ISHACK AI BOT

Red Hat: CVE-2023-25725: request smuggling attack in HTTP/1 header parsing (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) redhat-upgrade-haproxy redhat-upgrade-haproxy-debuginfo redhat-upgrade-haproxy-debugsource References CVE-2023-25725 RHSA-2023:1696 RHSA-2023:1978

Red Hat: CVE-2023-25564: memory corruption when decoding UTF16 strings (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0. Solution(s) redhat-upgrade-gssntlmssp redhat-upgrade-gssntlmssp-debuginfo redhat-upgrade-gssntlmssp-debugsource References CVE-2023-25564 RHSA-2023:3097

Red Hat: CVE-2023-25566: memory leak when parsing usernames (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) redhat-upgrade-gssntlmssp redhat-upgrade-gssntlmssp-debuginfo redhat-upgrade-gssntlmssp-debugsource References CVE-2023-25566 RHSA-2023:3097

Microsoft Windows: CVE-2023-21804: Windows Graphics Component Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Windows Graphics Component Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022858 microsoft-windows-windows_10-1607-kb5022838 microsoft-windows-windows_10-1809-kb5022840 microsoft-windows-windows_10-20h2-kb5022834 microsoft-windows-windows_10-21h2-kb5022834 microsoft-windows-windows_10-22h2-kb5022834 microsoft-windows-windows_11-21h2-kb5022836 microsoft-windows-windows_11-22h2-kb5022845 microsoft-windows-windows_server_2012-kb5022895 microsoft-windows-windows_server_2012_r2-kb5022894 microsoft-windows-windows_server_2016-1607-kb5022838 microsoft-windows-windows_server_2019-1809-kb5022840 microsoft-windows-windows_server_2022-21h2-kb5022842 microsoft-windows-windows_server_2022-22h2-kb5022842 msft-kb5022895-2ab7ff3f-f8a8-4880-8b7b-70240b5bdd3b msft-kb5022895-8d99d9eb-7053-4bb2-aac2-f76d82115692 References https://attackerkb.com/topics/cve-2023-21804 CVE - 2023-21804 https://support.microsoft.com/help/5022834 https://support.microsoft.com/help/5022836 https://support.microsoft.com/help/5022838 https://support.microsoft.com/help/5022840 https://support.microsoft.com/help/5022842 https://support.microsoft.com/help/5022845 https://support.microsoft.com/help/5022858 https://support.microsoft.com/help/5022894 https://support.microsoft.com/help/5022895 https://support.microsoft.com/help/5022899 View more

Amazon Linux AMI: CVE-2023-22490: Security patch for git (ALAS-2023-1700) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 03/09/2023 Added 03/07/2023 Modified 01/28/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) amazon-linux-upgrade-git References ALAS-2023-1700 CVE-2023-22490

Amazon Linux AMI: CVE-2022-41722: Security patch for golang ((Multiple Advisories)) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". Solution(s) amazon-linux-upgrade-golang References ALAS-2023-1848 CVE-2022-41722

Amazon Linux AMI: CVE-2023-23946: Security patch for git (ALAS-2023-1700) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 03/09/2023 Added 03/07/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) amazon-linux-upgrade-git References ALAS-2023-1700 CVE-2023-23946

Amazon Linux AMI: CVE-2022-41723: Security patch for docker ((Multiple Advisories)) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) amazon-linux-upgrade-amazon-ssm-agent amazon-linux-upgrade-containerd amazon-linux-upgrade-docker amazon-linux-upgrade-golang References ALAS-2023-1881 CVE-2022-41723

Huawei EulerOS: CVE-2023-23946: git security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) huawei-euleros-2_0_sp11-upgrade-git huawei-euleros-2_0_sp11-upgrade-git-help References https://attackerkb.com/topics/cve-2023-23946 CVE - 2023-23946 EulerOS-SA-2023-2289

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-25732) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-25735) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-25735 CVE - 2023-25735 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html

Huawei EulerOS: CVE-2023-22490: git security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) huawei-euleros-2_0_sp11-upgrade-git huawei-euleros-2_0_sp11-upgrade-git-help References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 EulerOS-SA-2023-2289

