Report Name: Linux Patch Wednesday November 2023
Generated: 2024-01-30 02:38:05

Product Name	Prevalence	U	C	H	M	L	A	Comment
Kerberos	1			1	1		2	Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
Apache HTTP Server	0.9			2			2	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
Intel(R) Processor	0.9		1				1	Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
Linux Kernel	0.9			4	12		16	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Chromium	0.8			14	1		15	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNOME desktop	0.8			1	1		2	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
Mozilla Firefox	0.8			1	9		10	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8			1	1		2	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSL	0.8				1		1	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
FFmpeg	0.7			1			1	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
QEMU	0.7				1		1	QEMU is a generic and open source machine & userspace emulator and virtualizer
VMware Tools	0.7				1		1	VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems
vim	0.7			10			10	Vim is a free and open-source, screen-based text editor program
ImageMagick	0.6			1			1	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Jetty	0.6			1			1	Jetty is a Java based web server and servlet engine
Python	0.6		1	1			2	Python is a high-level, general-purpose programming language
Redis	0.6				2		2	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Roundcube	0.6	1					1	Roundcube is a web-based IMAP email client
tiffcrop	0.6				1		1	Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
Audio File Library	0.5			2			2	Product detected by a:audio_file_library_project:audio_file_library (exists in CPE dict)
Barbican	0.5				1		1	Product detected by a:openstack:barbican (exists in CPE dict)
Cacti	0.5		4	4			8	Cacti is an open source operational monitoring and fault management framework
Calendar	0.5			1			1	Product detected by a:nextcloud:calendar (exists in CPE dict)
Cobbler	0.5		2	4	4		10	Cobbler is a Linux provisioning server that facilitates and automates the network-based system installation of multiple computer operating systems from a central point using services such as DHCP, TFTP, and DNS
Create Agent	0.5				1		1	Product detected by a:arduino:create_agent (exists in CPE dict)
GLPI	0.5				9		9	Product detected by a:glpi-project:glpi (exists in CPE dict)
Ghostscript	0.5				1		1	Product detected by a:artifex:ghostscript (exists in CPE dict)
Go	0.5			1	4		5	Product detected by a:golang:go (exists in CPE dict)
MySQL	0.5				14		14	Product detected by a:oracle:mysql (exists in CPE dict)
NSS	0.5				1		1	Product detected by a:mozilla:nss (exists in CPE dict)
Networking	0.5				1		1	Product detected by a:golang:networking (exists in CPE dict)
Open VM Tools	0.5				1		1	Product detected by a:vmware:open_vm_tools (exists in CPE dict)
Open Virtual Network	0.5				1		1	Product detected by a:ovn:open_virtual_network (exists in CPE dict)
Procps	0.5				1		1	Product detected by a:procps_project:procps (exists in CPE dict)
Rabbitmq-c	0.5				1		1	Product detected by a:rabbitmq-c_project:rabbitmq-c (exists in CPE dict)
