ISHACK AI BOT

Microsoft Edge Chromium: CVE-2023-36027 Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 11/10/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36027 CVE - 2023-36027 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36027

Ubuntu: (Multiple Advisories) (CVE-2023-39198): Linux kernel vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1034-gkeop ubuntu-upgrade-linux-image-5-15-0-1042-nvidia ubuntu-upgrade-linux-image-5-15-0-1042-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1044-ibm ubuntu-upgrade-linux-image-5-15-0-1044-raspi ubuntu-upgrade-linux-image-5-15-0-1046-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1048-gcp ubuntu-upgrade-linux-image-5-15-0-1048-gke ubuntu-upgrade-linux-image-5-15-0-1048-kvm ubuntu-upgrade-linux-image-5-15-0-1049-oracle ubuntu-upgrade-linux-image-5-15-0-1051-aws ubuntu-upgrade-linux-image-5-15-0-1053-azure ubuntu-upgrade-linux-image-5-15-0-1053-azure-fde ubuntu-upgrade-linux-image-5-15-0-91-generic ubuntu-upgrade-linux-image-5-15-0-91-generic-64k ubuntu-upgrade-linux-image-5-15-0-91-generic-lpae ubuntu-upgrade-linux-image-5-15-0-91-lowlatency ubuntu-upgrade-linux-image-5-15-0-91-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-starfive ubuntu-upgrade-linux-image-6-2-0-1013-nvidia ubuntu-upgrade-linux-image-6-2-0-1013-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1017-aws ubuntu-upgrade-linux-image-6-2-0-1017-oracle ubuntu-upgrade-linux-image-6-2-0-1018-azure ubuntu-upgrade-linux-image-6-2-0-1018-azure-fde ubuntu-upgrade-linux-image-6-2-0-1018-kvm ubuntu-upgrade-linux-image-6-2-0-1018-lowlatency ubuntu-upgrade-linux-image-6-2-0-1018-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1018-raspi ubuntu-upgrade-linux-image-6-2-0-1020-gcp ubuntu-upgrade-linux-image-6-2-0-39-generic ubuntu-upgrade-linux-image-6-2-0-39-generic-64k ubuntu-upgrade-linux-image-6-2-0-39-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198 USN-6534-1 USN-6534-2 USN-6534-3 USN-6549-1 USN-6549-2 USN-6549-3 USN-6549-4 USN-6549-5 View more

Ubuntu: (Multiple Advisories) (CVE-2023-6039): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/09/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1036-gkeop ubuntu-upgrade-linux-image-5-15-0-1044-nvidia ubuntu-upgrade-linux-image-5-15-0-1044-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1046-ibm ubuntu-upgrade-linux-image-5-15-0-1046-raspi ubuntu-upgrade-linux-image-5-15-0-1047-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1048-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1050-gke ubuntu-upgrade-linux-image-5-15-0-1050-kvm ubuntu-upgrade-linux-image-5-15-0-1051-gcp ubuntu-upgrade-linux-image-5-15-0-1051-oracle ubuntu-upgrade-linux-image-5-15-0-1053-aws ubuntu-upgrade-linux-image-5-15-0-1056-azure ubuntu-upgrade-linux-image-5-15-0-1056-azure-fde ubuntu-upgrade-linux-image-5-15-0-94-generic ubuntu-upgrade-linux-image-5-15-0-94-generic-64k ubuntu-upgrade-linux-image-5-15-0-94-generic-lpae ubuntu-upgrade-linux-image-5-15-0-94-lowlatency ubuntu-upgrade-linux-image-5-15-0-94-lowlatency-64k ubuntu-upgrade-linux-image-6-1-0-1036-oem ubuntu-upgrade-linux-image-6-2-0-1010-starfive ubuntu-upgrade-linux-image-6-2-0-1013-nvidia ubuntu-upgrade-linux-image-6-2-0-1013-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1017-aws ubuntu-upgrade-linux-image-6-2-0-1017-oracle ubuntu-upgrade-linux-image-6-2-0-1018-azure ubuntu-upgrade-linux-image-6-2-0-1018-azure-fde ubuntu-upgrade-linux-image-6-2-0-1018-kvm ubuntu-upgrade-linux-image-6-2-0-1018-lowlatency ubuntu-upgrade-linux-image-6-2-0-1018-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1018-raspi ubuntu-upgrade-linux-image-6-2-0-1020-gcp ubuntu-upgrade-linux-image-6-2-0-39-generic ubuntu-upgrade-linux-image-6-2-0-39-generic-64k ubuntu-upgrade-linux-image-6-2-0-39-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-6039 CVE - 2023-6039 USN-6534-1 USN-6534-2 USN-6534-3 USN-6626-1 USN-6626-2 USN-6626-3 USN-6628-1 USN-6628-2 USN-6706-1 View more

