Report Name: Linux Patch Wednesday December 2023
Generated: 2024-01-30 02:51:11

Product Name	Prevalence	U	C	H	M	L	A	Comment
Kibana	0.9				1		1	Data visualization dashboard software
Linux Kernel	0.9			4	12		16	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Chromium	0.8		1	2	15		18	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNU C Library	0.8			1			1	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
Mozilla Firefox	0.8				10		10	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
OpenSSH	0.8		1				1	OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
OpenSSL	0.8			1	1		2	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
Safari	0.8		2	1	2		5	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Kubernetes	0.7				1		1	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
Eclipse Mosquitto	0.6			1	1		2	Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
Redis	0.6		1				1	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Wireshark	0.6			1	1		2	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml2	0.6			1			1	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
AFFLIB	0.5				1		1	Product detected by a:afflib_project:afflib (exists in CPE dict)
ActiveMQ	0.5	1					1	Product detected by a:apache:activemq (exists in CPE dict)
Amanda	0.5				1		1	Product detected by a:zmanda:amanda (exists in CPE dict)
Avro	0.5			1			1	Product detected by a:apache:avro (exists in CPE dict)
Crypto-js	0.5				1		1	Product detected by a:crypto-js_project:crypto-js (exists in CPE dict)
Curl	0.5			1	1		2	Product detected by a:haxx:curl (exists in CPE dict)
FRRouting	0.5				3	1	4	Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
Fast DDS	0.5			1			1	Product detected by a:eprosima:fast_dds (exists in CPE dict)
Freeimage	0.5			1	2		3	Product detected by a:freeimage_project:freeimage (exists in CPE dict)
Glusterfs	0.5			1			1	Product detected by a:gluster:glusterfs (exists in CPE dict)
GnuTLS	0.5				1		1	Product detected by a:gnu:gnutls (exists in CPE dict)
Guava	0.5				1		1	Product detected by a:google:guava (exists in CPE dict)
HID	0.5			1			1	HID
HTTP Server	0.5			1			1	Product detected by a:apache:http_server (exists in CPE dict)
Horizon	0.5				1		1	Product detected by a:openstack:horizon (exists in CPE dict)
InsydeH2O	0.5				1		1	Product detected by a:insyde:insydeh2o (exists in CPE dict)
OpenDKIM	0.5					1	1	Product detected by a:opendkim:opendkim (exists in CPE dict)
Opensc	0.5				3		3	Product detected by a:opensc_project:opensc (exists in CPE dict)
Pydantic	0.5				1		1	Product detected by a:pydantic_project:pydantic (exists in CPE dict)
RabbitMQ	0.5				1		1	Product detected by a:vmware:rabbitmq (exists in CPE dict)
SSHD	0.5				1		1	Product detected by a:apache:sshd (exists in CPE dict)
Squid	0.5				2		2	Product detected by a:squid-cache:squid (exists in CPE dict)
Symfony	0.5				1		1	Product detected by a:sensiolabs:symfony (exists in CPE dict)
Tracker Miners	0.5		1				1	Product detected by a:gnome:tracker_miners (exists in CPE dict)
X Server	0.5			1	1		2	Product detected by a:x.org:x_server (exists in CPE dict)
ZBar	0.5			2			2	Product detected by a:zbar_project:zbar (exists in CPE dict)
avahi	0.5				5		5	Product detected by a:avahi:avahi (exists in CPE dict)
budgie_extras	0.5				6		6	Product detected by a:ubuntubudgie:budgie_extras (does NOT exist in CPE dict)
cryptography	0.5			1			1	Product detected by a:cryptography_project:cryptography (exists in CPE dict)
gevent	0.5		1				1	Product detected by a:gevent:gevent (does NOT exist in CPE dict)
grafana	0.5			1	1		2	Product detected by a:grafana:grafana (exists in CPE dict)
haproxy	0.5				1		1	Product detected by a:haproxy:haproxy (exists in CPE dict)
iniparser	0.5			1			1	Product detected by a:iniparser_project:iniparser (does NOT exist in CPE dict)
keycloak	0.5			1	1		2	Product detected by a:redhat:keycloak (exists in CPE dict)
libde265	0.5			2	1		3	Product detected by a:struktur:libde265 (exists in CPE dict)
libreoffice	0.5				2		2	Product detected by a:libreoffice:libreoffice (exists in CPE dict)
libtiff	0.5			1	2		3	Product detected by a:libtiff:libtiff (exists in CPE dict)
linux_kernel	0.5				2		2	Product detected by o:linux:linux_kernel (exists in CPE dict)
lwIP	0.5				1		1	Product detected by a:lwip_project:lwip (exists in CPE dict)
openvswitch	0.5				1		1	Product detected by a:openvswitch:openvswitch (exists in CPE dict)
openzfs	0.5		1				1	Product detected by a:openzfs:openzfs (exists in CPE dict)
perl	0.5		1		1		2	Product detected by a:perl:perl (exists in CPE dict)
single_sign-on	0.5				1		1	Product detected by a:redhat:single_sign-on (exists in CPE dict)
smarty	0.5			1			1	Product detected by a:smarty:smarty (exists in CPE dict)
strongswan	0.5			1			1	Product detected by a:strongswan:strongswan (exists in CPE dict)
vim	0.5			2	7		9	Product detected by a:vim:vim (exists in CPE dict)
wordpress	0.5		1		1		2	Product detected by a:wordpress:wordpress (exists in CPE dict)
GPAC	0.4			1			1	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Artifex Ghostscript	0.3				1		1	Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
Visual Studio Code	0.3			1	5		6	Integrated development environment
Unknown Product	0				1	10	11	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		4	8	4		16
Code Injection	0.97				1		1
Authentication Bypass	0.95		1	2	3		6
Security Feature Bypass	0.9	1	1	3	9		14
Elevation of Privilege	0.85		1	3	3		7
Arbitrary File Reading	0.83				1		1
Information Disclosure	0.83		2		10		12
Cross Site Scripting	0.8				2		2
Open Redirect	0.75				1		1
Denial of Service	0.7			11	24		35
Path Traversal	0.7				2		2
Incorrect Calculation	0.5		1	1	10		12
Memory Corruption	0.5			7	28		35
Spoofing	0.4				3		3
Unknown Vulnerability Type	0				6	12	18

