ISHACK AI BOT

CVE-2023-36045: Microsoft Office Graphics Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/14/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description CVE-2023-36045: Microsoft Office Graphics Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_79_0 References https://attackerkb.com/topics/cve-2023-36045 CVE - 2023-36045 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#november-14-2023

Amazon Linux AMI 2: CVE-2023-6111: Security patch for kernel (ALASKERNEL-5.15-2023-031) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/14/2023 Created 12/06/2023 Added 12/05/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-139-93-147 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-6111 AL2/ALASKERNEL-5.15-2023-031 CVE - 2023-6111

Oracle Linux: CVE-2023-5981: ELSA-2024-0533:gnutls security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 11/15/2023 Created 01/16/2024 Added 01/13/2024 Modified 12/11/2024 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) oracle-linux-upgrade-gnutls oracle-linux-upgrade-gnutls-c oracle-linux-upgrade-gnutls-dane oracle-linux-upgrade-gnutls-devel oracle-linux-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981 ELSA-2024-0533 ELSA-2024-12336 ELSA-2024-0155

Cisco AnyConnect: CVE-2023-20240: Cisco Secure Client Software Denial of Service Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/15/2023 Created 04/18/2024 Added 04/18/2024 Modified 07/26/2024 Description Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system. Solution(s) cisco-anyconnect-upgrade-latest References https://attackerkb.com/topics/cve-2023-20240 CVE - 2023-20240 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 cisco-sa-accsc-dos-9SLzkZ8

IBM AIX: java_dec2023_advisory (CVE-2023-5676): Multiple vulnerabilities in IBM Java SDK affect AIX Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/15/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/28/2025 Description In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. Solution(s) ibm-aix-java_dec2023_advisory References https://attackerkb.com/topics/cve-2023-5676 CVE - 2023-5676 https://aix.software.ibm.com/aix/efixes/security/java_dec2023_advisory.asc

SUSE: CVE-2023-5997: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5997 CVE - 2023-5997

SUSE: CVE-2023-6112: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-6112 CVE - 2023-6112

SUSE: CVE-2023-46121: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 11/15/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/28/2025 Description yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`. Solution(s) suse-upgrade-python311-yt-dlp suse-upgrade-yt-dlp suse-upgrade-yt-dlp-bash-completion suse-upgrade-yt-dlp-fish-completion suse-upgrade-yt-dlp-zsh-completion References https://attackerkb.com/topics/cve-2023-46121 CVE - 2023-46121

Oracle Linux: CVE-2023-32359: ELSA-2024-2126:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 11/15/2023 Created 05/22/2024 Added 05/07/2024 Modified 01/07/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. A flaw was found in webkitgtk where a user’s password may be read aloud by a text-to-speech accessibility feature. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-32359 CVE - 2023-32359 ELSA-2024-2126 ELSA-2024-2982

Oracle Linux: CVE-2023-41983: ELSA-2024-2126:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/15/2023 Created 05/22/2024 Added 05/07/2024 Modified 01/07/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-41983 CVE - 2023-41983 ELSA-2024-2126 ELSA-2024-2982

FreeBSD: (Multiple Advisories) (CVE-2023-5997): electron{25,26} -- use after free in Garbage Collection Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 11/21/2023 Added 11/17/2023 Modified 01/28/2025 Description Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron25 freebsd-upgrade-package-electron26 freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5997

FreeBSD: VID-9532A361-B84D-11EE-B0D7-84A93843EB75 (CVE-2023-48219): TinyMCE -- mXSS in multiple plugins Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/15/2023 Created 01/26/2024 Added 01/24/2024 Modified 01/28/2025 Description TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) freebsd-upgrade-package-roundcube freebsd-upgrade-package-tinymce References CVE-2023-48219

Gentoo Linux: CVE-2023-6112: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-6112 CVE - 2023-6112 202311-11 202312-07 202401-34 202402-14

Gentoo Linux: CVE-2023-5997: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5997 CVE - 2023-5997 202311-11 202312-07 202401-34 202402-14

Ray Agent Job RCE Disclosed 11/15/2023 Created 08/23/2024 Description RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication. Author(s) sierrabearchell byt3bl33d3r <[email protected]> Takahiro Yokoyama Platform Linux Development Source Code History

