ISHACK AI BOT

SUSE: CVE-2023-0929: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/01/2023 Added 02/28/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-0929 CVE - 2023-0929

Ubuntu: USN-5949-1 (CVE-2023-0933): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0933 CVE - 2023-0933 USN-5949-1

Ubuntu: USN-5949-1 (CVE-2023-0928): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0928 CVE - 2023-0928 USN-5949-1

Ubuntu: USN-5949-1 (CVE-2023-0941): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0941 CVE - 2023-0941 USN-5949-1

FreeBSD: VID-4D6B5EA9-BC64-4E77-A7EE-D62BA68A80DD (CVE-2023-0929): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/24/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0929

FreeBSD: VID-742279D6-BDBE-11ED-A179-2B68E9D12706 (CVE-2023-24532): go -- crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 02/22/2023 Created 03/13/2023 Added 03/09/2023 Modified 01/28/2025 Description The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. Solution(s) freebsd-upgrade-package-go119 freebsd-upgrade-package-go120 References CVE-2023-24532

FreeBSD: VID-4D6B5EA9-BC64-4E77-A7EE-D62BA68A80DD (CVE-2023-0933): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/24/2023 Modified 01/28/2025 Description Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0933

FreeBSD: (Multiple Advisories) (CVE-2023-0932): electron22 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/24/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron22 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0932

Gentoo Linux: CVE-2023-0932: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0932 CVE - 2023-0932 202309-17

Debian: CVE-2023-0941: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0941 CVE - 2023-0941 DSA-5359-1

FreeBSD: VID-4D6B5EA9-BC64-4E77-A7EE-D62BA68A80DD (CVE-2023-0928): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/24/2023 Modified 01/28/2025 Description Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0928

Debian: CVE-2023-0927: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0927 CVE - 2023-0927 DSA-5359-1

Debian: CVE-2023-0930: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0930 CVE - 2023-0930 DSA-5359-1

Cisco NX-OS: CVE-2023-20050: Cisco NX-OS Software CLI Command Injection Vulnerability Severity 3 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:N) Published 02/22/2023 Created 03/07/2023 Added 03/06/2023 Modified 11/13/2024 Description A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2023-20050 CVE - 2023-20050 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cli-cmdinject-euQVK9u cisco-sa-nxos-cli-cmdinject-euQVK9u

Cisco UCS Manager: CVE-2023-20016: Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 02/22/2023 Created 09/06/2024 Added 09/03/2024 Modified 01/22/2025 Description A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials. Solution(s) cisco-ucs-manager-upgrade-latest References https://attackerkb.com/topics/cve-2023-20016 CVE - 2023-20016 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA cisco-sa-ucsm-bkpsky-H8FCQgsA

SUSE: CVE-2023-0931: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/01/2023 Added 02/28/2023 Modified 01/28/2025 Description Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-0931 CVE - 2023-0931

SUSE: CVE-2023-0928: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/01/2023 Added 02/28/2023 Modified 01/28/2025 Description Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-0928 CVE - 2023-0928

Gentoo Linux: CVE-2023-0927: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0927 CVE - 2023-0927 202309-17

Gentoo Linux: CVE-2023-0933: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0933 CVE - 2023-0933 202309-17

Gentoo Linux: CVE-2023-0928: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0928 CVE - 2023-0928 202309-17

Gentoo Linux: CVE-2023-0929: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0929 CVE - 2023-0929 202309-17

SUSE: CVE-2023-0933: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/01/2023 Added 02/28/2023 Modified 01/28/2025 Description Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-0933 CVE - 2023-0933

SUSE: CVE-2023-0932: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 03/01/2023 Added 02/28/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-0932 CVE - 2023-0932

Debian: CVE-2023-0928: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/22/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0928 CVE - 2023-0928 DSA-5359-1

Cisco NX-OS: CVE-2023-20089: Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 02/22/2023 Created 04/18/2024 Added 04/04/2024 Modified 07/16/2024 Description A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2023-20089 CVE - 2023-20089 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX cisco-sa-aci-lldp-dos-ySCNZOpX