ISHACK AI BOT

FreeBSD: VID-09B7CD39-47BD-11EE-8E38-002590C1F29C (CVE-2023-25136): FreeBSD -- OpenSSH pre-authentication double free Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 02/03/2023 Created 09/05/2023 Added 08/31/2023 Modified 01/28/2025 Description OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." Solution(s) freebsd-upgrade-base-12_4-release-p2 References CVE-2023-25136

Debian: CVE-2021-37519: memcached -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. Solution(s) debian-upgrade-memcached References https://attackerkb.com/topics/cve-2021-37519 CVE - 2021-37519

Amazon Linux AMI 2: CVE-2021-37519: Security patch for memcached (ALASMEMCACHED1.5-2023-001) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/03/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. Solution(s) amazon-linux-ami-2-upgrade-memcached amazon-linux-ami-2-upgrade-memcached-debuginfo amazon-linux-ami-2-upgrade-memcached-devel amazon-linux-ami-2-upgrade-memcached-selinux References https://attackerkb.com/topics/cve-2021-37519 AL2/ALASMEMCACHED1.5-2023-001 CVE - 2021-37519

Alpine Linux: CVE-2021-37519: Out-of-bounds Write Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/03/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. Solution(s) alpine-linux-upgrade-memcached References https://attackerkb.com/topics/cve-2021-37519 CVE - 2021-37519 https://security.alpinelinux.org/vuln/CVE-2021-37519

Amazon Linux AMI: CVE-2023-0286: Security patch for openssl (ALAS-2023-1683) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 02/03/2023 Created 02/11/2023 Added 02/09/2023 Modified 01/28/2025 Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. Solution(s) amazon-linux-upgrade-openssl References ALAS-2023-1683 CVE-2023-0286

Red Hat: CVE-2023-25136: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability (Multiple Advisories) Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 02/03/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." Solution(s) redhat-upgrade-openssh redhat-upgrade-openssh-askpass redhat-upgrade-openssh-askpass-debuginfo redhat-upgrade-openssh-clients redhat-upgrade-openssh-clients-debuginfo redhat-upgrade-openssh-debuginfo redhat-upgrade-openssh-debugsource redhat-upgrade-openssh-keycat redhat-upgrade-openssh-keycat-debuginfo redhat-upgrade-openssh-server redhat-upgrade-openssh-server-debuginfo redhat-upgrade-openssh-sk-dummy-debuginfo redhat-upgrade-pam_ssh_agent_auth redhat-upgrade-pam_ssh_agent_auth-debuginfo References CVE-2023-25136 RHSA-2023:2645

Oracle Linux: CVE-2023-25136: ELSA-2023-2645:openssh security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:C) Published 02/03/2023 Created 05/19/2023 Added 05/18/2023 Modified 11/11/2024 Description OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration. Solution(s) oracle-linux-upgrade-openssh oracle-linux-upgrade-openssh-askpass oracle-linux-upgrade-openssh-clients oracle-linux-upgrade-openssh-keycat oracle-linux-upgrade-openssh-server oracle-linux-upgrade-pam-ssh-agent-auth References https://attackerkb.com/topics/cve-2023-25136 CVE - 2023-25136 ELSA-2023-2645

Debian: CVE-2022-24894: symfony -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/03/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/30/2025 Description Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4. Solution(s) debian-upgrade-symfony References https://attackerkb.com/topics/cve-2022-24894 CVE - 2022-24894 DLA-3493-1

Alpine Linux: CVE-2023-25139: Out-of-bounds Write Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/03/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. Solution(s) alpine-linux-upgrade-mpfr4 References https://attackerkb.com/topics/cve-2023-25139 CVE - 2023-25139 https://security.alpinelinux.org/vuln/CVE-2023-25139

Ubuntu: (CVE-2023-25139): glibc vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/03/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. Solution(s) ubuntu-upgrade-glibc References https://attackerkb.com/topics/cve-2023-25139 CVE - 2023-25139 https://www.cve.org/CVERecord?id=CVE-2023-25139

Gentoo Linux: CVE-2023-25136: OpenSSH: Remote Code Execution Severity 8 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:C) Published 02/03/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/30/2025 Description OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." Solution(s) gentoo-linux-upgrade-net-misc-openssh References https://attackerkb.com/topics/cve-2023-25136 CVE - 2023-25136 202307-01

