ISHACK AI BOT

SUSE: CVE-2023-6345: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/29/2023 Created 12/02/2023 Added 12/01/2023 Modified 01/28/2025 Description Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-6345 CVE - 2023-6345

Ubuntu: USN-6539-1 (CVE-2023-49083): python-cryptography vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/29/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. Solution(s) ubuntu-upgrade-python3-cryptography References https://attackerkb.com/topics/cve-2023-49083 CVE - 2023-49083 USN-6539-1

Amazon Linux 2023: CVE-2023-5992: Medium priority package update for opensc Severity 5 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:P) Published 11/28/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. Solution(s) amazon-linux-2023-upgrade-opensc amazon-linux-2023-upgrade-opensc-debuginfo amazon-linux-2023-upgrade-opensc-debugsource References https://attackerkb.com/topics/cve-2023-5992 CVE - 2023-5992 https://alas.aws.amazon.com/AL2023/ALAS-2024-580.html

Rocky Linux: CVE-2023-30590: nodejs-16 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. Solution(s) rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-npm References https://attackerkb.com/topics/cve-2023-30590 CVE - 2023-30590 https://errata.rockylinux.org/RLSA-2023:4536 https://errata.rockylinux.org/RLSA-2023:4537

Ubuntu: USN-6910-1 (CVE-2022-41678): Apache ActiveMQ vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/28/2023 Created 07/24/2024 Added 07/24/2024 Modified 01/28/2025 Description Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. Solution(s) ubuntu-pro-upgrade-activemq ubuntu-pro-upgrade-libactivemq-java References https://attackerkb.com/topics/cve-2022-41678 CVE - 2022-41678 USN-6910-1

Ubuntu: (Multiple Advisories) (CVE-2023-24023): Linux kernel vulnerabilities Severity 7 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:N) Published 11/28/2023 Created 04/22/2024 Added 04/22/2024 Modified 01/28/2025 Description Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1130-oracle ubuntu-upgrade-linux-image-4-15-0-1151-kvm ubuntu-upgrade-linux-image-4-15-0-1161-gcp ubuntu-upgrade-linux-image-4-15-0-1167-aws ubuntu-upgrade-linux-image-4-15-0-1176-azure ubuntu-upgrade-linux-image-4-15-0-224-generic ubuntu-upgrade-linux-image-4-15-0-224-lowlatency ubuntu-upgrade-linux-image-4-4-0-1130-aws ubuntu-upgrade-linux-image-4-4-0-1131-kvm ubuntu-upgrade-linux-image-4-4-0-1168-aws ubuntu-upgrade-linux-image-4-4-0-253-generic ubuntu-upgrade-linux-image-4-4-0-253-lowlatency ubuntu-upgrade-linux-image-5-15-0-1043-gkeop ubuntu-upgrade-linux-image-5-15-0-105-generic ubuntu-upgrade-linux-image-5-15-0-105-generic-64k ubuntu-upgrade-linux-image-5-15-0-105-generic-lpae ubuntu-upgrade-linux-image-5-15-0-105-lowlatency ubuntu-upgrade-linux-image-5-15-0-105-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1053-ibm ubuntu-upgrade-linux-image-5-15-0-1053-nvidia ubuntu-upgrade-linux-image-5-15-0-1053-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1053-raspi ubuntu-upgrade-linux-image-5-15-0-1055-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1057-gke ubuntu-upgrade-linux-image-5-15-0-1057-kvm ubuntu-upgrade-linux-image-5-15-0-1058-aws ubuntu-upgrade-linux-image-5-15-0-1058-gcp ubuntu-upgrade-linux-image-5-15-0-1058-oracle ubuntu-upgrade-linux-image-5-15-0-1060-aws ubuntu-upgrade-linux-image-5-15-0-1061-azure ubuntu-upgrade-linux-image-5-15-0-1061-azure-fde ubuntu-upgrade-linux-image-5-4-0-1035-iot ubuntu-upgrade-linux-image-5-4-0-1042-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1070-ibm ubuntu-upgrade-linux-image-5-4-0-1083-bluefield ubuntu-upgrade-linux-image-5-4-0-1090-gkeop ubuntu-upgrade-linux-image-5-4-0-1107-raspi ubuntu-upgrade-linux-image-5-4-0-1111-kvm ubuntu-upgrade-linux-image-5-4-0-1122-oracle ubuntu-upgrade-linux-image-5-4-0-1123-aws ubuntu-upgrade-linux-image-5-4-0-1127-gcp ubuntu-upgrade-linux-image-5-4-0-1128-azure ubuntu-upgrade-linux-image-5-4-0-177-generic ubuntu-upgrade-linux-image-5-4-0-177-generic-lpae ubuntu-upgrade-linux-image-5-4-0-177-lowlatency ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-24023 CVE - 2023-24023 USN-6739-1 USN-6740-1 USN-6741-1 USN-6742-1 USN-6742-2