Source	U	C	H	M	L	A
debian	1	9	30	90	11	141
ubuntu		7	21	61	9	98
oraclelinux		2	6	29	3	40
almalinux		2	4	26	3	35
redhat		4	9	35	4	52
redos			2	9		11

Urgent (1)

1. Security Feature Bypass - ActiveMQ (CVE-2023-46604) - Urgent [898]

Description: The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

debian: CVE-2023-46604 was patched at 2023-11-21, unknown date

Critical (10)

2. Information Disclosure - wordpress (CVE-2023-39999) - Critical [779]

Description: Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

debian: CVE-2023-39999 was patched at 2023-11-21, unknown date

3. Remote Code Execution - Safari (CVE-2023-42917) - Critical [692]

Description: A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

debian: CVE-2023-42917 was patched at 2023-12-11, unknown date

ubuntu: CVE-2023-42917 was patched at 2023-12-11

oraclelinux: CVE-2023-42917 was patched at 2023-12-13

almalinux: CVE-2023-42917 was patched at 2023-12-11

redhat: CVE-2023-42917 was patched at 2023-12-11

4. Security Feature Bypass - OpenSSH (CVE-2023-48795) - Critical [686]

Description: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

debian: CVE-2023-48795 was patched at 2023-12-22, 2023-12-24, 2023-12-26, 2023-12-28, 2024-01-12, unknown date

ubuntu: CVE-2023-48795 was patched at 2023-12-19, 2024-01-11, 2024-01-15, 2024-01-18, 2024-01-25

redhat: CVE-2023-48795 was patched at 2024-01-25, 2024-01-29

5. Remote Code Execution - perl (CVE-2022-48522) - Critical [666]

Description: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

debian: CVE-2022-48522 was patched at unknown date

ubuntu: CVE-2022-48522 was patched at 2023-11-27

6. Incorrect Calculation - Chromium (CVE-2023-6345) - Critical [663]

Description: Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

debian: CVE-2023-6345 was patched at 2023-11-30, unknown date

7. Remote Code Execution - Redis (CVE-2022-24834) - Critical [647]

Description: Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

debian: CVE-2022-24834 was patched at unknown date

ubuntu: CVE-2022-24834 was patched at 2023-12-05

8. Remote Code Execution - Tracker Miners (CVE-2023-5557) - Critical [642]

Description: A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.