SUSE: CVE-2023-25012: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 02/02/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-25012 CVE - 2023-25012

Oracle Linux: CVE-2023-23517: ELSA-2023-2256:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/02/2023 Created 05/18/2023 Added 05/17/2023 Modified 12/06/2024 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-23517 CVE - 2023-23517 ELSA-2023-2256 ELSA-2023-2834

Ubuntu: (Multiple Advisories) (CVE-2023-25012): Linux kernel (OEM) vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 02/02/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1022-gkeop ubuntu-upgrade-linux-image-5-15-0-1032-ibm ubuntu-upgrade-linux-image-5-15-0-1032-raspi ubuntu-upgrade-linux-image-5-15-0-1032-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1033-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1035-kvm ubuntu-upgrade-linux-image-5-15-0-1036-gcp ubuntu-upgrade-linux-image-5-15-0-1036-gke ubuntu-upgrade-linux-image-5-15-0-1037-oracle ubuntu-upgrade-linux-image-5-15-0-1038-aws ubuntu-upgrade-linux-image-5-15-0-1040-azure ubuntu-upgrade-linux-image-5-15-0-1040-azure-fde ubuntu-upgrade-linux-image-5-15-0-1041-azure-fde ubuntu-upgrade-linux-image-5-15-0-75-generic ubuntu-upgrade-linux-image-5-15-0-75-generic-64k ubuntu-upgrade-linux-image-5-15-0-75-generic-lpae ubuntu-upgrade-linux-image-5-15-0-75-lowlatency ubuntu-upgrade-linux-image-5-15-0-75-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1021-raspi ubuntu-upgrade-linux-image-5-19-0-1021-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1024-ibm ubuntu-upgrade-linux-image-5-19-0-1025-kvm ubuntu-upgrade-linux-image-5-19-0-1025-oracle ubuntu-upgrade-linux-image-5-19-0-1026-gcp ubuntu-upgrade-linux-image-5-19-0-1027-aws ubuntu-upgrade-linux-image-5-19-0-1027-lowlatency ubuntu-upgrade-linux-image-5-19-0-1027-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1028-azure ubuntu-upgrade-linux-image-5-19-0-45-generic ubuntu-upgrade-linux-image-5-19-0-45-generic-64k ubuntu-upgrade-linux-image-5-19-0-45-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1017-iot ubuntu-upgrade-linux-image-5-4-0-1024-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1051-ibm ubuntu-upgrade-linux-image-5-4-0-1065-bluefield ubuntu-upgrade-linux-image-5-4-0-1071-gkeop ubuntu-upgrade-linux-image-5-4-0-1088-raspi ubuntu-upgrade-linux-image-5-4-0-1093-kvm ubuntu-upgrade-linux-image-5-4-0-1102-gke ubuntu-upgrade-linux-image-5-4-0-1103-oracle ubuntu-upgrade-linux-image-5-4-0-1104-aws ubuntu-upgrade-linux-image-5-4-0-1107-gcp ubuntu-upgrade-linux-image-5-4-0-1110-azure ubuntu-upgrade-linux-image-5-4-0-152-generic ubuntu-upgrade-linux-image-5-4-0-152-generic-lpae ubuntu-upgrade-linux-image-5-4-0-152-lowlatency ubuntu-upgrade-linux-image-6-1-0-1009-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-25012 CVE - 2023-25012 USN-6033-1 USN-6171-1 USN-6172-1 USN-6185-1 USN-6187-1 USN-6207-1 USN-6222-1 USN-6223-1 USN-6256-1 View more

SUSE: CVE-2022-3560: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/02/2023 Created 02/24/2023 Added 02/24/2023 Modified 01/28/2025 Description A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Solution(s) suse-upgrade-pesign References https://attackerkb.com/topics/cve-2022-3560 CVE - 2022-3560

CentOS Linux: CVE-2022-3560: Important: pesign security update (CESA-2023:1093) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/02/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Solution(s) centos-upgrade-pesign centos-upgrade-pesign-debuginfo References CVE-2022-3560

Oracle Linux: CVE-2023-23518: ELSA-2023-2256:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/02/2023 Created 05/18/2023 Added 05/17/2023 Modified 12/06/2024 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the target system. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-23518 CVE - 2023-23518 ELSA-2023-2256 ELSA-2023-2834