Amazon Linux AMI 2: CVE-2023-39198: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-334-252-552 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-205-194-804 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-205-195-804 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39198 AL2/ALAS-2024-2391 AL2/ALASKERNEL-5.10-2024-045 AL2/ALASKERNEL-5.10-2024-047 CVE - 2023-39198

GitLens Git Local Configuration Exec Disclosed 11/14/2023 Created 04/19/2024 Description GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Author(s) h00die Paul Gerste Architectures cmd Development Source Code History

SUSE: CVE-2023-23583: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/14/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. Solution(s) suse-upgrade-ucode-intel References https://attackerkb.com/topics/cve-2023-23583 CVE - 2023-23583

FFmpeg: CVE-2023-47342: Unspecified Security Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2023 Created 11/14/2023 Added 11/13/2023 Modified 08/06/2024 Description FFmpeg: CVE-2023-47342: Unspecified Security Vulnerability Solution(s) ffmpeg-upgrade-4_2_10 ffmpeg-upgrade-4_3_7 ffmpeg-upgrade-4_4_5 ffmpeg-upgrade-5_1_4 ffmpeg-upgrade-6_0_1 ffmpeg-upgrade-6_1 References https://attackerkb.com/topics/cve-2023-47342 CVE - 2023-47342

SUSE: CVE-2023-5870: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 11/13/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql suse-upgrade-postgresql-contrib suse-upgrade-postgresql-devel suse-upgrade-postgresql-docs suse-upgrade-postgresql-llvmjit suse-upgrade-postgresql-llvmjit-devel suse-upgrade-postgresql-plperl suse-upgrade-postgresql-plpython suse-upgrade-postgresql-pltcl suse-upgrade-postgresql-server suse-upgrade-postgresql-server-devel suse-upgrade-postgresql-test suse-upgrade-postgresql12 suse-upgrade-postgresql12-contrib suse-upgrade-postgresql12-devel suse-upgrade-postgresql12-docs suse-upgrade-postgresql12-llvmjit suse-upgrade-postgresql12-llvmjit-devel suse-upgrade-postgresql12-plperl suse-upgrade-postgresql12-plpython suse-upgrade-postgresql12-pltcl suse-upgrade-postgresql12-server suse-upgrade-postgresql12-server-devel suse-upgrade-postgresql12-test suse-upgrade-postgresql13 suse-upgrade-postgresql13-contrib suse-upgrade-postgresql13-devel suse-upgrade-postgresql13-docs suse-upgrade-postgresql13-llvmjit suse-upgrade-postgresql13-llvmjit-devel suse-upgrade-postgresql13-plperl suse-upgrade-postgresql13-plpython suse-upgrade-postgresql13-pltcl suse-upgrade-postgresql13-server suse-upgrade-postgresql13-server-devel suse-upgrade-postgresql13-test suse-upgrade-postgresql14 suse-upgrade-postgresql14-contrib suse-upgrade-postgresql14-devel suse-upgrade-postgresql14-docs suse-upgrade-postgresql14-llvmjit suse-upgrade-postgresql14-llvmjit-devel suse-upgrade-postgresql14-plperl suse-upgrade-postgresql14-plpython suse-upgrade-postgresql14-pltcl suse-upgrade-postgresql14-server suse-upgrade-postgresql14-server-devel suse-upgrade-postgresql14-test suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test suse-upgrade-postgresql16 suse-upgrade-postgresql16-contrib suse-upgrade-postgresql16-devel suse-upgrade-postgresql16-devel-mini suse-upgrade-postgresql16-docs suse-upgrade-postgresql16-llvmjit suse-upgrade-postgresql16-llvmjit-devel suse-upgrade-postgresql16-plperl suse-upgrade-postgresql16-plpython suse-upgrade-postgresql16-pltcl suse-upgrade-postgresql16-server suse-upgrade-postgresql16-server-devel suse-upgrade-postgresql16-test References https://attackerkb.com/topics/cve-2023-5870 CVE - 2023-5870

