ISHACK AI BOT

Alpine Linux: CVE-2023-31122: Out-of-bounds Read Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. Solution(s) alpine-linux-upgrade-apache2 References https://attackerkb.com/topics/cve-2023-31122 CVE - 2023-31122 https://security.alpinelinux.org/vuln/CVE-2023-31122

Amazon Linux AMI 2: CVE-2023-40474: Security patch for gstreamer1-plugins-bad-free (ALAS-2023-2298) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/23/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21660. Solution(s) amazon-linux-ami-2-upgrade-gstreamer1-plugins-bad-free amazon-linux-ami-2-upgrade-gstreamer1-plugins-bad-free-debuginfo amazon-linux-ami-2-upgrade-gstreamer1-plugins-bad-free-devel References https://attackerkb.com/topics/cve-2023-40474 AL2/ALAS-2023-2298 CVE - 2023-40474

Amazon Linux AMI 2: CVE-2023-5341: Security patch for ImageMagick (ALAS-2023-2289) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/23/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Solution(s) amazon-linux-ami-2-upgrade-imagemagick amazon-linux-ami-2-upgrade-imagemagick-c amazon-linux-ami-2-upgrade-imagemagick-c-devel amazon-linux-ami-2-upgrade-imagemagick-debuginfo amazon-linux-ami-2-upgrade-imagemagick-devel amazon-linux-ami-2-upgrade-imagemagick-doc amazon-linux-ami-2-upgrade-imagemagick-perl References https://attackerkb.com/topics/cve-2023-5341 AL2/ALAS-2023-2289 CVE - 2023-5341

Debian: CVE-2023-43622: apache2 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 04/18/2024 Added 04/18/2024 Modified 01/30/2025 Description An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Solution(s) debian-upgrade-apache2 References https://attackerkb.com/topics/cve-2023-43622 CVE - 2023-43622 DSA-5662-1

Amazon Linux AMI 2: CVE-2023-4692: Security patch for grub2 (ALAS-2023-2292) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/23/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/30/2025 Description An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Solution(s) amazon-linux-ami-2-upgrade-grub2 amazon-linux-ami-2-upgrade-grub2-common amazon-linux-ami-2-upgrade-grub2-debuginfo amazon-linux-ami-2-upgrade-grub2-efi-aa64 amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-aa64-modules amazon-linux-ami-2-upgrade-grub2-efi-x64 amazon-linux-ami-2-upgrade-grub2-efi-x64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-x64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-x64-modules amazon-linux-ami-2-upgrade-grub2-emu amazon-linux-ami-2-upgrade-grub2-emu-modules amazon-linux-ami-2-upgrade-grub2-pc amazon-linux-ami-2-upgrade-grub2-pc-modules amazon-linux-ami-2-upgrade-grub2-tools amazon-linux-ami-2-upgrade-grub2-tools-efi amazon-linux-ami-2-upgrade-grub2-tools-extra amazon-linux-ami-2-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2023-4692 AL2/ALAS-2023-2292 CVE - 2023-4692

Amazon Linux AMI: CVE-2023-43622: Security patch for httpd24 (ALAS-2023-1877) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Solution(s) amazon-linux-upgrade-httpd24 References ALAS-2023-1877 CVE-2023-43622

Huawei EulerOS: CVE-2023-45802: httpd security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/23/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. Solution(s) huawei-euleros-2_0_sp9-upgrade-httpd huawei-euleros-2_0_sp9-upgrade-httpd-filesystem huawei-euleros-2_0_sp9-upgrade-httpd-tools huawei-euleros-2_0_sp9-upgrade-mod_ssl References https://attackerkb.com/topics/cve-2023-45802 CVE - 2023-45802 EulerOS-SA-2023-3334

Huawei EulerOS: CVE-2023-38545: curl security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545 EulerOS-SA-2024-1079

Debian: CVE-2023-5631: roundcube -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 10/24/2023 Added 10/24/2023 Modified 01/28/2025 Description Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Solution(s) debian-upgrade-roundcube References https://attackerkb.com/topics/cve-2023-5631 CVE - 2023-5631 DSA-5531-1

Huawei EulerOS: CVE-2023-38546: curl security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) huawei-euleros-2_0_sp10-upgrade-curl huawei-euleros-2_0_sp10-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 EulerOS-SA-2024-1079

OS X update for Assets (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2023-45145: Security patch for redis (ALASREDIS6-2024-009) Severity 3 CVSS (AV:L/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 02/08/2024 Added 02/07/2024 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) amazon-linux-ami-2-upgrade-redis amazon-linux-ami-2-upgrade-redis-debuginfo amazon-linux-ami-2-upgrade-redis-devel amazon-linux-ami-2-upgrade-redis-doc References https://attackerkb.com/topics/cve-2023-45145 AL2/ALASREDIS6-2024-009 CVE - 2023-45145

