ISHACK AI BOT

Ubuntu: USN-6506-1 (CVE-2023-45802): Apache HTTP Server vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 11/24/2023 Added 11/23/2023 Modified 01/30/2025 Description When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Solution(s) ubuntu-upgrade-apache2 References https://attackerkb.com/topics/cve-2023-45802 CVE - 2023-45802 USN-6506-1

Alma Linux: CVE-2023-5633: Important: kernel security update (ALSA-2024-0113) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/23/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/28/2025 Description The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-5633 CVE - 2023-5633 https://errata.almalinux.org/8/ALSA-2024-0113.html

OS X update for Model I/O (CVE-2023-42826) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/23/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-42826 CVE - 2023-42826 https://support.apple.com/kb/HT213940

Rocky Linux: CVE-2023-5633: kernel-rt (RLSA-2024-0134) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/23/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-5633 CVE - 2023-5633 https://errata.rockylinux.org/RLSA-2024:0134

Rocky Linux: CVE-2023-31122: httpd-2.4 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/28/2025 Description Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-core rocky-upgrade-httpd-core-debuginfo rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_http2 rocky-upgrade-mod_http2-debuginfo rocky-upgrade-mod_http2-debugsource rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_lua rocky-upgrade-mod_lua-debuginfo rocky-upgrade-mod_md rocky-upgrade-mod_md-debuginfo rocky-upgrade-mod_md-debugsource rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2023-31122 CVE - 2023-31122 https://errata.rockylinux.org/RLSA-2024:2278 https://errata.rockylinux.org/RLSA-2024:3121

Rocky Linux: CVE-2023-45802: httpd-2.4 (RLSA-2024-3121) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/30/2025 Description When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Solution(s) rocky-upgrade-httpd rocky-upgrade-httpd-debuginfo rocky-upgrade-httpd-debugsource rocky-upgrade-httpd-devel rocky-upgrade-httpd-tools rocky-upgrade-httpd-tools-debuginfo rocky-upgrade-mod_http2 rocky-upgrade-mod_http2-debuginfo rocky-upgrade-mod_http2-debugsource rocky-upgrade-mod_ldap rocky-upgrade-mod_ldap-debuginfo rocky-upgrade-mod_md rocky-upgrade-mod_md-debuginfo rocky-upgrade-mod_md-debugsource rocky-upgrade-mod_proxy_html rocky-upgrade-mod_proxy_html-debuginfo rocky-upgrade-mod_session rocky-upgrade-mod_session-debuginfo rocky-upgrade-mod_ssl rocky-upgrade-mod_ssl-debuginfo References https://attackerkb.com/topics/cve-2023-45802 CVE - 2023-45802 https://errata.rockylinux.org/RLSA-2024:3121

Amazon Linux AMI: CVE-2023-31122: Security patch for httpd24 (ALAS-2023-1877) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Solution(s) amazon-linux-upgrade-httpd24 References ALAS-2023-1877 CVE-2023-31122

Amazon Linux AMI 2: CVE-2023-43622: Security patch for httpd (ALAS-2023-2322) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/30/2025 Description An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Solution(s) amazon-linux-ami-2-upgrade-httpd amazon-linux-ami-2-upgrade-httpd-debuginfo amazon-linux-ami-2-upgrade-httpd-devel amazon-linux-ami-2-upgrade-httpd-filesystem amazon-linux-ami-2-upgrade-httpd-manual amazon-linux-ami-2-upgrade-httpd-tools amazon-linux-ami-2-upgrade-mod_ldap amazon-linux-ami-2-upgrade-mod_md amazon-linux-ami-2-upgrade-mod_proxy_html amazon-linux-ami-2-upgrade-mod_session amazon-linux-ami-2-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-43622 AL2/ALAS-2023-2322 CVE - 2023-43622

Amazon Linux AMI 2: CVE-2023-5129: Security patch for thunderbird (ALAS-2023-2291) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/23/2023 Created 10/24/2023 Added 10/23/2023 Modified 03/08/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. Solution(s) amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-5129 AL2/ALAS-2023-2291 CVE - 2023-5129

SUSE: CVE-2021-46898: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/22/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. Solution(s) suse-upgrade-python3-django-grappelli References https://attackerkb.com/topics/cve-2021-46898 CVE - 2021-46898

Debian: CVE-2023-46303: calibre -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/22/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. Solution(s) debian-upgrade-calibre References https://attackerkb.com/topics/cve-2023-46303 CVE - 2023-46303 DLA-3862-1

Gentoo Linux: CVE-2023-46303: calibre: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/22/2023 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. Solution(s) gentoo-linux-upgrade-app-text-calibre References https://attackerkb.com/topics/cve-2023-46303 CVE - 2023-46303 202409-04