Oracle Linux: CVE-2023-44446: ELSA-2024-0279:gstreamer-plugins-bad-free security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/13/2023 Created 05/22/2024 Added 05/21/2024 Modified 01/07/2025 Description GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299. A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution. Solution(s) oracle-linux-upgrade-gstreamer1-plugins-bad-free oracle-linux-upgrade-gstreamer1-plugins-bad-free-devel oracle-linux-upgrade-gstreamer1-plugins-bad-free-gtk oracle-linux-upgrade-gstreamer-plugins-bad-free oracle-linux-upgrade-gstreamer-plugins-bad-free-devel oracle-linux-upgrade-gstreamer-plugins-bad-free-devel-docs References https://attackerkb.com/topics/cve-2023-44446 CVE - 2023-44446 ELSA-2024-0279 ELSA-2023-7791 ELSA-2023-7841 ELSA-2024-0013

SUSE: CVE-2023-5869: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/13/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql suse-upgrade-postgresql-contrib suse-upgrade-postgresql-devel suse-upgrade-postgresql-docs suse-upgrade-postgresql-llvmjit suse-upgrade-postgresql-llvmjit-devel suse-upgrade-postgresql-plperl suse-upgrade-postgresql-plpython suse-upgrade-postgresql-pltcl suse-upgrade-postgresql-server suse-upgrade-postgresql-server-devel suse-upgrade-postgresql-test suse-upgrade-postgresql12 suse-upgrade-postgresql12-contrib suse-upgrade-postgresql12-devel suse-upgrade-postgresql12-docs suse-upgrade-postgresql12-llvmjit suse-upgrade-postgresql12-llvmjit-devel suse-upgrade-postgresql12-plperl suse-upgrade-postgresql12-plpython suse-upgrade-postgresql12-pltcl suse-upgrade-postgresql12-server suse-upgrade-postgresql12-server-devel suse-upgrade-postgresql12-test suse-upgrade-postgresql13 suse-upgrade-postgresql13-contrib suse-upgrade-postgresql13-devel suse-upgrade-postgresql13-docs suse-upgrade-postgresql13-llvmjit suse-upgrade-postgresql13-llvmjit-devel suse-upgrade-postgresql13-plperl suse-upgrade-postgresql13-plpython suse-upgrade-postgresql13-pltcl suse-upgrade-postgresql13-server suse-upgrade-postgresql13-server-devel suse-upgrade-postgresql13-test suse-upgrade-postgresql14 suse-upgrade-postgresql14-contrib suse-upgrade-postgresql14-devel suse-upgrade-postgresql14-docs suse-upgrade-postgresql14-llvmjit suse-upgrade-postgresql14-llvmjit-devel suse-upgrade-postgresql14-plperl suse-upgrade-postgresql14-plpython suse-upgrade-postgresql14-pltcl suse-upgrade-postgresql14-server suse-upgrade-postgresql14-server-devel suse-upgrade-postgresql14-test suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test suse-upgrade-postgresql16 suse-upgrade-postgresql16-contrib suse-upgrade-postgresql16-devel suse-upgrade-postgresql16-devel-mini suse-upgrade-postgresql16-docs suse-upgrade-postgresql16-llvmjit suse-upgrade-postgresql16-llvmjit-devel suse-upgrade-postgresql16-plperl suse-upgrade-postgresql16-plpython suse-upgrade-postgresql16-pltcl suse-upgrade-postgresql16-server suse-upgrade-postgresql16-server-devel suse-upgrade-postgresql16-test References https://attackerkb.com/topics/cve-2023-5869 CVE - 2023-5869

