ISHACK AI BOT

Microsoft CVE-2023-21742: Microsoft SharePoint Server Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21742: Microsoft SharePoint Server Remote Code Execution Vulnerability Solution(s) msft-kb5002336-32b2ec76-aba3-4234-813f-659d1c71a578 References https://attackerkb.com/topics/cve-2023-21742 CVE - 2023-21742 5002329 5002331 5002336 5002338

Gentoo Linux: CVE-2022-4338: Open vSwitch: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Solution(s) gentoo-linux-upgrade-net-misc-openvswitch References https://attackerkb.com/topics/cve-2022-4338 CVE - 2022-4338 202311-16

SUSE: CVE-2023-0131: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0131 CVE - 2023-0131

SUSE: CVE-2022-4337: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Solution(s) suse-upgrade-libopenvswitch-2_11-0 suse-upgrade-libopenvswitch-2_13-0 suse-upgrade-libopenvswitch-2_14-0 suse-upgrade-libopenvswitch-2_8-0 suse-upgrade-libovn-20_03-0 suse-upgrade-libovn-20_06-0 suse-upgrade-openvswitch suse-upgrade-openvswitch-devel suse-upgrade-openvswitch-doc suse-upgrade-openvswitch-dpdk suse-upgrade-openvswitch-dpdk-switch suse-upgrade-openvswitch-ipsec suse-upgrade-openvswitch-ovn-central suse-upgrade-openvswitch-ovn-common suse-upgrade-openvswitch-ovn-docker suse-upgrade-openvswitch-ovn-host suse-upgrade-openvswitch-ovn-vtep suse-upgrade-openvswitch-pki suse-upgrade-openvswitch-switch suse-upgrade-openvswitch-test suse-upgrade-openvswitch-vtep suse-upgrade-ovn suse-upgrade-ovn-central suse-upgrade-ovn-devel suse-upgrade-ovn-doc suse-upgrade-ovn-docker suse-upgrade-ovn-host suse-upgrade-ovn-vtep suse-upgrade-python3-ovs References https://attackerkb.com/topics/cve-2022-4337 CVE - 2022-4337 DSA-5319

Gentoo Linux: CVE-2023-0139: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0139 CVE - 2023-0139 202305-10 202311-11

Gentoo Linux: CVE-2023-0137: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0137 CVE - 2023-0137 202305-10 202311-11

Gentoo Linux: CVE-2023-0130: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0130 CVE - 2023-0130 202305-10 202311-11

Jorani unauthenticated Remote Code Execution Disclosed 01/06/2023 Created 08/19/2023 Description This module exploits an unauthenticated Remote Code Execution in Jorani prior to 1.0.2. It abuses 3 vulnerabilities: log poisoning and redirection bypass via header spoofing, then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. Author(s) RIOUX Guilhem (jrjgjk) Platform PHP Architectures php Development Source Code History

Huawei EulerOS: CVE-2022-3628: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/06/2023 Created 01/10/2023 Added 01/09/2023 Modified 01/28/2025 Description A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-3628 CVE - 2022-3628 EulerOS-SA-2023-1126

IBM WebSphere Application Server: CVE-2022-45787: IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache James MIME4J (CVE-2022-45787) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/06/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/28/2025 Description Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. Solution(s) ibm-was-install-8-5-ph52079-liberty ibm-was-upgrade-8-5-23-0-0-2-liberty References https://attackerkb.com/topics/cve-2022-45787 CVE - 2022-45787

Google Chrome Vulnerability: CVE-2022-2742 Use after free in Exosphere Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/06/2023 Created 12/31/2022 Added 01/06/2023 Modified 01/28/2025 Description Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-2742 CVE - 2022-2742 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1319172

XSS can occur in Classic UI login page by injecting arbitrary javascript code. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 01/06/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2022-45911 CVE - 2022-45911 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center

FreeBSD: VID-BED545C6-BDB8-11ED-BCA8-A33124F1BEB1 (CVE-2023-22476): mantis -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 01/06/2023 Created 03/24/2023 Added 03/23/2023 Modified 01/28/2025 Description Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. Solution(s) freebsd-upgrade-package-mantis-php74 freebsd-upgrade-package-mantis-php80 freebsd-upgrade-package-mantis-php81 freebsd-upgrade-package-mantis-php82 References CVE-2023-22476

Google Chrome Vulnerability: CVE-2022-2743 Integer overflow in Window Manager Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/06/2023 Created 12/31/2022 Added 01/06/2023 Modified 01/28/2025 Description Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-2743 CVE - 2022-2743 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1316960

