ISHACK AI BOT

FreeBSD: VID-EE890BE3-A1EC-11ED-A81D-001B217B3468 (CVE-2022-3411): Gitlab -- Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/31/2023 Created 02/04/2023 Added 02/02/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-EE890BE3-A1EC-11ED-A81D-001B217B3468: Gitlab reports: Denial of Service via arbitrarily large Issue descriptions CSRF via file upload allows an attacker to take over a repository Sidekiq background job DoS by uploading malicious CI job artifact zips Sidekiq background job DoS by uploading a malicious Helm package Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2022-3411

Amazon Linux 2023: CVE-2022-25881: Important priority package update for nodejs Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/31/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. Solution(s) amazon-linux-2023-upgrade-nodejs amazon-linux-2023-upgrade-nodejs-debuginfo amazon-linux-2023-upgrade-nodejs-debugsource amazon-linux-2023-upgrade-nodejs-devel amazon-linux-2023-upgrade-nodejs-docs amazon-linux-2023-upgrade-nodejs-full-i18n amazon-linux-2023-upgrade-nodejs-libs amazon-linux-2023-upgrade-nodejs-libs-debuginfo amazon-linux-2023-upgrade-npm amazon-linux-2023-upgrade-v8-devel References https://attackerkb.com/topics/cve-2022-25881 CVE - 2022-25881 https://alas.aws.amazon.com/AL2023/ALAS-2023-128.html

FreeBSD: VID-EE890BE3-A1EC-11ED-A81D-001B217B3468 (CVE-2023-0518): Gitlab -- Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/31/2023 Created 02/04/2023 Added 02/02/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-EE890BE3-A1EC-11ED-A81D-001B217B3468: Gitlab reports: Denial of Service via arbitrarily large Issue descriptions CSRF via file upload allows an attacker to take over a repository Sidekiq background job DoS by uploading malicious CI job artifact zips Sidekiq background job DoS by uploading a malicious Helm package Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0518

OS X update for Safari (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for System Settings (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-0471: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0471 CVE - 2023-0471 DSA-5328-1

Debian: CVE-2023-0473: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0473 CVE - 2023-0473 DSA-5328-1

Debian: CVE-2023-0512: vim -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2023-0512 CVE - 2023-0512

OS X update for Podcasts (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: USN-5881-1 (CVE-2023-0472): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0472 CVE - 2023-0472 USN-5881-1

OS X update for Carbon Core (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for LaunchServices (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for libpthread (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for App Store (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Apple Neural Engine (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2022-48303: Security patch for tar (ALAS-2023-1994) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/30/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Solution(s) amazon-linux-ami-2-upgrade-tar amazon-linux-ami-2-upgrade-tar-debuginfo References https://attackerkb.com/topics/cve-2022-48303 AL2/ALAS-2023-1994 CVE - 2022-48303

OS X update for CoreServices (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: (Multiple Advisories) (CVE-2022-48303): tar vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/30/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Solution(s) ubuntu-pro-upgrade-tar References https://attackerkb.com/topics/cve-2022-48303 CVE - 2022-48303 USN-5900-1 USN-5900-2

OS X update for Identity Services (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2022-48303: GNU Tar: Out of Bounds Read Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/30/2023 Created 02/20/2024 Added 02/19/2024 Modified 01/28/2025 Description GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Solution(s) gentoo-linux-upgrade-app-arch-tar References https://attackerkb.com/topics/cve-2022-48303 CVE - 2022-48303 202402-12

Red Hat: CVE-2023-0266: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/30/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/28/2025 Description A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-0266 RHSA-2023:1202 RHSA-2023:1203 RHSA-2023:1435 RHSA-2023:1469 RHSA-2023:1470 RHSA-2023:1471 RHSA-2023:1554 RHSA-2023:1556 RHSA-2023:1557 RHSA-2023:1566 RHSA-2023:1584 RHSA-2023:1659 RHSA-2023:1660 RHSA-2023:1662 View more

OS X update for Shortcuts (CVE-2023-0512) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Ubuntu: USN-5881-1 (CVE-2023-0474): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/30/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0474 CVE - 2023-0474 USN-5881-1

Debian: CVE-2023-22332: pgpool2 -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 01/30/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. Solution(s) debian-upgrade-pgpool2 References https://attackerkb.com/topics/cve-2023-22332 CVE - 2023-22332 DLA-3993-1

Amazon Linux AMI: CVE-2022-48303: Security patch for tar (ALAS-2023-1704) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 01/30/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. Solution(s) amazon-linux-upgrade-tar References ALAS-2023-1704 CVE-2022-48303