debian: CVE-2023-5557 was patched at unknown date

ubuntu: CVE-2023-5557 was patched at 2023-11-22

oraclelinux: CVE-2023-5557 was patched at 2023-12-12, 2023-12-13

almalinux: CVE-2023-5557 was patched at 2023-12-11, 2023-12-12

redhat: CVE-2023-5557 was patched at 2023-12-11, 2023-12-12

9. Information Disclosure - Safari (CVE-2023-42916) - Critical [638]

Description: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

debian: CVE-2023-42916 was patched at 2023-12-11, unknown date

ubuntu: CVE-2023-42916 was patched at 2023-12-11

10. Elevation of Privilege - gevent (CVE-2023-41419) - Critical [627]

Description: An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

redhat: CVE-2023-41419 was patched at 2023-11-21

11. Authentication Bypass - openzfs (CVE-2013-20001) - Critical [622]

Description: An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configuration are not applied.

debian: CVE-2013-20001 was patched at unknown date

ubuntu: CVE-2013-20001 was patched at 2023-11-23

High (35)

12. Elevation of Privilege - Linux Kernel (CVE-2023-46813) - High [599]

Description: An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.

debian: CVE-2023-46813 was patched at 2024-01-02, 2024-01-11, unknown date

ubuntu: CVE-2023-46813 was patched at 2023-12-05

oraclelinux: CVE-2023-46813 was patched at 2024-01-26

redhat: CVE-2023-46813 was patched at 2024-01-25

13. Authentication Bypass - HID (CVE-2023-45866) - High [574]

Description: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

debian: CVE-2023-45866 was patched at 2023-12-15, 2023-12-21, unknown date

ubuntu: CVE-2023-45866 was patched at 2023-12-07

14. Remote Code Execution - smarty (CVE-2023-28447) - High [571]

Description: Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.

debian: CVE-2023-28447 was patched at unknown date

ubuntu: CVE-2023-28447 was patched at 2023-12-12

15. Denial of Service - Eclipse Mosquitto (CVE-2021-41039) - High [558]

Description: In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

debian: CVE-2021-41039 was patched at unknown date

ubuntu: CVE-2021-41039 was patched at 2023-11-21

16. Remote Code Execution - Linux Kernel (CVE-2023-5178) - High [554]

Description: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.

debian: CVE-2023-5178 was patched at 2024-01-02, 2024-01-11, unknown date

ubuntu: CVE-2023-5178 was patched at 2023-11-21, 2023-12-05, 2023-12-06, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

oraclelinux: CVE-2023-5178 was patched at 2023-12-01, 2023-12-13, 2023-12-14, 2024-01-26

almalinux: CVE-2023-5178 was patched at 2023-11-28, 2024-01-23

redhat: CVE-2023-5178 was patched at 2023-11-21, 2023-11-28, 2024-01-23, 2024-01-24, 2024-01-25

17. Denial of Service - keycloak (CVE-2023-6563) - High [553]

Description: An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.

redhat: CVE-2023-6563 was patched at 2023-12-14

18. Denial of Service - HTTP Server (CVE-2023-45802) - High [541]

Description: When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

debian: CVE-2023-45802 was patched at unknown date

ubuntu: CVE-2023-45802 was patched at 2023-11-22

19. Denial of Service - Wireshark (CVE-2023-2906) - High [534]

Description: Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

debian: CVE-2023-2906 was patched at 2023-11-19, unknown date

20. Memory Corruption - libde265 (CVE-2023-27103) - High [529]

Description: Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.