Rocky Linux: CVE-2023-38545: curl (RLSA-2023-5763) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-42117: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/18/2023 Created 10/20/2023 Added 10/19/2023 Modified 05/06/2024 Description Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554. Solution(s) suse-upgrade-exim suse-upgrade-eximon suse-upgrade-eximstats-html References https://attackerkb.com/topics/cve-2023-42117 CVE - 2023-42117

SUSE: CVE-2023-38552: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/18/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. Solution(s) suse-upgrade-corepack14 suse-upgrade-corepack16 suse-upgrade-corepack18 suse-upgrade-nodejs12 suse-upgrade-nodejs12-devel suse-upgrade-nodejs12-docs suse-upgrade-nodejs14 suse-upgrade-nodejs14-devel suse-upgrade-nodejs14-docs suse-upgrade-nodejs16 suse-upgrade-nodejs16-devel suse-upgrade-nodejs16-docs suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-npm12 suse-upgrade-npm14 suse-upgrade-npm16 suse-upgrade-npm18 References https://attackerkb.com/topics/cve-2023-38552 CVE - 2023-38552

SUSE: CVE-2023-41914: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/18/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. Solution(s) suse-upgrade-libnss_slurm2 suse-upgrade-libnss_slurm2_20_02 suse-upgrade-libnss_slurm2_20_11 suse-upgrade-libnss_slurm2_22_05 suse-upgrade-libnss_slurm2_23_02 suse-upgrade-libpmi0 suse-upgrade-libpmi0_18_08 suse-upgrade-libpmi0_20_02 suse-upgrade-libpmi0_20_11 suse-upgrade-libpmi0_22_05 suse-upgrade-libpmi0_23_02 suse-upgrade-libslurm31 suse-upgrade-libslurm33 suse-upgrade-libslurm35 suse-upgrade-libslurm36 suse-upgrade-libslurm38 suse-upgrade-libslurm39 suse-upgrade-perl-slurm suse-upgrade-perl-slurm_18_08 suse-upgrade-perl-slurm_20_02 suse-upgrade-perl-slurm_20_11 suse-upgrade-perl-slurm_22_05 suse-upgrade-perl-slurm_23_02 suse-upgrade-slurm suse-upgrade-slurm-auth-none suse-upgrade-slurm-config suse-upgrade-slurm-config-man suse-upgrade-slurm-cray suse-upgrade-slurm-devel suse-upgrade-slurm-doc suse-upgrade-slurm-hdf5 suse-upgrade-slurm-lua suse-upgrade-slurm-munge suse-upgrade-slurm-node suse-upgrade-slurm-openlava suse-upgrade-slurm-pam_slurm suse-upgrade-slurm-plugin-ext-sensors-rrd suse-upgrade-slurm-plugins suse-upgrade-slurm-rest suse-upgrade-slurm-sched-wiki suse-upgrade-slurm-seff suse-upgrade-slurm-sjstat suse-upgrade-slurm-slurmdb-direct suse-upgrade-slurm-slurmdbd suse-upgrade-slurm-sql suse-upgrade-slurm-sview suse-upgrade-slurm-testsuite suse-upgrade-slurm-torque suse-upgrade-slurm-webdoc suse-upgrade-slurm_18_08 suse-upgrade-slurm_18_08-auth-none suse-upgrade-slurm_18_08-config suse-upgrade-slurm_18_08-devel suse-upgrade-slurm_18_08-doc suse-upgrade-slurm_18_08-lua suse-upgrade-slurm_18_08-munge suse-upgrade-slurm_18_08-node suse-upgrade-slurm_18_08-pam_slurm suse-upgrade-slurm_18_08-plugins suse-upgrade-slurm_18_08-slurmdbd suse-upgrade-slurm_18_08-sql suse-upgrade-slurm_18_08-torque suse-upgrade-slurm_20_02 suse-upgrade-slurm_20_02-auth-none suse-upgrade-slurm_20_02-config suse-upgrade-slurm_20_02-config-man suse-upgrade-slurm_20_02-cray suse-upgrade-slurm_20_02-devel suse-upgrade-slurm_20_02-doc suse-upgrade-slurm_20_02-hdf5 suse-upgrade-slurm_20_02-lua suse-upgrade-slurm_20_02-munge suse-upgrade-slurm_20_02-node suse-upgrade-slurm_20_02-openlava suse-upgrade-slurm_20_02-pam_slurm suse-upgrade-slurm_20_02-plugins suse-upgrade-slurm_20_02-rest suse-upgrade-slurm_20_02-seff suse-upgrade-slurm_20_02-sjstat suse-upgrade-slurm_20_02-slurmdbd suse-upgrade-slurm_20_02-sql suse-upgrade-slurm_20_02-sview suse-upgrade-slurm_20_02-testsuite suse-upgrade-slurm_20_02-torque suse-upgrade-slurm_20_02-webdoc suse-upgrade-slurm_20_11 suse-upgrade-slurm_20_11-auth-none suse-upgrade-slurm_20_11-config suse-upgrade-slurm_20_11-config-man suse-upgrade-slurm_20_11-cray suse-upgrade-slurm_20_11-devel suse-upgrade-slurm_20_11-doc suse-upgrade-slurm_20_11-hdf5 suse-upgrade-slurm_20_11-lua suse-upgrade-slurm_20_11-munge suse-upgrade-slurm_20_11-node suse-upgrade-slurm_20_11-openlava suse-upgrade-slurm_20_11-pam_slurm suse-upgrade-slurm_20_11-plugins suse-upgrade-slurm_20_11-rest suse-upgrade-slurm_20_11-seff suse-upgrade-slurm_20_11-sjstat suse-upgrade-slurm_20_11-slurmdbd suse-upgrade-slurm_20_11-sql suse-upgrade-slurm_20_11-sview suse-upgrade-slurm_20_11-torque suse-upgrade-slurm_20_11-webdoc suse-upgrade-slurm_22_05 suse-upgrade-slurm_22_05-auth-none suse-upgrade-slurm_22_05-config suse-upgrade-slurm_22_05-config-man suse-upgrade-slurm_22_05-cray suse-upgrade-slurm_22_05-devel suse-upgrade-slurm_22_05-doc suse-upgrade-slurm_22_05-hdf5 suse-upgrade-slurm_22_05-lua suse-upgrade-slurm_22_05-munge suse-upgrade-slurm_22_05-node suse-upgrade-slurm_22_05-openlava suse-upgrade-slurm_22_05-pam_slurm suse-upgrade-slurm_22_05-plugins suse-upgrade-slurm_22_05-rest suse-upgrade-slurm_22_05-seff suse-upgrade-slurm_22_05-sjstat suse-upgrade-slurm_22_05-slurmdbd suse-upgrade-slurm_22_05-sql suse-upgrade-slurm_22_05-sview suse-upgrade-slurm_22_05-testsuite suse-upgrade-slurm_22_05-torque suse-upgrade-slurm_22_05-webdoc suse-upgrade-slurm_23_02 suse-upgrade-slurm_23_02-auth-none suse-upgrade-slurm_23_02-config suse-upgrade-slurm_23_02-config-man suse-upgrade-slurm_23_02-cray suse-upgrade-slurm_23_02-devel suse-upgrade-slurm_23_02-doc suse-upgrade-slurm_23_02-lua suse-upgrade-slurm_23_02-munge suse-upgrade-slurm_23_02-node suse-upgrade-slurm_23_02-pam_slurm suse-upgrade-slurm_23_02-plugin-ext-sensors-rrd suse-upgrade-slurm_23_02-plugins suse-upgrade-slurm_23_02-rest suse-upgrade-slurm_23_02-slurmdbd suse-upgrade-slurm_23_02-sql suse-upgrade-slurm_23_02-sview suse-upgrade-slurm_23_02-torque suse-upgrade-slurm_23_02-webdoc References https://attackerkb.com/topics/cve-2023-41914 CVE - 2023-41914

