ISHACK AI BOT

FreeBSD: VID-7B929503-911D-11ED-A925-3065EC8FD3EC (CVE-2023-0131): chromium -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/12/2023 Modified 01/28/2025 Description Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0131

FreeBSD: VID-7B929503-911D-11ED-A925-3065EC8FD3EC (CVE-2023-0139): chromium -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/12/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-0139

CVE-2023-21735: Microsoft Office Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description CVE-2023-21735: Microsoft Office Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_69_0 References https://attackerkb.com/topics/cve-2023-21735 CVE - 2023-21735 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#january-10-2023

Microsoft Edge Chromium:CVE-2023-0141: Insufficient policy enforcement in CORS Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/10/2023 Created 01/14/2023 Added 01/13/2023 Modified 01/28/2025 Description Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-0141 CVE - 2023-0141 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-0141

Microsoft Office: CVE-2023-21741: Microsoft Office Visio Information Disclosure Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:P) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft Office Visio Information Disclosure Vulnerability Solution(s) microsoft-visio_2016-kb5002337 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21741 CVE - 2023-21741 https://support.microsoft.com/help/5002337

Microsoft Office: CVE-2023-21735: Microsoft Office Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21735 CVE - 2023-21735

Debian: CVE-2023-0129: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0129 CVE - 2023-0129 DSA-5317-1

CentOS Linux: CVE-2022-4338: Moderate: openvswitch2.13 security, bug fix and enhancement update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 02/11/2023 Added 02/10/2023 Modified 01/28/2025 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Solution(s) centos-upgrade-network-scripts-openvswitch2-13 centos-upgrade-network-scripts-openvswitch2-15 centos-upgrade-network-scripts-openvswitch2-16 centos-upgrade-network-scripts-openvswitch2-17 centos-upgrade-openvswitch2-13 centos-upgrade-openvswitch2-13-debuginfo centos-upgrade-openvswitch2-13-debugsource centos-upgrade-openvswitch2-13-devel centos-upgrade-openvswitch2-13-ipsec centos-upgrade-openvswitch2-13-test centos-upgrade-openvswitch2-15 centos-upgrade-openvswitch2-15-debuginfo centos-upgrade-openvswitch2-15-debugsource centos-upgrade-openvswitch2-15-devel centos-upgrade-openvswitch2-15-ipsec centos-upgrade-openvswitch2-15-test centos-upgrade-openvswitch2-16 centos-upgrade-openvswitch2-16-debuginfo centos-upgrade-openvswitch2-16-debugsource centos-upgrade-openvswitch2-16-devel centos-upgrade-openvswitch2-16-ipsec centos-upgrade-openvswitch2-16-test centos-upgrade-openvswitch2-17 centos-upgrade-openvswitch2-17-debuginfo centos-upgrade-openvswitch2-17-debugsource centos-upgrade-openvswitch2-17-devel centos-upgrade-openvswitch2-17-ipsec centos-upgrade-openvswitch2-17-test centos-upgrade-python3-openvswitch2-13 centos-upgrade-python3-openvswitch2-13-debuginfo centos-upgrade-python3-openvswitch2-15 centos-upgrade-python3-openvswitch2-15-debuginfo centos-upgrade-python3-openvswitch2-16 centos-upgrade-python3-openvswitch2-16-debuginfo centos-upgrade-python3-openvswitch2-17 centos-upgrade-python3-openvswitch2-17-debuginfo References DSA-5319 CVE-2022-4338

ManageEngine ServiceDesk Plus Unauthenticated SAML RCE Disclosed 01/10/2023 Created 02/07/2023 Description This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted `samlResponse` XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status. Author(s) Khoa Dinh horizon3ai Christophe De La Fuente Platform Java,Linux,Unix,Windows Development Source Code History

Debian: CVE-2023-0130: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0130 CVE - 2023-0130 DSA-5317-1

Debian: CVE-2023-0141: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0141 CVE - 2023-0141 DSA-5317-1

Microsoft Office: CVE-2023-21738: Microsoft Office Visio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft Office Visio Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-21738 CVE - 2023-21738

Ubuntu: (CVE-2023-0128): chromium-browser vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0128 CVE - 2023-0128 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1353208 https://www.cve.org/CVERecord?id=CVE-2023-0128

Ubuntu: (CVE-2023-0140): chromium-browser vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0140 CVE - 2023-0140 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1326788 https://www.cve.org/CVERecord?id=CVE-2023-0140

Ubuntu: (CVE-2023-0134): chromium-browser vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0134 CVE - 2023-0134 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1385709 https://www.cve.org/CVERecord?id=CVE-2023-0134

Ubuntu: (CVE-2023-0130): chromium-browser vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0130 CVE - 2023-0130 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1370028 https://www.cve.org/CVERecord?id=CVE-2023-0130

Ubuntu: (CVE-2023-0141): chromium-browser vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0141 CVE - 2023-0141 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1362331 https://www.cve.org/CVERecord?id=CVE-2023-0141

Ubuntu: (CVE-2023-0132): chromium-browser vulnerability Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-0132 CVE - 2023-0132 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html https://crbug.com/1371215 https://www.cve.org/CVERecord?id=CVE-2023-0132

Adobe Acrobat: CVE-2023-21604: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21604 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21604

Adobe Acrobat: CVE-2023-21586: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 01/08/2025 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21586 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21586

Adobe Acrobat: CVE-2023-21606: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21606 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21606

Adobe Acrobat: CVE-2023-21613: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21613 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21613

Adobe Acrobat: CVE-2023-21611: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21611 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21611

Adobe Acrobat: CVE-2023-21612: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21612 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21612

ManageEngine ADSelfService Plus Unauthenticated SAML RCE Disclosed 01/10/2023 Created 02/08/2023 Description This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted `samlResponse` XML to the ADSelfService Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status. Author(s) Khoa Dinh horizon3ai Christophe De La Fuente Platform Windows Development Source Code History