SUSE: CVE-2023-5868: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/13/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql suse-upgrade-postgresql-contrib suse-upgrade-postgresql-devel suse-upgrade-postgresql-docs suse-upgrade-postgresql-llvmjit suse-upgrade-postgresql-llvmjit-devel suse-upgrade-postgresql-plperl suse-upgrade-postgresql-plpython suse-upgrade-postgresql-pltcl suse-upgrade-postgresql-server suse-upgrade-postgresql-server-devel suse-upgrade-postgresql-test suse-upgrade-postgresql12 suse-upgrade-postgresql12-contrib suse-upgrade-postgresql12-devel suse-upgrade-postgresql12-docs suse-upgrade-postgresql12-llvmjit suse-upgrade-postgresql12-llvmjit-devel suse-upgrade-postgresql12-plperl suse-upgrade-postgresql12-plpython suse-upgrade-postgresql12-pltcl suse-upgrade-postgresql12-server suse-upgrade-postgresql12-server-devel suse-upgrade-postgresql12-test suse-upgrade-postgresql13 suse-upgrade-postgresql13-contrib suse-upgrade-postgresql13-devel suse-upgrade-postgresql13-docs suse-upgrade-postgresql13-llvmjit suse-upgrade-postgresql13-llvmjit-devel suse-upgrade-postgresql13-plperl suse-upgrade-postgresql13-plpython suse-upgrade-postgresql13-pltcl suse-upgrade-postgresql13-server suse-upgrade-postgresql13-server-devel suse-upgrade-postgresql13-test suse-upgrade-postgresql14 suse-upgrade-postgresql14-contrib suse-upgrade-postgresql14-devel suse-upgrade-postgresql14-docs suse-upgrade-postgresql14-llvmjit suse-upgrade-postgresql14-llvmjit-devel suse-upgrade-postgresql14-plperl suse-upgrade-postgresql14-plpython suse-upgrade-postgresql14-pltcl suse-upgrade-postgresql14-server suse-upgrade-postgresql14-server-devel suse-upgrade-postgresql14-test suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test suse-upgrade-postgresql16 suse-upgrade-postgresql16-contrib suse-upgrade-postgresql16-devel suse-upgrade-postgresql16-devel-mini suse-upgrade-postgresql16-docs suse-upgrade-postgresql16-llvmjit suse-upgrade-postgresql16-llvmjit-devel suse-upgrade-postgresql16-plperl suse-upgrade-postgresql16-plpython suse-upgrade-postgresql16-pltcl suse-upgrade-postgresql16-server suse-upgrade-postgresql16-server-devel suse-upgrade-postgresql16-test References https://attackerkb.com/topics/cve-2023-5868 CVE - 2023-5868

PostgreSQL: CVE-2023-5868: Memory disclosure in aggregate function calls Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 11/13/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/30/2025 Description A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. Solution(s) postgres-upgrade-13_13 postgres-upgrade-14_10 postgres-upgrade-15_5 postgres-upgrade-16_1 References https://attackerkb.com/topics/cve-2023-5868 CVE - 2023-5868

PostgreSQL: CVE-2023-5869: Buffer overrun from integer overflow in array modification Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/13/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/30/2025 Description A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Solution(s) postgres-upgrade-13_13 postgres-upgrade-14_10 postgres-upgrade-15_5 postgres-upgrade-16_1 References https://attackerkb.com/topics/cve-2023-5869 CVE - 2023-5869