debian: CVE-2023-27103 was patched at 2023-11-30, unknown date

21. Security Feature Bypass - Curl (CVE-2023-46219) - High [529]

Description: When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

debian: CVE-2023-46219 was patched at unknown date

ubuntu: CVE-2023-46219 was patched at 2023-12-06

22. Authentication Bypass - grafana (CVE-2023-2183) - High [526]

Description: Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.

redhat: CVE-2023-2183 was patched at 2023-12-12

23. Denial of Service - libxml2 (CVE-2023-39615) - High [522]

Description: Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

debian: CVE-2023-39615 was patched at unknown date

oraclelinux: CVE-2023-39615 was patched at 2023-12-13, 2024-01-10

almalinux: CVE-2023-39615 was patched at 2023-12-12, 2024-01-10

redhat: CVE-2023-39615 was patched at 2023-11-28, 2023-12-12, 2024-01-10, 2024-01-25

24. Denial of Service - Freeimage (CVE-2020-22524) - High [517]

Description: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.

debian: CVE-2020-22524 was patched at 2023-11-26, 2023-12-17, unknown date

ubuntu: CVE-2020-22524 was patched at 2024-01-16

25. Denial of Service - cryptography (CVE-2023-49083) - High [505]

Description: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

debian: CVE-2023-49083 was patched at unknown date

ubuntu: CVE-2023-49083 was patched at 2023-12-06

oraclelinux: CVE-2023-49083 was patched at 2024-01-18

26. Denial of Service - libtiff (CVE-2022-40090) - High [505]

Description: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

debian: CVE-2022-40090 was patched at unknown date

ubuntu: CVE-2022-40090 was patched at 2023-11-23

27. Memory Corruption - Fast DDS (CVE-2023-42459) - High [505]

Description: Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-42459 was patched at 2023-11-27, unknown date

28. Security Feature Bypass - OpenSSL (CVE-2023-46724) - High [496]

Description: Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.

debian: CVE-2023-46724 was patched at unknown date

ubuntu: CVE-2023-46724 was patched at 2023-11-21

oraclelinux: CVE-2023-46724 was patched at 2024-01-04, 2024-01-10

almalinux: CVE-2023-46724 was patched at 2024-01-03, 2024-01-08

redhat: CVE-2023-46724 was patched at 2024-01-03, 2024-01-08, 2024-01-24

29. Memory Corruption - Glusterfs (CVE-2022-48340) - High [494]

Description: In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.

debian: CVE-2022-48340 was patched at unknown date

ubuntu: CVE-2022-48340 was patched at 2023-11-22

30. Memory Corruption - libde265 (CVE-2023-43887) - High [494]

Description: Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.

debian: CVE-2023-43887 was patched at 2023-11-30, unknown date

31. Denial of Service - vim (CVE-2023-48706) - High [482]

Description: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

debian: CVE-2023-48706 was patched at unknown date

ubuntu: CVE-2023-48706 was patched at 2023-12-14

32. Remote Code Execution - Safari (CVE-2023-42852) - High [478]

Description: A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

debian: CVE-2023-42852 was patched at 2023-11-17, unknown date

ubuntu: CVE-2023-42852 was patched at 2023-11-20

33. Denial of Service - GPAC (CVE-2023-46001) - High [477]

Description: Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.

debian: CVE-2023-46001 was patched at unknown date

redos: CVE-2023-46001 was patched at 2023-11-20

34. Remote Code Execution - X Server (CVE-2023-6377) - High [476]

Description: A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

debian: CVE-2023-6377 was patched at 2023-12-13, 2023-12-17, unknown date

ubuntu: CVE-2023-6377 was patched at 2023-12-13

oraclelinux: CVE-2023-6377 was patched at 2024-01-02, 2024-01-03, 2024-01-04

almalinux: CVE-2023-6377 was patched at 2024-01-02

redhat: CVE-2023-6377 was patched at 2023-12-20, 2024-01-02

35. Memory Corruption - iniparser (CVE-2023-33461) - High [458]

Description: iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.

