ISHACK AI BOT

Alpine Linux: CVE-2023-5482: Insufficient Verification of Data Authenticity Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine alpine-linux-upgrade-qt6-qtwebengine References https://attackerkb.com/topics/cve-2023-5482 CVE - 2023-5482 https://security.alpinelinux.org/vuln/CVE-2023-5482

Debian: CVE-2023-46724: squid -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 03/11/2024 Added 03/11/2024 Modified 01/30/2025 Description Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. Solution(s) debian-upgrade-squid References https://attackerkb.com/topics/cve-2023-46724 CVE - 2023-46724 DSA-5637-1

Gentoo Linux: CVE-2023-5480: QtWebEngine: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/01/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5480 CVE - 2023-5480 202311-11 202312-07 202401-34

Gentoo Linux: CVE-2023-5855: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-5855 CVE - 2023-5855 202311-11 202312-07 202401-34

Cisco FTD: CVE-2023-20177: Cisco Firepower Threat Defense Software SSL/TLS URL Category and Snort 3 Detection Engine Bypass and Denial of Service Vulnerability Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20177 CVE - 2023-20177 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-ftd-snort3-urldos-OccFQTeX cisco-sa-sa-ftd-snort3-urldos-OccFQTeX

SUSE: CVE-2023-5851: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5851 CVE - 2023-5851

Cisco FTD: CVE-2023-20031: Cisco Firepower Threat Defense Software SSL and Snort 3 Detection Engine Bypass and Denial of Service Vulnerability Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20031 CVE - 2023-20031 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-8U4HHxH8 cisco-sa-ftd-snort3-8U4HHxH8

Cisco FTD: CVE-2023-20042: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software AnyConnect SSL/TLS VPN Denial of Service Vulnerability Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20042 CVE - 2023-20042 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-kxG8mpUA cisco-sa-asaftd-ssl-dos-kxG8mpUA

Microsoft Edge Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5858 CVE - 2023-5858 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5858

Microsoft Edge Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5859 CVE - 2023-5859 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5859

Microsoft Edge Chromium: CVE-2023-5857 Inappropriate implementation in Downloads Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5857 CVE - 2023-5857 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5857

SUSE: CVE-2023-5858: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5858 CVE - 2023-5858

Microsoft Edge Chromium: CVE-2023-5855 Use after free in Reading Mode Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5855 CVE - 2023-5855 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5855

Google Chrome Vulnerability: CVE-2023-5849 Integer overflow in USB Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5849 CVE - 2023-5849

Google Chrome Vulnerability: CVE-2023-5853 Incorrect security UI in Downloads Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5853 CVE - 2023-5853 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

Google Chrome Vulnerability: CVE-2023-5850 Incorrect security UI in Downloads Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5850 CVE - 2023-5850 https://crbug.com/1281972

Google Chrome Vulnerability: CVE-2023-5855 Use after free in Reading Mode Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5855 CVE - 2023-5855 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

Google Chrome Vulnerability: CVE-2023-5859 Incorrect security UI in Picture In Picture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5859 CVE - 2023-5859 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

OS X update for Login Window (CVE-2022-48575) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 10/14/2024 Description A consistency issue was addressed with improved state handling. Solution(s) apple-osx-upgrade-12_4 References https://attackerkb.com/topics/cve-2022-48575 CVE - 2022-48575 https://support.apple.com/kb/HT213257

SUSE: CVE-2023-46724: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 11/08/2023 Added 11/07/2023 Modified 01/28/2025 Description Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. Solution(s) suse-upgrade-squid References https://attackerkb.com/topics/cve-2023-46724 CVE - 2023-46724

Amazon Linux AMI 2: CVE-2023-3397: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:C) Published 11/01/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-328-248-540 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-199-190-747 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-3397 AL2/ALAS-2023-2340 AL2/ALASKERNEL-5.10-2023-043 AL2/ALASKERNEL-5.4-2023-056 CVE - 2023-3397

SUSE: CVE-2023-5482: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5482 CVE - 2023-5482

SUSE: CVE-2023-5859: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 11/01/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5859 CVE - 2023-5859

SUSE: CVE-2023-5857: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5857 CVE - 2023-5857

SUSE: CVE-2023-5854: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn References https://attackerkb.com/topics/cve-2023-5854 CVE - 2023-5854