Request Tracker	0.5				3		3	Product detected by a:bestpractical:request_tracker (exists in CPE dict)
Sanitize	0.5				1		1	Product detected by a:sanitize_project:sanitize (exists in CPE dict)
Slurm	0.5			1			1	Product detected by a:schedmd:slurm (exists in CPE dict)
Squid	0.5			3			3	Product detected by a:squid-cache:squid (exists in CPE dict)
TPM2 Software Stack	0.5			1			1	Product detected by a:tpm2_software_stack_project:tpm2_software_stack (exists in CPE dict)
Tang	0.5			1			1	Product detected by a:tang_project:tang (exists in CPE dict)
Traceroute	0.5			1			1	Product detected by a:buc:traceroute (exists in CPE dict)
Traffic Server	0.5				1		1	Product detected by a:apache:traffic_server (exists in CPE dict)
VLC Media Player	0.5			2			2	Product detected by a:videolan:vlc_media_player (exists in CPE dict)
X Server	0.5				2		2	Product detected by a:x.org:x_server (exists in CPE dict)
Xrdp	0.5				3		3	xrdp is an open source remote desktop protocol server
ZooKeeper	0.5			1			1	Product detected by a:apache:zookeeper (exists in CPE dict)
browserify-sign	0.5				1		1	Product detected by a:browserify:browserify-sign (exists in CPE dict)
certifi	0.5				1		1	Product detected by a:kennethreitz:certifi (exists in CPE dict)
ffmpeg	0.5			6			6	Product detected by a:ffmpeg:ffmpeg (exists in CPE dict)
goproxy	0.5			1			1	Product detected by a:goproxy_project:goproxy (exists in CPE dict)
grafana	0.5				7		7	Product detected by a:grafana:grafana (exists in CPE dict)
http::tiny	0.5			1			1	Product detected by a:httptiny_project:httptiny (does NOT exist in CPE dict)
insights-client	0.5				1		1	Product detected by a:redhat:insights-client (exists in CPE dict)
libsndfile	0.5			1			1	Product detected by a:libsndfile_project:libsndfile (exists in CPE dict)
memcached	0.5				2		2	Product detected by a:memcached:memcached (exists in CPE dict)
nextcloud_server	0.5				1		1	Product detected by a:nextcloud:nextcloud_server (exists in CPE dict)
plexus-archiver	0.5		1				1	Product detected by a:codehaus-plexus:plexus-archiver (exists in CPE dict)
postgresql	0.5			1	2		3	Product detected by a:postgresql:postgresql (exists in CPE dict)
qt	0.5				1		1	Product detected by a:qt:qt (exists in CPE dict)
shadow-utils	0.5				1		1	Product detected by a:shadow-maint:shadow-utils (does NOT exist in CPE dict)
urllib3	0.5				2		2	Product detected by a:python:urllib3 (exists in CPE dict)
zchunk	0.5				1		1	Product detected by a:zchunk:zchunk (exists in CPE dict)
zlib	0.5				1		1	Product detected by a:zlib:zlib (exists in CPE dict)
GPAC	0.4				1	2	3	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Unknown Product	0					7	7	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		6	6	1		13
Code Injection	0.97			1	2		3
Command Injection	0.97			2			2
Arbitrary File Writing	0.95		1				1
Authentication Bypass	0.95		1		7		8
Security Feature Bypass	0.9			14	9		23
Elevation of Privilege	0.85		1	2	5		8
Arbitrary File Reading	0.83			1			1
Information Disclosure	0.83			1	17		18
Cross Site Scripting	0.8	1		2	6		9
Open Redirect	0.75			1	1		2
Denial of Service	0.7			15	30		45
Path Traversal	0.7			1	3		4
Incorrect Calculation	0.5			4	6		10
Memory Corruption	0.5			20	13		33
Spoofing	0.4				3		3
Unknown Vulnerability Type	0					9	9