XSS can occur via one of attribute in webmail urls, leading to information disclosure. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 01/06/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2022-45913 CVE - 2022-45913 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center

Red Hat JBossEAP: Cleartext Storage of Sensitive Information (CVE-2022-45787) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 01/06/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later.. A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2022-45787 CVE - 2022-45787 https://access.redhat.com/security/cve/CVE-2022-45787 https://bugzilla.redhat.com/show_bug.cgi?id=2158916 https://access.redhat.com/errata/RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1516 View more

Google Chrome Vulnerability: CVE-2022-3842 Use after free in Passwords Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 01/06/2023 Created 12/31/2022 Added 01/06/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-3842 CVE - 2022-3842 https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html https://crbug.com/1352445

Ubuntu: (Multiple Advisories) (CVE-2022-3977): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/06/2023 Created 01/10/2023 Added 01/07/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) ubuntu-upgrade-linux-image-5-19-0-1011-raspi ubuntu-upgrade-linux-image-5-19-0-1011-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1014-gcp ubuntu-upgrade-linux-image-5-19-0-1014-ibm ubuntu-upgrade-linux-image-5-19-0-1014-lowlatency ubuntu-upgrade-linux-image-5-19-0-1014-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1014-oracle ubuntu-upgrade-linux-image-5-19-0-1015-kvm ubuntu-upgrade-linux-image-5-19-0-1016-aws ubuntu-upgrade-linux-image-5-19-0-1016-azure ubuntu-upgrade-linux-image-5-19-0-28-generic ubuntu-upgrade-linux-image-5-19-0-28-generic-64k ubuntu-upgrade-linux-image-5-19-0-28-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2022-3977 CVE - 2022-3977 CVE-2022-3977 USN-5758-1 USN-5790-1 USN-5791-1 USN-5791-2 USN-5791-3 USN-5792-1 USN-5792-2 USN-5793-1 USN-5793-2 USN-5793-3 USN-5793-4 View more

Google Chrome Vulnerability: CVE-2022-3863 Use after free in History Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 01/06/2023 Created 12/31/2022 Added 01/06/2023 Modified 01/28/2025 Description Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-3863 CVE - 2022-3863 https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html https://crbug.com/1306507

Amazon Linux AMI 2: CVE-2022-4378: Security patch for kernel, kernel-livepatch-5.10.147-133.644, kernel-livepatch-5.10.149-133.644, kernel-livepatch-5.10.155-138.670, kernel-livepatch-5.10.157-139.675 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/05/2023 Created 01/25/2023 Added 01/24/2023 Modified 01/30/2025 Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-147-133-644 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-147-133-644-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-149-133-644 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-149-133-644-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-155-138-670 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-155-138-670-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-157-139-675 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-157-139-675-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-162-141-675 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-86-53-137 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-4378 AL2/ALASKERNEL-5.10-2023-025 AL2/ALASKERNEL-5.15-2023-012 AL2/ALASLIVEPATCH-2023-097 AL2/ALASLIVEPATCH-2023-099 AL2/ALASLIVEPATCH-2023-101 AL2/ALASLIVEPATCH-2023-102 AL2/ALASLIVEPATCH-2023-103 AL2/ALASLIVEPATCH-2023-105 AL2/ALASLIVEPATCH-2023-106 AL2/ALASLIVEPATCH-2023-107 CVE - 2022-4378 View more

Huawei EulerOS: CVE-2022-2602: kernel security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 01/05/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description io_uring UAF, Unix SCM garbage collection Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-2602 CVE - 2022-2602 EulerOS-SA-2023-1360

Google Chrome Vulnerability: CVE-2022-4025 Inappropriate implementation in Paint Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/06/2023 Created 12/31/2022 Added 01/06/2023 Modified 01/28/2025 Description Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-4025 CVE - 2022-4025 https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html https://crbug.com/1260250

Debian: CVE-2022-47661: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/05/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2022-47661 CVE - 2022-47661 DSA-5411 DSA-5411-1

Debian: CVE-2022-47655: libde265 -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/05/2023 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> Solution(s) debian-upgrade-libde265 References https://attackerkb.com/topics/cve-2022-47655 CVE - 2022-47655 DLA-3280-1 DSA-5346

Debian: CVE-2022-47094: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/05/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2022-47094 CVE - 2022-47094 DSA-5411 DSA-5411-1