Debian: CVE-2023-46317: knot-resolver -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/22/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Solution(s) debian-upgrade-knot-resolver References https://attackerkb.com/topics/cve-2023-46317 CVE - 2023-46317 DSA-5633-1

FreeBSD: VID-A8FB8E3A-730D-11EE-AB61-B42E991FC52E: squid -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/21/2023 Created 10/27/2023 Added 10/26/2023 Modified 10/26/2023 Description The squid-cache project reports: Denial of Service in FTP Request/Response smuggling in HTTP/1.1 and ICAP Denial of Service in HTTP Digest Authentication Solution(s) freebsd-upgrade-package-squid

Alpine Linux: CVE-2023-45664: Double Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45664 CVE - 2023-45664 https://security.alpinelinux.org/vuln/CVE-2023-45664

Fortinet FortiAnalyzer: Server-Side Request Forgery (SSRF) (CVE-2023-44256) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/20/2023 Created 11/02/2023 Added 11/02/2023 Modified 01/28/2025 Description A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. Solution(s) fortinet-fortianalyzer-upgrade-latest References https://attackerkb.com/topics/cve-2023-44256 CVE - 2023-44256 https://fortiguard.com/psirt/FG-IR-19-039 https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh

Alpine Linux: CVE-2023-45666: Double Free Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_image is a single file MIT licensed library for processing images.It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45666 CVE - 2023-45666 https://security.alpinelinux.org/vuln/CVE-2023-45666

VMware Fusion: Vulnerability (VMSA-2023-0022) (CVE-2023-34046) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/20/2023 Created 04/26/2024 Added 04/24/2024 Modified 01/30/2025 Description VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. Solution(s) vmware-fusion-upgrade-13_5_0 References https://attackerkb.com/topics/cve-2023-34046 CVE - 2023-34046 http://www.vmware.com/security/advisories/VMSA-2023-0022.html

IBM WebSphere Application Server: CVE-2023-44483: IBM WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/20/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. Solution(s) ibm-was-install-8-5-ph57933-liberty ibm-was-upgrade-8-5-23-0-0-12-liberty References https://attackerkb.com/topics/cve-2023-44483 CVE - 2023-44483

Fortinet FortiManager: Server-Side Request Forgery (SSRF) (CVE-2023-44256) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/20/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. Solution(s) fortinet-fortimanager-upgrade-7_0_7 fortinet-fortimanager-upgrade-7_0_8 fortinet-fortimanager-upgrade-7_2_3 fortinet-fortimanager-upgrade-7_2_4 fortinet-fortimanager-upgrade-7_4_0 fortinet-fortimanager-upgrade-7_4_1 References https://attackerkb.com/topics/cve-2023-44256 CVE - 2023-44256 https://fortiguard.com/psirt/FG-IR-19-039 https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh

Oracle WebLogic: CVE-2023-44483 : Critical Patch Update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/20/2023 Created 02/03/2024 Added 02/02/2024 Modified 01/28/2025 Description All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. Solution(s) oracle-weblogic-jan-2024-cpu-12_2_1_4_0 oracle-weblogic-jan-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2023-44483 CVE - 2023-44483 http://www.oracle.com/security-alerts/cpujan2024.html https://support.oracle.com/rs?type=doc&id=2991923.2

VMware Fusion: Vulnerability (VMSA-2023-0022) (CVE-2023-34044) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/20/2023 Created 04/26/2024 Added 04/24/2024 Modified 01/28/2025 Description VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-fusion-upgrade-13_5_0 References https://attackerkb.com/topics/cve-2023-34044 CVE - 2023-34044 http://www.vmware.com/security/advisories/VMSA-2023-0022.html

VMware Workstation: Vulnerability (VMSA-2023-0022) (CVE-2023-34044) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 10/20/2023 Created 04/26/2024 Added 04/25/2024 Modified 01/28/2025 Description VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. Solution(s) vmware-workstation-upgrade-17_5_0 References https://attackerkb.com/topics/cve-2023-34044 CVE - 2023-34044 http://www.vmware.com/security/advisories/VMSA-2023-0022.html

VMware Fusion: Vulnerability (VMSA-2023-0022) (CVE-2023-34045) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/20/2023 Created 04/26/2024 Added 04/24/2024 Modified 01/30/2025 Description VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. Solution(s) vmware-fusion-upgrade-13_5_0 References https://attackerkb.com/topics/cve-2023-34045 CVE - 2023-34045 http://www.vmware.com/security/advisories/VMSA-2023-0022.html

Alpine Linux: CVE-2023-45662: Out-of-bounds Read Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45662 CVE - 2023-45662 https://security.alpinelinux.org/vuln/CVE-2023-45662