Microsoft Windows: CVE-2023-21692: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022858 microsoft-windows-windows_10-1607-kb5022838 microsoft-windows-windows_10-1809-kb5022840 microsoft-windows-windows_10-20h2-kb5022834 microsoft-windows-windows_10-21h2-kb5022834 microsoft-windows-windows_10-22h2-kb5022834 microsoft-windows-windows_11-21h2-kb5022836 microsoft-windows-windows_11-22h2-kb5022845 microsoft-windows-windows_server_2012-kb5022895 microsoft-windows-windows_server_2012_r2-kb5022894 microsoft-windows-windows_server_2016-1607-kb5022838 microsoft-windows-windows_server_2019-1809-kb5022840 microsoft-windows-windows_server_2022-21h2-kb5022842 microsoft-windows-windows_server_2022-22h2-kb5022842 msft-kb5022874-0383d529-d089-4f99-ac79-731e39cee496 msft-kb5022874-6867c9a3-6d5d-4fb0-8483-1050cf1508c9 msft-kb5022874-9c39e57c-7f23-49ee-bf4a-4a5aaa678856 msft-kb5022893-aba4c4cf-b18c-4cfd-af57-357b60f198b2 msft-kb5022893-de95c542-b326-4146-9cc2-d47b66e6556f msft-kb5022895-2ab7ff3f-f8a8-4880-8b7b-70240b5bdd3b msft-kb5022895-8d99d9eb-7053-4bb2-aac2-f76d82115692 References https://attackerkb.com/topics/cve-2023-21692 CVE - 2023-21692 https://support.microsoft.com/help/5022834 https://support.microsoft.com/help/5022836 https://support.microsoft.com/help/5022838 https://support.microsoft.com/help/5022840 https://support.microsoft.com/help/5022842 https://support.microsoft.com/help/5022845 https://support.microsoft.com/help/5022858 https://support.microsoft.com/help/5022894 https://support.microsoft.com/help/5022895 https://support.microsoft.com/help/5022899 View more

Microsoft Windows: CVE-2023-21691: Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022858 microsoft-windows-windows_10-1607-kb5022838 microsoft-windows-windows_10-1809-kb5022840 microsoft-windows-windows_10-20h2-kb5022834 microsoft-windows-windows_10-21h2-kb5022834 microsoft-windows-windows_10-22h2-kb5022834 microsoft-windows-windows_11-21h2-kb5022836 microsoft-windows-windows_11-22h2-kb5022845 microsoft-windows-windows_server_2012-kb5022895 microsoft-windows-windows_server_2012_r2-kb5022894 microsoft-windows-windows_server_2016-1607-kb5022838 microsoft-windows-windows_server_2019-1809-kb5022840 microsoft-windows-windows_server_2022-21h2-kb5022842 microsoft-windows-windows_server_2022-22h2-kb5022842 msft-kb5022874-0383d529-d089-4f99-ac79-731e39cee496 msft-kb5022874-6867c9a3-6d5d-4fb0-8483-1050cf1508c9 msft-kb5022874-9c39e57c-7f23-49ee-bf4a-4a5aaa678856 msft-kb5022893-aba4c4cf-b18c-4cfd-af57-357b60f198b2 msft-kb5022893-de95c542-b326-4146-9cc2-d47b66e6556f msft-kb5022895-2ab7ff3f-f8a8-4880-8b7b-70240b5bdd3b msft-kb5022895-8d99d9eb-7053-4bb2-aac2-f76d82115692 References https://attackerkb.com/topics/cve-2023-21691 CVE - 2023-21691 https://support.microsoft.com/help/5022834 https://support.microsoft.com/help/5022836 https://support.microsoft.com/help/5022838 https://support.microsoft.com/help/5022840 https://support.microsoft.com/help/5022842 https://support.microsoft.com/help/5022845 https://support.microsoft.com/help/5022858 https://support.microsoft.com/help/5022894 https://support.microsoft.com/help/5022895 https://support.microsoft.com/help/5022899 View more

Apple Safari security update for CVE-2023-23529 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-safari-upgrade-16_3 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-23529 CVE - 2023-23529 http://support.apple.com/kb/HT213638

VMware Photon OS: CVE-2022-27672 Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 02/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-27672 CVE - 2022-27672

Debian: CVE-2023-22490: git -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/24/2023 Added 02/24/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 DSA-5357-1

Microsoft CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability Solution(s) msft-kb5002309-1f34980f-a981-4765-9549-c903125ca569 msft-kb5002312-dea16f0a-f8ca-4316-9d69-8f5d379bc90c msft-kb5002313-add2c58b-8299-4e5e-b5bc-87a1fa0fdb6d msft-kb5002316-a1150c04-ede5-44bd-9d79-da9f15f29b5f msft-kb5002316-da7ccf32-f626-4159-898f-99e8928c1cd4 msft-kb5002347-17baa5cb-a4de-47b8-9852-4bfec9d18e28 References https://attackerkb.com/topics/cve-2023-21716 CVE - 2023-21716 5002309 5002312 5002313 5002316 5002323 5002325 5002330 5002342 5002347 5002352 5002353 View more