SUSE: CVE-2023-42119: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/18/2023 Created 10/20/2023 Added 10/19/2023 Modified 05/06/2024 Description Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-17643. Solution(s) suse-upgrade-exim suse-upgrade-eximon suse-upgrade-eximstats-html References https://attackerkb.com/topics/cve-2023-42119 CVE - 2023-42119

Amazon Linux AMI 2: Security patch for yum (ALAS-2023-2316) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/18/2023 Created 10/24/2023 Added 10/23/2023 Modified 03/05/2024 Description Amazon Linux customers may have experienced an issue with our repository metadata in all regions. During this time, EC2 instances accessing metadata from our repositories experienced 500 MB of increased disk usage. Solution(s) amazon-linux-ami-2-upgrade-yum amazon-linux-ami-2-upgrade-yum-cron References AL2/ALAS-2023-2316

VMware Photon OS: CVE-2023-39331 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:N) Published 10/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-39331 CVE - 2023-39331

Alpine Linux: CVE-2023-39331: Path Traversal Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/18/2023 Created 03/22/2024 Added 03/21/2024 Modified 10/02/2024 Description A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) alpine-linux-upgrade-nodejs-current alpine-linux-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-39331 CVE - 2023-39331 https://security.alpinelinux.org/vuln/CVE-2023-39331

Microsoft Office: CVE-2023-38545: Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 07/10/2024 Added 07/09/2024 Modified 01/28/2025 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545

OS X update for AppleVA (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleGraphicsControl (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Bluetooth (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-45145: redis: possible bypass of Unix socket permissions on startup (Multiple Advisories) Severity 2 CVSS (AV:L/AC:H/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 01/24/2025 Added 01/23/2025 Modified 02/10/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) redhat-upgrade-redis redhat-upgrade-redis-debuginfo redhat-upgrade-redis-debugsource redhat-upgrade-redis-devel redhat-upgrade-redis-doc References CVE-2023-45145 RHSA-2024:10869 RHSA-2025:0595 RHSA-2025:0693