ISHACK AI BOT

Aruba AOS-8: CVE-2023-22764: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22764 References https://attackerkb.com/topics/cve-2023-22764 CVE - 2023-22764 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Red Hat: CVE-2023-27371: libmicrohttpd: remote DoS (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. Solution(s) redhat-upgrade-libmicrohttpd redhat-upgrade-libmicrohttpd-debuginfo redhat-upgrade-libmicrohttpd-debugsource redhat-upgrade-libmicrohttpd-devel redhat-upgrade-libmicrohttpd-doc References CVE-2023-27371 RHSA-2023:6566 RHSA-2023:7090 RHSA-2024:0584 RHSA-2024:1109

Gentoo Linux: CVE-2022-41724: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2022-41724 CVE - 2022-41724 202311-09

Aruba AOS-8: CVE-2023-22771: Insufficient Session Expiration in ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of impacted account. Solution(s) aruba-aos-8-cve-2023-22771 References https://attackerkb.com/topics/cve-2023-22771 CVE - 2023-22771 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22752: Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22752 References https://attackerkb.com/topics/cve-2023-22752 CVE - 2023-22752 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22756: Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22756 References https://attackerkb.com/topics/cve-2023-22756 CVE - 2023-22756 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22768: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22768 References https://attackerkb.com/topics/cve-2023-22768 CVE - 2023-22768 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22760: Authenticated Remote Command Execution in ArubaOS Web-based Management Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. Solution(s) aruba-aos-8-cve-2023-22760 References https://attackerkb.com/topics/cve-2023-22760 CVE - 2023-22760 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22751: Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are stack-based buffer overflow vulnerabilities thatcould lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22751 References https://attackerkb.com/topics/cve-2023-22751 CVE - 2023-22751 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22765: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22765 References https://attackerkb.com/topics/cve-2023-22765 CVE - 2023-22765 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-8: CVE-2023-22763: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22763 References https://attackerkb.com/topics/cve-2023-22763 CVE - 2023-22763 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-10: CVE-2023-22775: Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. Solution(s) aruba-aos-10-cve-2023-22775 References https://attackerkb.com/topics/cve-2023-22775 CVE - 2023-22775 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Aruba AOS-10: CVE-2023-22747: Multiple Unauthenticated Command Injections in the PAPI Protocol Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-22747 References https://attackerkb.com/topics/cve-2023-22747 CVE - 2023-22747 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Huawei EulerOS: CVE-2022-41725: golang security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/30/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) huawei-euleros-2_0_sp10-upgrade-golang huawei-euleros-2_0_sp10-upgrade-golang-devel huawei-euleros-2_0_sp10-upgrade-golang-help References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725 EulerOS-SA-2023-1822

Huawei EulerOS: CVE-2022-41724: golang security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 05/10/2023 Added 05/09/2023 Modified 01/28/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). Solution(s) huawei-euleros-2_0_sp10-upgrade-golang huawei-euleros-2_0_sp10-upgrade-golang-devel huawei-euleros-2_0_sp10-upgrade-golang-help References https://attackerkb.com/topics/cve-2022-41724 CVE - 2022-41724 EulerOS-SA-2023-1822

Debian: CVE-2023-27372: spip -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/28/2023 Created 03/03/2023 Added 03/02/2023 Modified 01/28/2025 Description SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. Solution(s) debian-upgrade-spip References https://attackerkb.com/topics/cve-2023-27372 CVE - 2023-27372 DLA-3347-1 DSA-5367

Debian: CVE-2023-27371: libmicrohttpd -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 04/04/2023 Added 04/03/2023 Modified 01/30/2025 Description GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. Solution(s) debian-upgrade-libmicrohttpd References https://attackerkb.com/topics/cve-2023-27371 CVE - 2023-27371 DLA-3374-1

Debian: CVE-2023-22995: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-22995 CVE - 2023-22995

VMware Photon OS: CVE-2023-0461 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0461 CVE - 2023-0461

Debian: CVE-2023-22999: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-22999 CVE - 2023-22999

VMware Photon OS: CVE-2023-22999 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 01/30/2025 Added 01/29/2025 Modified 02/04/2025 Description In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-22999 CVE - 2023-22999

Ubuntu: (CVE-2023-22998): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gke-5-15 ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oem-6-0 ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv ubuntu-upgrade-linux-riscv-5-15 References https://attackerkb.com/topics/cve-2023-22998 CVE - 2023-22998 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3 https://git.kernel.org/linus/64b88afbd92fbf434759d1896a7cf705e1c00e79 https://git.kernel.org/linus/c24968734abfed81c8f93dc5f44a7b7a9aecadfa https://github.com/torvalds/linux/commit/c24968734abfed81c8f93dc5f44a7b7a9aecadfa https://www.cve.org/CVERecord?id=CVE-2023-22998

Gentoo Linux: CVE-2022-41725: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/30/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725 202311-09

Aruba AOS-10: CVE-2023-22761: Authenticated Remote Command Execution in ArubaOS Web-based Management Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. Solution(s) aruba-aos-10-cve-2023-22761 References https://attackerkb.com/topics/cve-2023-22761 CVE - 2023-22761 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Gentoo Linux: CVE-2023-23518: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/27/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-23518 CVE - 2023-23518 202305-32