Red Hat OpenShift: CVE-2023-25725: haproxy: request smuggling attack in HTTP/1 header parsing Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) linuxrpm-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-25725 CVE - 2023-25725 RHSA-2023:1268 RHSA-2023:1325 RHSA-2023:1655 RHSA-2023:1696 RHSA-2023:1978 RHSA-2024:0746 View more

Microsoft CVE-2023-21705: Microsoft SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21705: Microsoft SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5021037-3c92a76c-54f2-4233-b816-f6fb1920e0e1-x64 msft-kb5021037-3c92a76c-54f2-4233-b816-f6fb1920e0e1-x86 msft-kb5021045-c18aadf2-7829-444a-8d2f-f08895728efa-x64 msft-kb5021045-c18aadf2-7829-444a-8d2f-f08895728efa-x86 msft-kb5021123-5677ae73-a561-46e2-8437-d49aa120d66b-x64 msft-kb5021123-5677ae73-a561-46e2-8437-d49aa120d66b-x86 msft-kb5021124-b44059d0-2a94-4478-9052-9656ae194441-x64 msft-kb5021125-a0a2074d-39ee-4632-9cfe-a6e1f68c6153-x64 msft-kb5021126-4935a8d2-7e33-4d86-8811-19499c775c0b-x64 msft-kb5021127-0f002564-2d04-4ff8-94c2-7e14e50c6e7a-x64 msft-kb5021129-4874157b-5958-4260-a3ab-592853c42fcc-x64 msft-kb5021522-dae43374-abd0-4761-b4a7-d2823f4fbeed-x64 References https://attackerkb.com/topics/cve-2023-21705 CVE - 2023-21705 5021037 5021045 5021123 5021124 5021125 5021126 5021127 5021128 5021129 5021522 View more

Microsoft CVE-2023-21706: Microsoft Exchange Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21706: Microsoft Exchange Server Remote Code Execution Vulnerability Solution(s) msft-kb5023038-0114c451-a5b6-4e1a-8da5-f20a2bc43f10 References https://attackerkb.com/topics/cve-2023-21706 CVE - 2023-21706 5023038

Microsoft CVE-2023-21713: Microsoft SQL Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21713: Microsoft SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5021037-3c92a76c-54f2-4233-b816-f6fb1920e0e1-x64 msft-kb5021037-3c92a76c-54f2-4233-b816-f6fb1920e0e1-x86 msft-kb5021045-c18aadf2-7829-444a-8d2f-f08895728efa-x64 msft-kb5021045-c18aadf2-7829-444a-8d2f-f08895728efa-x86 msft-kb5021123-5677ae73-a561-46e2-8437-d49aa120d66b-x64 msft-kb5021123-5677ae73-a561-46e2-8437-d49aa120d66b-x86 msft-kb5021124-b44059d0-2a94-4478-9052-9656ae194441-x64 msft-kb5021125-a0a2074d-39ee-4632-9cfe-a6e1f68c6153-x64 msft-kb5021126-4935a8d2-7e33-4d86-8811-19499c775c0b-x64 msft-kb5021127-0f002564-2d04-4ff8-94c2-7e14e50c6e7a-x64 msft-kb5021129-4874157b-5958-4260-a3ab-592853c42fcc-x64 msft-kb5021522-dae43374-abd0-4761-b4a7-d2823f4fbeed-x64 References https://attackerkb.com/topics/cve-2023-21713 CVE - 2023-21713 5021037 5021045 5021123 5021124 5021125 5021126 5021127 5021128 5021129 5021522 View more

Debian: CVE-2021-46023: mruby -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. Solution(s) debian-upgrade-mruby References https://attackerkb.com/topics/cve-2021-46023 CVE - 2021-46023

CentOS Linux: CVE-2023-25566: Moderate: gssntlmssp security update (CESA-2023:3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) centos-upgrade-gssntlmssp centos-upgrade-gssntlmssp-debuginfo centos-upgrade-gssntlmssp-debugsource References CVE-2023-25566

FreeBSD: VID-3D73E384-AD1F-11ED-983C-83FE35862E3A (CVE-2022-41723): go -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/17/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-3D73E384-AD1F-11ED-983C-83FE35862E3A: The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b. net/http, mime/multipart: denial of service from excessive resource consumption Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. crypto/tls: large handshake records may cause panics Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. net/http: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) freebsd-upgrade-package-go119 freebsd-upgrade-package-go120 References CVE-2022-41723