Oracle Linux: CVE-2022-42826: ELSA-2023-2256:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/02/2023 Created 05/18/2023 Added 05/17/2023 Modified 12/06/2024 Description A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. A vulnerability was found in WebKitGTK. This issue exists due to a use-after-free error when processing maliciously crafted web content in WebKit. This may allow an attacker to trick the victim to visit a specially crafted website, causing an application to halt, crash, or perform arbitrary code execution. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2022-42826 CVE - 2022-42826 ELSA-2023-2256 ELSA-2023-2834

Alma Linux: CVE-2022-3560: Important: pesign security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/02/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/30/2025 Description A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Solution(s) alma-upgrade-pesign References https://attackerkb.com/topics/cve-2022-3560 CVE - 2022-3560 https://errata.almalinux.org/8/ALSA-2023-1572.html https://errata.almalinux.org/9/ALSA-2023-1067.html

Red Hat: CVE-2022-3560: Local privilege escalation on pesign systemd service (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/02/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/30/2025 Description A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Solution(s) redhat-upgrade-pesign redhat-upgrade-pesign-debuginfo redhat-upgrade-pesign-debugsource References CVE-2022-3560 RHSA-2023:1065 RHSA-2023:1066 RHSA-2023:1067 RHSA-2023:1093 RHSA-2023:1572 RHSA-2023:1829 View more

Debian: CVE-2023-25012: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 02/02/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-25012 CVE - 2023-25012 DLA-3404-1

Rocky Linux: CVE-2022-3560: pesign (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 02/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/30/2025 Description A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. Solution(s) rocky-upgrade-pesign rocky-upgrade-pesign-debuginfo rocky-upgrade-pesign-debugsource References https://attackerkb.com/topics/cve-2022-3560 CVE - 2022-3560 https://errata.rockylinux.org/RLSA-2023:1067 https://errata.rockylinux.org/RLSA-2023:1572

Alpine Linux: CVE-2023-25193: Allocation of Resources Without Limits or Throttling Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 03/22/2024 Added 03/21/2024 Modified 10/02/2024 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) alpine-linux-upgrade-openjdk11 alpine-linux-upgrade-openjdk17 alpine-linux-upgrade-harfbuzz References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193 https://security.alpinelinux.org/vuln/CVE-2023-25193

Fortra GoAnywhere MFT Unsafe Deserialization RCE Disclosed 02/01/2023 Created 02/09/2023 Description This module exploits CVE-2023-0669, which is an object deserialization vulnerability in Fortra GoAnywhere MFT. Author(s) Ron Bowes Frycos (Florian Hauser) Platform Unix,Windows Architectures cmd Development Source Code History

SUSE: CVE-2023-25193: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/04/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. Solution(s) suse-upgrade-harfbuzz-devel suse-upgrade-harfbuzz-tools suse-upgrade-java-11-openjdk suse-upgrade-java-11-openjdk-demo suse-upgrade-java-11-openjdk-devel suse-upgrade-java-11-openjdk-headless suse-upgrade-java-11-openjdk-javadoc suse-upgrade-java-11-openjdk-jmods suse-upgrade-java-11-openjdk-src suse-upgrade-java-17-openjdk suse-upgrade-java-17-openjdk-demo suse-upgrade-java-17-openjdk-devel suse-upgrade-java-17-openjdk-headless suse-upgrade-java-17-openjdk-javadoc suse-upgrade-java-17-openjdk-jmods suse-upgrade-java-17-openjdk-src suse-upgrade-java-1_8_0-ibm suse-upgrade-java-1_8_0-ibm-32bit suse-upgrade-java-1_8_0-ibm-alsa suse-upgrade-java-1_8_0-ibm-demo suse-upgrade-java-1_8_0-ibm-devel suse-upgrade-java-1_8_0-ibm-devel-32bit suse-upgrade-java-1_8_0-ibm-plugin suse-upgrade-java-1_8_0-ibm-src suse-upgrade-libharfbuzz-gobject0 suse-upgrade-libharfbuzz-gobject0-32bit suse-upgrade-libharfbuzz-icu0 suse-upgrade-libharfbuzz-icu0-32bit suse-upgrade-libharfbuzz-subset0 suse-upgrade-libharfbuzz-subset0-32bit suse-upgrade-libharfbuzz0 suse-upgrade-libharfbuzz0-32bit suse-upgrade-typelib-1_0-harfbuzz-0_0 References https://attackerkb.com/topics/cve-2023-25193 CVE - 2023-25193