ISHACK AI BOT

Red Hat: CVE-2023-40661: OpenSC: multiple memory issues with pkcs15-init (enrollment tool) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:C) Published 11/06/2023 Created 12/21/2023 Added 12/20/2023 Modified 09/03/2024 Description Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. Solution(s) redhat-upgrade-opensc redhat-upgrade-opensc-debuginfo redhat-upgrade-opensc-debugsource References CVE-2023-40661 RHSA-2023:7876 RHSA-2023:7879

Alma Linux: CVE-2023-46728: Important: squid:4 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/06/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/30/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. Solution(s) alma-upgrade-libecap alma-upgrade-libecap-devel alma-upgrade-squid References https://attackerkb.com/topics/cve-2023-46728 CVE - 2023-46728 https://errata.almalinux.org/8/ALSA-2024-0046.html https://errata.almalinux.org/9/ALSA-2024-0071.html

Gentoo Linux: CVE-2023-4535: OpenSC: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 11/06/2023 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. Solution(s) gentoo-linux-upgrade-dev-libs-opensc References https://attackerkb.com/topics/cve-2023-4535 CVE - 2023-4535 202412-15

Alma Linux: CVE-2023-38406: Moderate: frr security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/06/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/30/2025 Description bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-38406 CVE - 2023-38406 https://errata.almalinux.org/8/ALSA-2024-0130.html https://errata.almalinux.org/9/ALSA-2024-0477.html

Alpine Linux: CVE-2023-40661: Improper Restriction of Operations within the Bounds of a Memory Buffer Severity 6 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:C) Published 11/06/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. Solution(s) alpine-linux-upgrade-opensc References https://attackerkb.com/topics/cve-2023-40661 CVE - 2023-40661 https://security.alpinelinux.org/vuln/CVE-2023-40661

Amazon Linux AMI: CVE-2023-46728: Security patch for squid (ALAS-2023-1885) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/06/2023 Created 12/07/2023 Added 12/05/2023 Modified 01/28/2025 Description Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. Solution(s) amazon-linux-upgrade-squid References ALAS-2023-1885 CVE-2023-46728

SysAid On-Prem: CVE-2023-47246 Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:N/C:C/I:P/A:P) Published 11/08/2023 Created 11/10/2023 Added 11/09/2023 Modified 11/15/2023 Description A path traversal vulnerability on SysAid on-prem versions before 23.3.36 leading to code execution within the SysAid software. Solution(s) sysaid-cve-2023-47246 References https://attackerkb.com/topics/cve-2023-47246 https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification CVE - 2023-47246

FreeBSD: VID-F4464E49-7E04-11EE-8E38-002590C1F29C (CVE-2023-5978): FreeBSD -- Incorrect libcap_net limitation list manipulation Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/08/2023 Created 11/14/2023 Added 11/09/2023 Modified 01/28/2025 Description In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. This could permit the application to resolve domain names that were previously restricted. Solution(s) freebsd-upgrade-base-13_2-release-p5 References CVE-2023-5978

Red Hat JBoss EAP: Unspecified Security Vulnerability (CVE-2023-4061) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 11/08/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/28/2025 Description Deprecated Solution(s)

Microsoft Edge Chromium: CVE-2023-5996 Use after free in WebAudio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5996 CVE - 2023-5996 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5996

Amazon Linux 2023: CVE-2023-39197: Important priority package update for kernel Severity 3 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:N) Published 11/08/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-41-63-109 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-39197 CVE - 2023-39197 https://alas.aws.amazon.com/AL2023/ALAS-2023-299.html

Gentoo Linux: CVE-2023-5996: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5996 CVE - 2023-5996 202311-11 202312-07 202401-34

Google Chrome Vulnerability: CVE-2023-5996 Use after free in WebAudio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5996 CVE - 2023-5996

FreeBSD: VID-5AFCC9A4-7E04-11EE-8E38-002590C1F29C (CVE-2023-5941): FreeBSD -- libc stdio buffer overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/14/2023 Added 11/09/2023 Modified 01/28/2025 Description In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur.Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program. Solution(s) freebsd-upgrade-base-12_4-release-p7 freebsd-upgrade-base-13_2-release-p5 References CVE-2023-5941

FreeBSD: (Multiple Advisories) (CVE-2023-5996): electron{25,26} -- use after free in WebAudio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/14/2023 Added 11/09/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron25 freebsd-upgrade-package-electron26 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5996

Debian: CVE-2023-5996: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5996 CVE - 2023-5996 DSA-5551-1

Alpine Linux: CVE-2023-5996: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine alpine-linux-upgrade-qt6-qtwebengine References https://attackerkb.com/topics/cve-2023-5996 CVE - 2023-5996 https://security.alpinelinux.org/vuln/CVE-2023-5996

SUSE: CVE-2023-5996: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/08/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5996 CVE - 2023-5996

OS X update for libc (CVE-2023-40446) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/07/2023 Created 11/08/2023 Added 11/07/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. Solution(s) apple-osx-upgrade-12_7_1 apple-osx-upgrade-13_6_1 apple-osx-upgrade-14_1 References https://attackerkb.com/topics/cve-2023-40446 CVE - 2023-40446 https://support.apple.com/kb/HT213983 https://support.apple.com/kb/HT213984 https://support.apple.com/kb/HT213985

Ubuntu: USN-6783-1 (CVE-2023-47360): VLC vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/07/2023 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Solution(s) ubuntu-pro-upgrade-vlc ubuntu-pro-upgrade-vlc-plugin-base References https://attackerkb.com/topics/cve-2023-47360 CVE - 2023-47360 USN-6783-1

Alpine Linux: CVE-2023-46737: Infinite Loop Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/07/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade. Solution(s) alpine-linux-upgrade-cosign References https://attackerkb.com/topics/cve-2023-46737 CVE - 2023-46737 https://security.alpinelinux.org/vuln/CVE-2023-46737

Gentoo Linux: CVE-2023-36409: Microsoft Edge: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 11/07/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Solution(s) gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-36409 CVE - 2023-36409 202402-05

Alpine Linux: CVE-2023-5678: Improper Check for Unusual or Exceptional Conditions Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/06/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) alpine-linux-upgrade-openssl References https://attackerkb.com/topics/cve-2023-5678 CVE - 2023-5678 https://security.alpinelinux.org/vuln/CVE-2023-5678

Gentoo Linux: CVE-2023-40661: OpenSC: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 11/06/2023 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. Solution(s) gentoo-linux-upgrade-dev-libs-opensc References https://attackerkb.com/topics/cve-2023-40661 CVE - 2023-40661 202412-15

CentOS Linux: CVE-2023-38406: Moderate: frr security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/06/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." Solution(s) centos-upgrade-frr centos-upgrade-frr-debuginfo centos-upgrade-frr-debugsource centos-upgrade-frr-selinux References CVE-2023-38406