Alma Linux: CVE-2023-24023: Moderate: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:N) Published 11/28/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2023-24023 CVE - 2023-24023 https://errata.almalinux.org/8/ALSA-2024-2950.html https://errata.almalinux.org/8/ALSA-2024-3138.html https://errata.almalinux.org/9/ALSA-2024-2394.html

Ubuntu: (Multiple Advisories) (CVE-2023-45539): HAProxy vulnerability Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) ubuntu-pro-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 USN-6530-1 USN-6530-2

Red Hat OpenShift: CVE-2023-45539: haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 08/02/2024 Added 08/01/2024 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) linuxrpm-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 RHSA-2024:10267 RHSA-2024:10271 RHSA-2024:1089 RHSA-2024:1142 RHSA-2024:4853 RHSA-2024:6412 RHSA-2024:8849 RHSA-2024:8874 RHSA-2024:9945 View more

Huawei EulerOS: CVE-2023-5981: gnutls security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/28/2023 Created 04/10/2024 Added 04/09/2024 Modified 01/28/2025 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) huawei-euleros-2_0_sp9-upgrade-gnutls huawei-euleros-2_0_sp9-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981 EulerOS-SA-2024-1507

Rocky Linux: CVE-2023-46589: tomcat (RLSA-2024-0539) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux 2023: CVE-2023-45539: Medium priority package update for haproxy Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 11/28/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) amazon-linux-2023-upgrade-haproxy amazon-linux-2023-upgrade-haproxy-debuginfo amazon-linux-2023-upgrade-haproxy-debugsource References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 https://alas.aws.amazon.com/AL2023/ALAS-2024-496.html

Debian: CVE-2023-24023: linux -- security update Severity 7 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:N) Published 11/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-24023 CVE - 2023-24023

Debian: CVE-2023-30590: nodejs -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 01/04/2024 Added 01/03/2024 Modified 01/30/2025 Description The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. Solution(s) debian-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-30590 CVE - 2023-30590 DSA-5589-1

Amazon Linux AMI 2: CVE-2023-45539: Security patch for haproxy2 (ALASHAPROXY2-2024-008) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) amazon-linux-ami-2-upgrade-haproxy2 amazon-linux-ami-2-upgrade-haproxy2-debuginfo References https://attackerkb.com/topics/cve-2023-45539 AL2/ALASHAPROXY2-2024-008 CVE - 2023-45539

Debian: CVE-2023-30588: nodejs -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/28/2023 Created 01/04/2024 Added 01/03/2024 Modified 01/28/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. Solution(s) debian-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-30588 CVE - 2023-30588 DSA-5589-1

Amazon Linux AMI 2: CVE-2023-46589: Security patch for tomcat (ALASTOMCAT8.5-2024-018) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 03/20/2024 Added 03/19/2024 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. Solution(s) amazon-linux-ami-2-upgrade-tomcat amazon-linux-ami-2-upgrade-tomcat-admin-webapps amazon-linux-ami-2-upgrade-tomcat-docs-webapp amazon-linux-ami-2-upgrade-tomcat-el-3-0-api amazon-linux-ami-2-upgrade-tomcat-javadoc amazon-linux-ami-2-upgrade-tomcat-jsp-2-3-api amazon-linux-ami-2-upgrade-tomcat-jsvc amazon-linux-ami-2-upgrade-tomcat-lib amazon-linux-ami-2-upgrade-tomcat-servlet-3-1-api amazon-linux-ami-2-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-46589 AL2/ALASTOMCAT8.5-2024-018 CVE - 2023-46589