PostgreSQL: CVE-2023-5870: Role "pg_signal_backend" can signal certain superuser processes Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 11/13/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Solution(s) postgres-upgrade-13_13 postgres-upgrade-14_10 postgres-upgrade-15_5 postgres-upgrade-16_1 References https://attackerkb.com/topics/cve-2023-5870 CVE - 2023-5870

FFmpeg: CVE-2023-47344: Unspecified Security Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/13/2023 Created 11/14/2023 Added 11/13/2023 Modified 11/13/2023 Description FFmpeg: CVE-2023-47344: Unspecified Security Vulnerability Solution(s) ffmpeg-upgrade-6_1 References https://attackerkb.com/topics/cve-2023-47344 CVE - 2023-47344

Oracle Linux: CVE-2023-44429: ELSA-2023-7791:gstreamer1-plugins-bad-free security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/13/2023 Created 05/22/2024 Added 05/21/2024 Modified 01/07/2025 Description GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22226. A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation. Solution(s) oracle-linux-upgrade-gstreamer1-plugins-bad-free oracle-linux-upgrade-gstreamer1-plugins-bad-free-devel References https://attackerkb.com/topics/cve-2023-44429 CVE - 2023-44429 ELSA-2023-7791

Gentoo Linux: CVE-2023-46849: OpenVPN: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/11/2023 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. Solution(s) gentoo-linux-upgrade-net-vpn-openvpn References https://attackerkb.com/topics/cve-2023-46849 CVE - 2023-46849 202409-08

Huawei EulerOS: CVE-2023-39198: kernel security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198 EulerOS-SA-2024-1275

Moodle: Unspecified Security Vulnerability (CVE-2023-5551) Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 11/09/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/28/2025 Description Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. Solution(s) moodle-upgrade-3_11_17 moodle-upgrade-3_9_24 moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5551 CVE - 2023-5551 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310 https://bugzilla.redhat.com/show_bug.cgi?id=2243453 https://moodle.org/mod/forum/discuss.php?d=451592

Rocky Linux: CVE-2023-39198: kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Gentoo Linux: CVE-2023-45283: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 11/09/2023 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2023-45283 CVE - 2023-45283 202408-07

Debian: CVE-2023-39198: linux -- security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 06/28/2024 Added 06/27/2024 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198 DLA-3841-1

SUSE: CVE-2023-6039: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/09/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-6039 CVE - 2023-6039

Oracle Linux: CVE-2023-5870: ELSA-2023-7785:postgresql:15 security update (IMPORTANT) (Multiple Advisories) Severity 2 CVSS (AV:N/AC:H/Au:M/C:N/I:N/A:P) Published 11/09/2023 Created 12/20/2023 Added 12/14/2023 Modified 01/07/2025 Description A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Solution(s) oracle-linux-upgrade-pgaudit oracle-linux-upgrade-pg-repack oracle-linux-upgrade-postgres-decoderbufs oracle-linux-upgrade-postgresql oracle-linux-upgrade-postgresql-contrib oracle-linux-upgrade-postgresql-docs oracle-linux-upgrade-postgresql-plperl oracle-linux-upgrade-postgresql-plpython3 oracle-linux-upgrade-postgresql-pltcl oracle-linux-upgrade-postgresql-private-devel oracle-linux-upgrade-postgresql-private-libs oracle-linux-upgrade-postgresql-server oracle-linux-upgrade-postgresql-server-devel oracle-linux-upgrade-postgresql-static oracle-linux-upgrade-postgresql-test oracle-linux-upgrade-postgresql-test-rpm-macros oracle-linux-upgrade-postgresql-upgrade oracle-linux-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2023-5870 CVE - 2023-5870 ELSA-2023-7785 ELSA-2023-7884 ELSA-2023-7714 ELSA-2023-7581 ELSA-2023-7784

Red Hat: CVE-2023-39198: kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create() (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 05/24/2024 Added 05/23/2024 Modified 12/05/2024 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-39198 RHSA-2024:2394 RHSA-2024:2950 RHSA-2024:3138