debian: CVE-2023-33461 was patched at unknown date

ubuntu: CVE-2023-33461 was patched at 2023-11-20

36. Remote Code Execution - strongswan (CVE-2023-41913) - High [452]

Description: strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

debian: CVE-2023-41913 was patched at 2023-11-20, 2023-11-24, unknown date

ubuntu: CVE-2023-41913 was patched at 2023-11-20, 2023-12-14

37. Remote Code Execution - ZBar (CVE-2023-40889) - High [440]

Description: A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

debian: CVE-2023-40889 was patched at 2023-12-01, unknown date

38. Remote Code Execution - ZBar (CVE-2023-40890) - High [440]

Description: A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

debian: CVE-2023-40890 was patched at 2023-12-01, unknown date

39. Incorrect Calculation - vim (CVE-2023-46246) - High [434]

Description: Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

debian: CVE-2023-46246 was patched at unknown date

ubuntu: CVE-2023-46246 was patched at 2023-12-14

40. Security Feature Bypass - Avro (CVE-2023-39410) - High [410]

Description: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

redhat: CVE-2023-39410 was patched at 2023-12-04

41. Elevation of Privilege - Linux Kernel (CVE-2023-39198) - High [408]

Description: A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.

debian: CVE-2023-39198 was patched at unknown date

ubuntu: CVE-2023-39198 was patched at 2023-12-05, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-10

42. Elevation of Privilege - Linux Kernel (CVE-2023-5717) - High [408]

Description: A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.

debian: CVE-2023-5717 was patched at 2024-01-02, 2024-01-11, unknown date

ubuntu: CVE-2023-5717 was patched at 2023-11-21, 2023-11-30, 2023-12-05, 2023-12-06, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

redhat: CVE-2023-5717 was patched at 2024-01-25

43. Remote Code Execution - Visual Studio Code (CVE-2022-41034) - High [407]

Description: Visual Studio Code Remote Code Execution Vulnerability

redos: CVE-2022-41034 was patched at 2023-11-21

44. Denial of Service - GNU C Library (CVE-2023-5156) - High [401]

Description: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

ubuntu: CVE-2023-5156 was patched at 2023-12-07

45. Memory Corruption - Chromium (CVE-2023-6346) - High [401]

Description: Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6346 was patched at 2023-11-30, unknown date

46. Memory Corruption - Chromium (CVE-2023-6348) - High [401]

Description: Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6348 was patched at 2023-11-30, unknown date

Medium (107)

47. Denial of Service - Squid (CVE-2023-5824) - Medium [398]

Description: Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

debian: CVE-2023-5824 was patched at unknown date

oraclelinux: CVE-2023-5824 was patched at 2023-11-28, 2023-12-11

almalinux: CVE-2023-5824 was patched at 2023-11-22, 2023-12-06

redhat: CVE-2023-5824 was patched at 2023-11-22, 2023-12-06, 2024-01-08, 2024-01-24

redos: CVE-2023-5824 was patched at 2023-11-21

48. Security Feature Bypass - Kubernetes (CVE-2023-5528) - Medium [396]

Description: A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.

redos: CVE-2023-5528 was patched at 2023-11-22

49. Information Disclosure - Linux Kernel (CVE-2023-39192) - Medium [393]

Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.

debian: CVE-2023-39192 was patched at 2024-01-11, unknown date

ubuntu: CVE-2023-39192 was patched at 2023-11-21, 2023-11-30, 2023-12-05, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

oraclelinux: CVE-2023-39192 was patched at 2023-12-06

50. Remote Code Execution - libreoffice (CVE-2023-6185) - Medium [392]

Description: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

debian: CVE-2023-6185 was patched at 2023-12-11, 2023-12-31, unknown date

ubuntu: CVE-2023-6185 was patched at 2023-12-11, 2023-12-14

51. Unknown Vulnerability Type - Amanda (CVE-2023-30577) - Medium [392]

Description: {'nvd_cve_data_all': 'AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.', 'combined_cve_data_all': ''}

debian: CVE-2023-30577 was patched at 2023-12-03, unknown date

52. Unknown Vulnerability Type - Curl (CVE-2023-46218) - Medium [392]

Description: {'nvd_cve_data_all': 'This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. ', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This flaw allows a malicious HTTP server to set "super cookies" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n', 'combined_cve_data_all': ''}

debian: CVE-2023-46218 was patched at 2023-12-22, 2023-12-23, unknown date

ubuntu: CVE-2023-46218 was patched at 2023-12-06

redhat: CVE-2023-46218 was patched at 2024-01-25

53. Unknown Vulnerability Type - wordpress (CVE-2023-5561) - Medium [392]

Description: {'nvd_cve_data_all': 'WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack', 'combined_cve_data_all': ''}

debian: CVE-2023-5561 was patched at 2023-11-21, unknown date

54. Code Injection - Chromium (CVE-2023-39956) - Medium [389]

Description: Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.

