ISHACK AI BOT

Debian: CVE-2021-45423: pev -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/13/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. Solution(s) debian-upgrade-pev References https://attackerkb.com/topics/cve-2021-45423 CVE - 2021-45423

Amazon Linux 2023: CVE-2023-0160: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 03/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. A deadlock flaw was found in the Linux kernel’s BPF subsystem. The fail happens in the function sock_hash_delete_elem. This flaw allows a local user to potentially crash the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-29-47-49 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-0160 CVE - 2023-0160 https://alas.aws.amazon.com/AL2023/ALAS-2023-184.html

Red Hat: CVE-2023-28154: avoid cross-realm objects (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/13/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. Solution(s) redhat-upgrade-pcs redhat-upgrade-pcs-snmp References CVE-2023-28154 RHSA-2023:1591

VMware Photon OS: CVE-2023-1355 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1355 CVE - 2023-1355

Alpine Linux: CVE-2023-1355: NULL Pointer Dereference Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/11/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-1355 CVE - 2023-1355 https://security.alpinelinux.org/vuln/CVE-2023-1355

Gentoo Linux: CVE-2023-1350: Liferea: Remote Code Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/11/2023 Created 07/02/2024 Added 07/03/2024 Modified 01/28/2025 Description A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. Solution(s) gentoo-linux-upgrade-net-news-liferea References https://attackerkb.com/topics/cve-2023-1350 CVE - 2023-1350 202407-03

SUSE: CVE-2023-1350: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/11/2023 Created 05/05/2023 Added 04/28/2023 Modified 01/28/2025 Description A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. Solution(s) suse-upgrade-liferea suse-upgrade-liferea-lang References https://attackerkb.com/topics/cve-2023-1350 CVE - 2023-1350

Debian: CVE-2023-1350: liferea -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/11/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. Solution(s) debian-upgrade-liferea References https://attackerkb.com/topics/cve-2023-1350 CVE - 2023-1350

Amazon Linux AMI: CVE-2023-1355: Security patch for vim (ALAS-2023-1716) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/11/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. Solution(s) amazon-linux-upgrade-vim References ALAS-2023-1716 CVE-2023-1355

Amazon Linux 2023: CVE-2023-1355: Medium priority package update for vim Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. A NULL pointer dereference vulnerability was discovered in vim's class_object_index() function at vim9class.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-common-debuginfo amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-1355 CVE - 2023-1355 https://alas.aws.amazon.com/AL2023/ALAS-2023-151.html

Amazon Linux AMI 2: CVE-2023-1355: Security patch for vim (ALAS-2023-2005) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/11/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-data amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2023-1355 AL2/ALAS-2023-2005 CVE - 2023-1355

SUSE: CVE-2023-1355: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 03/11/2023 Created 05/05/2023 Added 05/05/2023 Modified 01/28/2025 Description NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small suse-upgrade-xxd References https://attackerkb.com/topics/cve-2023-1355 CVE - 2023-1355

Oracle Linux: CVE-2023-28164: ELSA-2023-1407:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 03/14/2023 Created 03/23/2023 Added 03/21/2023 Modified 01/07/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-28164 CVE - 2023-28164 ELSA-2023-1407 ELSA-2023-1337 ELSA-2023-1403 ELSA-2023-1336 ELSA-2023-1333 ELSA-2023-1401 View more

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-25750) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/30/2025 Description Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-25750 CVE - 2023-25750 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28162) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28162 CVE - 2023-28162 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

CVE-2023-23399: Microsoft Excel Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description CVE-2023-23399: Microsoft Excel Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_71_0 References https://attackerkb.com/topics/cve-2023-23399 CVE - 2023-23399 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#march-14-2023

SUSE: CVE-2023-28160: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-28160 CVE - 2023-28160

SUSE: CVE-2023-28159: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 111. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-28159 CVE - 2023-28159

APSB23-25: Security updates available for Adobe ColdFusion | APSB23-25 (CVE-2023-26360) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-16 adobe-coldfusion-2021-release-update-6 References https://attackerkb.com/topics/cve-2023-26360 CVE - 2023-26360 https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

APSB23-25: Security updates available for Adobe ColdFusion | APSB23-25 (CVE-2023-26359) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-16 adobe-coldfusion-2021-release-update-6 References https://attackerkb.com/topics/cve-2023-26359 CVE - 2023-26359 https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28164) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28164 CVE - 2023-28164 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

MFSA2023-09 Firefox: Security Vulnerabilities fixed in Firefox 111 (CVE-2023-28177) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/14/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111. Solution(s) mozilla-firefox-upgrade-111_0 References https://attackerkb.com/topics/cve-2023-28177 CVE - 2023-28177 http://www.mozilla.org/security/announce/2023/mfsa2023-09.html

FreeBSD: VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9 (CVE-2023-27539): rack -- possible denial of service vulnerability in header parsing Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/13/2023 Created 03/27/2023 Added 03/24/2023 Modified 03/24/2023 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9: ooooooo_q reports: Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. Solution(s) freebsd-upgrade-package-rubygem-rack freebsd-upgrade-package-rubygem-rack16 freebsd-upgrade-package-rubygem-rack22 References CVE-2023-27539

Ubuntu: USN-5943-1 (CVE-2023-0616): Thunderbird vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. Solution(s) ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-0616 CVE - 2023-0616 USN-5943-1

Debian: CVE-2023-27985: emacs -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/09/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 Solution(s) debian-upgrade-emacs References https://attackerkb.com/topics/cve-2023-27985 CVE - 2023-27985