ISHACK AI BOT

Debian: CVE-2023-5868: postgresql-13, postgresql-15 -- security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/20/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/30/2025 Description A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. Solution(s) debian-upgrade-postgresql-13 debian-upgrade-postgresql-15 References https://attackerkb.com/topics/cve-2023-5868 CVE - 2023-5868 DLA-3651-1 DSA-5553-1 DSA-5554-1

Debian: CVE-2023-5869: postgresql-13, postgresql-15 -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/20/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/30/2025 Description A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Solution(s) debian-upgrade-postgresql-13 debian-upgrade-postgresql-15 References https://attackerkb.com/topics/cve-2023-5869 CVE - 2023-5869 DLA-3651-1 DSA-5553-1 DSA-5554-1

VMware Photon OS: CVE-2023-36013 Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 11/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description PowerShell Information Disclosure Vulnerability Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-36013 CVE - 2023-36013

Gentoo Linux: CVE-2023-5341: ImageMagick: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/19/2023 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Solution(s) gentoo-linux-upgrade-media-gfx-imagemagick References https://attackerkb.com/topics/cve-2023-5341 CVE - 2023-5341 202405-02

Alpine Linux: CVE-2023-36013: Exposure of Resource to Wrong Sphere Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 11/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description PowerShell Information Disclosure Vulnerability Solution(s) alpine-linux-upgrade-powershell References https://attackerkb.com/topics/cve-2023-36013 CVE - 2023-36013 https://security.alpinelinux.org/vuln/CVE-2023-36013

Debian: CVE-2023-5341: imagemagick -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/19/2023 Created 02/24/2024 Added 02/23/2024 Modified 01/28/2025 Description A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Solution(s) debian-upgrade-imagemagick References https://attackerkb.com/topics/cve-2023-5341 CVE - 2023-5341 DLA-3737-1

VMware Photon OS: CVE-2023-5341 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/19/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5341 CVE - 2023-5341

Alpine Linux: CVE-2023-5341: Use After Free Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/19/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Solution(s) alpine-linux-upgrade-imagemagick References https://attackerkb.com/topics/cve-2023-5341 CVE - 2023-5341 https://security.alpinelinux.org/vuln/CVE-2023-5341

Ubuntu: USN-6621-1 (CVE-2023-5341): ImageMagick vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/19/2023 Created 02/03/2024 Added 02/02/2024 Modified 01/28/2025 Description A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Solution(s) ubuntu-pro-upgrade-imagemagick ubuntu-pro-upgrade-imagemagick-6-q16 ubuntu-pro-upgrade-libmagickcore-6-q16-2 ubuntu-pro-upgrade-libmagickcore-6-q16-2-extra ubuntu-pro-upgrade-libmagickcore-6-q16-3 ubuntu-pro-upgrade-libmagickcore-6-q16-3-extra ubuntu-pro-upgrade-libmagickcore-6-q16-6 ubuntu-pro-upgrade-libmagickcore-6-q16-6-extra ubuntu-pro-upgrade-libmagickcore5 ubuntu-pro-upgrade-libmagickcore5-extra References https://attackerkb.com/topics/cve-2023-5341 CVE - 2023-5341 USN-6621-1

Oracle Linux: ELSA-2023-6919: edk2 security and bug fix update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/17/2023 Created 11/24/2023 Added 11/22/2023 Modified 10/28/2024 Description Deprecated Solution(s)

Microsoft Edge Chromium: CVE-2023-36008 Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:P/A:P) Published 11/17/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36008 CVE - 2023-36008 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36008

Microsoft Edge Chromium: CVE-2023-36026 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/17/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36026 CVE - 2023-36026 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36026

SUSE: CVE-2023-46836: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 11/16/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe.It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default.Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen. Solution(s) suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2023-46836 CVE - 2023-46836

SUSE: CVE-2023-48233: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 03/08/2024 Added 03/07/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-48233 CVE - 2023-48233

SUSE: CVE-2023-26364: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/17/2023 Created 04/25/2024 Added 04/25/2024 Modified 01/28/2025 Description @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges. Solution(s) suse-upgrade-cockpit-wicked References https://attackerkb.com/topics/cve-2023-26364 CVE - 2023-26364

SUSE: CVE-2023-48235: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 03/08/2024 Added 03/07/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-48235 CVE - 2023-48235

SUSE: CVE-2023-48234: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 03/08/2024 Added 03/07/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-48234 CVE - 2023-48234

SUSE: CVE-2023-48231: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 03/08/2024 Added 03/07/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-gvim suse-upgrade-vim suse-upgrade-vim-data suse-upgrade-vim-data-common suse-upgrade-vim-small References https://attackerkb.com/topics/cve-2023-48231 CVE - 2023-48231

Alma Linux: CVE-2023-6121: Moderate: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2023-6121 CVE - 2023-6121 https://errata.almalinux.org/8/ALSA-2024-2950.html https://errata.almalinux.org/8/ALSA-2024-3138.html https://errata.almalinux.org/9/ALSA-2024-2394.html

Amazon Linux AMI: CVE-2023-48231: Security patch for vim (ALAS-2024-1902) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 01/11/2024 Added 01/09/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-upgrade-vim References ALAS-2024-1902 CVE-2023-48231

Debian: CVE-2023-6174: wireshark -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/16/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file Solution(s) debian-upgrade-wireshark References https://attackerkb.com/topics/cve-2023-6174 CVE - 2023-6174 DSA-5559-1

Amazon Linux AMI 2: CVE-2023-6121: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-205-194-804 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-205-195-804 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-145-94-156 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-145-95-156 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-6121 AL2/ALASKERNEL-5.10-2024-045 AL2/ALASKERNEL-5.10-2024-047 AL2/ALASKERNEL-5.15-2024-033 AL2/ALASKERNEL-5.15-2024-035 AL2/ALASKERNEL-5.4-2024-057 CVE - 2023-6121

Amazon Linux AMI: CVE-2023-48233: Security patch for vim (ALAS-2024-1902) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 01/11/2024 Added 01/09/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) amazon-linux-upgrade-vim References ALAS-2024-1902 CVE-2023-48233

Huawei EulerOS: CVE-2023-48237: vim security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-48237 CVE - 2023-48237 EulerOS-SA-2024-1130

Amazon Linux 2023: CVE-2023-48236: Low priority package update for vim Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations. Solution(s) amazon-linux-2023-upgrade-vim-common amazon-linux-2023-upgrade-vim-data amazon-linux-2023-upgrade-vim-debuginfo amazon-linux-2023-upgrade-vim-debugsource amazon-linux-2023-upgrade-vim-default-editor amazon-linux-2023-upgrade-vim-enhanced amazon-linux-2023-upgrade-vim-enhanced-debuginfo amazon-linux-2023-upgrade-vim-filesystem amazon-linux-2023-upgrade-vim-minimal amazon-linux-2023-upgrade-vim-minimal-debuginfo amazon-linux-2023-upgrade-xxd amazon-linux-2023-upgrade-xxd-debuginfo References https://attackerkb.com/topics/cve-2023-48236 CVE - 2023-48236 https://alas.aws.amazon.com/AL2023/ALAS-2023-447.html