redos: CVE-2023-39956 was patched at 2023-11-21

55. Memory Corruption - Chromium (CVE-2023-6347) - Medium [389]

Description: Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6347 was patched at 2023-11-30, unknown date

56. Memory Corruption - Chromium (CVE-2023-6350) - Medium [389]

Description: Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

debian: CVE-2023-6350 was patched at 2023-11-30, unknown date

57. Memory Corruption - Chromium (CVE-2023-6351) - Medium [389]

Description: Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

debian: CVE-2023-6351 was patched at 2023-11-30, unknown date

58. Memory Corruption - Chromium (CVE-2023-6508) - Medium [389]

Description: Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6508 was patched at 2023-12-09, unknown date

59. Memory Corruption - Chromium (CVE-2023-6509) - Medium [389]

Description: Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)

debian: CVE-2023-6509 was patched at 2023-12-09, unknown date

60. Memory Corruption - Chromium (CVE-2023-6510) - Medium [389]

Description: Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

debian: CVE-2023-6510 was patched at 2023-12-09, unknown date

61. Memory Corruption - Chromium (CVE-2023-6705) - Medium [389]

Description: Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6705 was patched at 2023-12-13, unknown date

62. Security Feature Bypass - Chromium (CVE-2023-6511) - Medium [389]

Description: Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2023-6511 was patched at 2023-12-09, unknown date

63. Denial of Service - Squid (CVE-2023-46728) - Medium [386]

Description: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

debian: CVE-2023-46728 was patched at 2024-01-09, unknown date

ubuntu: CVE-2023-46728 was patched at 2023-11-21, 2023-12-11

oraclelinux: CVE-2023-46728 was patched at 2024-01-04, 2024-01-10

almalinux: CVE-2023-46728 was patched at 2024-01-03, 2024-01-08

redhat: CVE-2023-46728 was patched at 2024-01-03, 2024-01-08, 2024-01-24

64. Security Feature Bypass - AFFLIB (CVE-2018-8050) - Medium [386]

Description: The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.

debian: CVE-2018-8050 was patched at unknown date

ubuntu: CVE-2018-8050 was patched at 2023-11-28

65. Security Feature Bypass - Crypto-js (CVE-2023-46233) - Medium [386]

Description: crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

debian: CVE-2023-46233 was patched at 2023-11-27, unknown date

66. Remote Code Execution - Visual Studio Code (CVE-2023-24893) - Medium [383]

Description: Visual Studio Code Remote Code Execution Vulnerability

redos: CVE-2023-24893 was patched at 2023-11-21

67. Denial of Service - Linux Kernel (CVE-2023-1192) - Medium [382]

Description: A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

debian: CVE-2023-1192 was patched at unknown date

oraclelinux: CVE-2023-1192 was patched at 2023-12-01, 2023-12-14, 2023-12-22

almalinux: CVE-2023-1192 was patched at 2023-11-28

redhat: CVE-2023-1192 was patched at 2023-11-28, 2024-01-25

68. Security Feature Bypass - Kibana (CVE-2023-45807) - Medium [382]

Description: OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue.

redos: CVE-2023-45807 was patched at 2023-11-21

69. Information Disclosure - Linux Kernel (CVE-2023-39193) - Medium [381]

Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

debian: CVE-2023-39193 was patched at 2024-01-11, unknown date

ubuntu: CVE-2023-39193 was patched at 2023-11-21, 2023-11-30, 2023-12-05, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

oraclelinux: CVE-2023-39193 was patched at 2023-12-06

70. Denial of Service - Safari (CVE-2023-41983) - Medium [377]

Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.