Oracle Linux: CVE-2023-5992: ELSA-2024-0967:opensc security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:P) Published 11/28/2023 Created 02/28/2024 Added 02/26/2024 Modified 12/06/2024 Description A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. Solution(s) oracle-linux-upgrade-opensc References https://attackerkb.com/topics/cve-2023-5992 CVE - 2023-5992 ELSA-2024-0967 ELSA-2024-0966

Oracle Linux: CVE-2023-45539: ELSA-2024-1142:haproxy security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 11/28/2023 Created 05/22/2024 Added 03/06/2024 Modified 01/07/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) oracle-linux-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 ELSA-2024-1142 ELSA-2024-8849

SUSE: CVE-2023-5981: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/28/2023 Created 12/23/2023 Added 12/22/2023 Modified 01/28/2025 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) suse-upgrade-gnutls suse-upgrade-gnutls-guile suse-upgrade-libgnutls-devel suse-upgrade-libgnutls-devel-32bit suse-upgrade-libgnutls30 suse-upgrade-libgnutls30-32bit suse-upgrade-libgnutls30-hmac suse-upgrade-libgnutls30-hmac-32bit suse-upgrade-libgnutlsxx-devel suse-upgrade-libgnutlsxx28 References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981

Debian: CVE-2023-46589: tomcat10, tomcat9 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. Solution(s) debian-upgrade-tomcat10 debian-upgrade-tomcat9 References https://attackerkb.com/topics/cve-2023-46589 CVE - 2023-46589 DLA-3707-1

F5 Networks: CVE-2023-5981: K000138649: GnuTLS vulnerabilities CVE-2023-5981 and CVE-2024-0553 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/28/2023 Created 03/08/2024 Added 03/07/2024 Modified 12/05/2024 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981 CVE - 2024-0553 https://my.f5.com/manage/s/article/K000138649

Ubuntu: USN-6735-1 (CVE-2023-30590): Node.js vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 04/17/2024 Added 04/17/2024 Modified 01/30/2025 Description The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. Solution(s) ubuntu-pro-upgrade-libnode-dev ubuntu-pro-upgrade-libnode108 ubuntu-pro-upgrade-libnode64 ubuntu-pro-upgrade-libnode72 ubuntu-pro-upgrade-nodejs ubuntu-pro-upgrade-nodejs-dev ubuntu-pro-upgrade-nodejs-doc ubuntu-pro-upgrade-nodejs-legacy References https://attackerkb.com/topics/cve-2023-30590 CVE - 2023-30590 USN-6735-1

Alma Linux: CVE-2023-46589: Important: tomcat security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 02/01/2024 Added 01/31/2024 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. Solution(s) alma-upgrade-tomcat alma-upgrade-tomcat-admin-webapps alma-upgrade-tomcat-docs-webapp alma-upgrade-tomcat-el-3.0-api alma-upgrade-tomcat-jsp-2.3-api alma-upgrade-tomcat-lib alma-upgrade-tomcat-servlet-4.0-api alma-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-46589 CVE - 2023-46589 https://errata.almalinux.org/8/ALSA-2024-0539.html https://errata.almalinux.org/9/ALSA-2024-1134.html

Splunk Authenticated XSLT Upload RCE Disclosed 11/28/2023 Created 12/12/2023 Description This Metasploit module exploits a Remote Code Execution (RCE) vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically 'admin:changeme' by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the 'runshellscript' capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions. Author(s) nathan Valentin Lobstein h00die Platform Linux,Unix Architectures php, cmd Development Source Code History