerkb.com/topics/cve-2023-28154 CVE - 2023-28154 ELSA-2023-12235