debian: CVE-2023-41983 was patched at 2023-11-17, unknown date

ubuntu: CVE-2023-41983 was patched at 2023-11-20

71. Memory Corruption - Mozilla Firefox (CVE-2023-6207) - Medium [377]

Description: Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

debian: CVE-2023-6207 was patched at 2023-11-22, 2023-11-24, 2023-11-26, unknown date

ubuntu: CVE-2023-6207 was patched at 2023-11-23, 2023-11-27

oraclelinux: CVE-2023-6207 was patched at 2023-11-27, 2023-11-28

almalinux: CVE-2023-6207 was patched at 2023-11-27

redhat: CVE-2023-6207 was patched at 2023-11-27, 2023-11-28, 2023-11-29

72. Memory Corruption - Mozilla Firefox (CVE-2023-6212) - Medium [377]

Description: Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

debian: CVE-2023-6212 was patched at 2023-11-22, 2023-11-24, 2023-11-26, unknown date

ubuntu: CVE-2023-6212 was patched at 2023-11-23, 2023-11-27

oraclelinux: CVE-2023-6212 was patched at 2023-11-27, 2023-11-28

almalinux: CVE-2023-6212 was patched at 2023-11-27

redhat: CVE-2023-6212 was patched at 2023-11-27, 2023-11-28, 2023-11-29

73. Path Traversal - Mozilla Firefox (CVE-2023-6209) - Medium [377]

Description: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

debian: CVE-2023-6209 was patched at 2023-11-22, 2023-11-24, 2023-11-26, unknown date

ubuntu: CVE-2023-6209 was patched at 2023-11-23, 2023-11-27

oraclelinux: CVE-2023-6209 was patched at 2023-11-27, 2023-11-28

almalinux: CVE-2023-6209 was patched at 2023-11-27

redhat: CVE-2023-6209 was patched at 2023-11-27, 2023-11-28, 2023-11-29

74. Security Feature Bypass - libreoffice (CVE-2023-6186) - Medium [375]

Description: Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

debian: CVE-2023-6186 was patched at 2023-12-11, 2023-12-31, unknown date

ubuntu: CVE-2023-6186 was patched at 2023-12-11, 2023-12-14

75. Information Disclosure - haproxy (CVE-2023-45539) - Medium [374]

Description: HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

debian: CVE-2023-45539 was patched at 2023-12-14, 2023-12-28, unknown date

ubuntu: CVE-2023-45539 was patched at 2023-12-05

76. Authentication Bypass - keycloak (CVE-2023-0105) - Medium [372]

Description: A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

redhat: CVE-2023-0105 was patched at 2023-11-24

77. Remote Code Execution - Visual Studio Code (CVE-2023-21779) - Medium [371]

Description: Visual Studio Code Remote Code Execution Vulnerability

redos: CVE-2023-21779 was patched at 2023-11-21

78. Remote Code Execution - Visual Studio Code (CVE-2023-36742) - Medium [371]

Description: Visual Studio Code Remote Code Execution Vulnerability

redos: CVE-2023-36742 was patched at 2023-11-21

79. Denial of Service - Linux Kernel (CVE-2023-5158) - Medium [370]

Description: A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.

debian: CVE-2023-5158 was patched at unknown date

ubuntu: CVE-2023-5158 was patched at 2023-12-05, 2023-12-06, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

80. Denial of Service - Mozilla Firefox (CVE-2023-6206) - Medium [365]

Description: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

debian: CVE-2023-6206 was patched at 2023-11-22, 2023-11-24, 2023-11-26, unknown date

ubuntu: CVE-2023-6206 was patched at 2023-11-23, 2023-11-27

oraclelinux: CVE-2023-6206 was patched at 2023-11-27, 2023-11-28

almalinux: CVE-2023-6206 was patched at 2023-11-27

redhat: CVE-2023-6206 was patched at 2023-11-27, 2023-11-28, 2023-11-29

81. Denial of Service - Mozilla Firefox (CVE-2023-6211) - Medium [365]

Description: If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.

ubuntu: CVE-2023-6211 was patched at 2023-11-23

82. Memory Corruption - Chromium (CVE-2023-6702) - Medium [365]

Description: Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6702 was patched at 2023-12-13, unknown date