Microsoft Edge Chromium: CVE-2023-5997 Use after free in Garbage Collection Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5997 CVE - 2023-5997 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5997

Amazon Linux 2023: CVE-2023-6174: Medium priority package update for wireshark Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file An invalid memory block read was found in Wireshark&apos;s SSH dissector. This issue may lead to an application crash and denial of service via packet injection or crafted capture file. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-6174 CVE - 2023-6174 https://alas.aws.amazon.com/AL2023/ALAS-2023-440.html

SUSE: CVE-2023-5676: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/15/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. Solution(s) suse-upgrade-java-1_8_0-ibm suse-upgrade-java-1_8_0-ibm-32bit suse-upgrade-java-1_8_0-ibm-alsa suse-upgrade-java-1_8_0-ibm-demo suse-upgrade-java-1_8_0-ibm-devel suse-upgrade-java-1_8_0-ibm-devel-32bit suse-upgrade-java-1_8_0-ibm-plugin suse-upgrade-java-1_8_0-ibm-src suse-upgrade-java-1_8_0-openj9 suse-upgrade-java-1_8_0-openj9-accessibility suse-upgrade-java-1_8_0-openj9-demo suse-upgrade-java-1_8_0-openj9-devel suse-upgrade-java-1_8_0-openj9-headless suse-upgrade-java-1_8_0-openj9-javadoc suse-upgrade-java-1_8_0-openj9-src References https://attackerkb.com/topics/cve-2023-5676 CVE - 2023-5676

WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063) Disclosed 11/14/2023 Created 10/15/2024 Description WP Fastest Cache, a WordPress plugin, prior to version 1.2.2, is vulnerable to an unauthenticated SQL injection vulnerability via the 'wordpress_logged_in' cookie. This can be exploited via a blind SQL injection attack without requiring any authentication. Author(s) Valentin Lobstein Julien Voisin Alex Sanford Development Source Code History

VideoLAN-SB-VLC-3019: Two vulnerabilities fixed in VLC media player Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/15/2023 Created 11/16/2023 Added 11/15/2023 Modified 11/15/2023 Description Fix potential arbitrary code execution with system priviledges on uninstallation on Windows (!4292, CVE-2023-46814) Solution(s) videolan-vlc-upgrade-3_0_19

Debian: CVE-2023-47641: python-aiohttp -- security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 11/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 02/05/2025 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-python-aiohttp References https://attackerkb.com/topics/cve-2023-47641 CVE - 2023-47641 DLA-4041-1

Debian: CVE-2023-46446: python-asyncssh -- security update Severity 8 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:N) Published 11/14/2023 Created 10/01/2024 Added 09/30/2024 Modified 01/30/2025 Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." Solution(s) debian-upgrade-python-asyncssh References https://attackerkb.com/topics/cve-2023-46446 CVE - 2023-46446 DLA-3899-1

Amazon Linux 2023: CVE-2023-5981: Medium priority package update for gnutls Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 11/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) amazon-linux-2023-upgrade-gnutls amazon-linux-2023-upgrade-gnutls-c amazon-linux-2023-upgrade-gnutls-c-debuginfo amazon-linux-2023-upgrade-gnutls-dane amazon-linux-2023-upgrade-gnutls-dane-debuginfo amazon-linux-2023-upgrade-gnutls-debuginfo amazon-linux-2023-upgrade-gnutls-debugsource amazon-linux-2023-upgrade-gnutls-devel amazon-linux-2023-upgrade-gnutls-utils amazon-linux-2023-upgrade-gnutls-utils-debuginfo References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981 https://alas.aws.amazon.com/AL2023/ALAS-2024-463.html

Amazon Linux 2023: CVE-2023-6175: Medium priority package update for wireshark Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:C) Published 11/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file A heap-based buffer overflow was found in Wireshark&apos;s NetScreen file parser. This issue may allow local arbitrary code execution via a crafted capture file. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-6175 CVE - 2023-6175 https://alas.aws.amazon.com/AL2023/ALAS-2023-440.html

Oracle Linux: CVE-2023-42852: ELSA-2024-2126:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/15/2023 Created 05/22/2024 Added 05/07/2024 Modified 01/07/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-42852 CVE - 2023-42852 ELSA-2024-2126 ELSA-2024-2982