83. Memory Corruption - Chromium (CVE-2023-6703) - Medium [365]

Description: Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6703 was patched at 2023-12-13, unknown date

84. Memory Corruption - Chromium (CVE-2023-6704) - Medium [365]

Description: Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High)

debian: CVE-2023-6704 was patched at 2023-12-13, unknown date

85. Memory Corruption - Chromium (CVE-2023-6706) - Medium [365]

Description: Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-6706 was patched at 2023-12-13, unknown date

86. Memory Corruption - Chromium (CVE-2023-6707) - Medium [365]

Description: Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-6707 was patched at 2023-12-13, unknown date

87. Memory Corruption - Mozilla Firefox (CVE-2023-6213) - Medium [365]

Description: Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.

ubuntu: CVE-2023-6213 was patched at 2023-11-23

88. Elevation of Privilege - Linux Kernel (CVE-2023-6176) - Medium [361]

Description: A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.

debian: CVE-2023-6176 was patched at unknown date

ubuntu: CVE-2023-6176 was patched at 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-09, 2024-01-10

89. Authentication Bypass - Opensc (CVE-2023-40660) - Medium [360]

Description: A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

debian: CVE-2023-40660 was patched at 2023-11-27, unknown date

oraclelinux: CVE-2023-40660 was patched at 2023-12-18, 2023-12-19

almalinux: CVE-2023-40660 was patched at 2023-12-19

redhat: CVE-2023-40660 was patched at 2023-12-19

90. Denial of Service - Linux Kernel (CVE-2023-45862) - Medium [358]

Description: An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.

debian: CVE-2023-45862 was patched at unknown date

ubuntu: CVE-2023-45862 was patched at 2023-11-21, 2023-11-30, 2023-12-05

oraclelinux: CVE-2023-45862 was patched at 2023-12-06

91. Incorrect Calculation - Linux Kernel (CVE-2023-45871) - Medium [358]

Description: An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

debian: CVE-2023-45871 was patched at 2024-01-11, unknown date

ubuntu: CVE-2023-45871 was patched at 2023-11-21, 2023-11-27, 2023-11-28, 2023-11-30, 2023-12-05

oraclelinux: CVE-2023-45871 was patched at 2023-12-13, 2023-12-14, 2023-12-22

almalinux: CVE-2023-45871 was patched at 2023-12-12

redhat: CVE-2023-45871 was patched at 2023-12-12, 2024-01-23, 2024-01-24, 2024-01-25

92. Denial of Service - OpenSSL (CVE-2023-5678) - Medium [353]

Description: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

debian: CVE-2023-5678 was patched at unknown date

oraclelinux: CVE-2023-5678 was patched at 2023-12-18, 2024-01-10

almalinux: CVE-2023-5678 was patched at 2023-12-19

redhat: CVE-2023-5678 was patched at 2023-12-19, 2024-01-10, 2024-01-11

93. Denial of Service - Safari (CVE-2023-42883) - Medium [353]

Description: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

debian: CVE-2023-42883 was patched at 2023-12-18, unknown date

ubuntu: CVE-2023-42883 was patched at 2024-01-15

94. Authentication Bypass - Opensc (CVE-2023-4535) - Medium [348]

Description: An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.

debian: CVE-2023-4535 was patched at unknown date

oraclelinux: CVE-2023-4535 was patched at 2023-12-19

almalinux: CVE-2023-4535 was patched at 2023-12-19

redhat: CVE-2023-4535 was patched at 2023-12-19

95. Memory Corruption - Linux Kernel (CVE-2023-45898) - Medium [346]

Description: The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.

ubuntu: CVE-2023-45898 was patched at 2023-12-06, 2024-01-09

96. Information Disclosure - Linux Kernel (CVE-2023-39194) - Medium [345]

Description: A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.

debian: CVE-2023-39194 was patched at 2024-01-11, unknown date

ubuntu: CVE-2023-39194 was patched at 2023-11-21, 2023-11-30, 2023-12-05, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

97. Denial of Service - Eclipse Mosquitto (CVE-2021-34431) - Medium [344]

Description: In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.