Source	U	C	H	M	L	A
debian	1	5	64	55	8	133
ubuntu		3	40	51	6	100
oraclelinux		3	15	44	1	63
almalinux		1	14	40	1	56
redhat		2	16	45	1	64
redos	1		11	20	2	34

Urgent (1)

1. Cross Site Scripting - Roundcube (CVE-2023-5631) - Urgent [826]

Description: Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

debian: CVE-2023-5631 was patched at 2023-10-23, 2023-10-25, unknown date

redos: CVE-2023-5631 was patched at 2023-10-26

Critical (9)

2. Remote Code Execution - Cacti (CVE-2023-39361) - Critical [702]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39361 was patched at 2023-11-08, unknown date

3. Remote Code Execution - Cobbler (CVE-2017-1000469) - Critical [678]

Description: Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.

ubuntu: CVE-2017-1000469 was patched at 2023-11-13

4. Remote Code Execution - Cacti (CVE-2023-39362) - Critical [654]

Description: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39362 was patched at 2023-11-08, unknown date

5. Arbitrary File Writing - Python (CVE-2007-4559) - Critical [650]

Description: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

oraclelinux: CVE-2007-4559 was patched at 2023-11-11, 2023-11-17, 2023-11-18

almalinux: CVE-2007-4559 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2007-4559 was patched at 2023-11-07, 2023-11-08, 2023-11-14, 2024-01-23, 2024-01-25

6. Remote Code Execution - Cacti (CVE-2023-39357) - Critical [642]

Description: Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39357 was patched at 2023-11-08, unknown date

7. Remote Code Execution - plexus-archiver (CVE-2023-37460) - Critical [642]

Description: Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.

oraclelinux: CVE-2023-37460 was patched at 2023-11-13

redhat: CVE-2023-37460 was patched at 2023-11-13

8. Remote Code Execution - Cacti (CVE-2023-39359) - Critical [630]

Description: Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39359 was patched at 2023-11-08, unknown date

9. Elevation of Privilege - Intel(R) Processor (CVE-2023-23583) - Critical [623]

Description: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

debian: CVE-2023-23583 was patched at 2023-11-23, 2023-12-16, unknown date

ubuntu: CVE-2023-23583 was patched at 2023-11-17

oraclelinux: CVE-2023-23583 was patched at 2023-11-13, 2023-11-16

10. Authentication Bypass - Cobbler (CVE-2022-0860) - Critical [622]

Description: Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

ubuntu: CVE-2022-0860 was patched at 2023-11-13

High (70)

11. Denial of Service - Jetty (CVE-2023-36478) - High [594]

Description: Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.

debian: CVE-2023-36478 was patched at 2023-10-30, unknown date

12. Code Injection - Cacti (CVE-2023-39365) - High [589]

Description: Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39365 was patched at 2023-11-08, unknown date

13. Command Injection - Cobbler (CVE-2021-45082) - High [589]

Description: An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

ubuntu: CVE-2021-45082 was patched at 2023-11-13

14. Arbitrary File Reading - Cobbler (CVE-2014-3225) - High [588]

Description: Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.

ubuntu: CVE-2014-3225 was patched at 2023-11-13

15. Security Feature Bypass - Python (CVE-2023-41105) - High [582]

Description: An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

debian: CVE-2023-41105 was patched at unknown date

ubuntu: CVE-2023-41105 was patched at 2023-12-11

oraclelinux: CVE-2023-41105 was patched at 2023-11-11, 2023-11-17

almalinux: CVE-2023-41105 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2023-41105 was patched at 2023-11-07, 2023-11-14

16. Denial of Service - ffmpeg (CVE-2020-20898) - High [577]

Description: Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

debian: CVE-2020-20898 was patched at unknown date

ubuntu: CVE-2020-20898 was patched at 2023-10-24

17. Denial of Service - ffmpeg (CVE-2021-38090) - High [577]

Description: Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

debian: CVE-2021-38090 was patched at unknown date

ubuntu: CVE-2021-38090 was patched at 2023-10-24

18. Denial of Service - ffmpeg (CVE-2021-38091) - High [577]

Description: Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

debian: CVE-2021-38091 was patched at unknown date

ubuntu: CVE-2021-38091 was patched at 2023-10-24

19. Denial of Service - ffmpeg (CVE-2021-38092) - High [577]

Description: Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

debian: CVE-2021-38092 was patched at unknown date

ubuntu: CVE-2021-38092 was patched at 2023-10-24

20. Denial of Service - ffmpeg (CVE-2021-38093) - High [577]

Description: Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

debian: CVE-2021-38093 was patched at unknown date

ubuntu: CVE-2021-38093 was patched at 2023-10-24

21. Denial of Service - ffmpeg (CVE-2021-38094) - High [577]

Description: Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.

debian: CVE-2021-38094 was patched at unknown date

ubuntu: CVE-2021-38094 was patched at 2023-10-24

22. Denial of Service - FFmpeg (CVE-2020-22038) - High [575]

Description: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c.

debian: CVE-2020-22038 was patched at unknown date

ubuntu: CVE-2020-22038 was patched at 2023-10-24

23. Memory Corruption - vim (CVE-2023-5344) - High [575]

Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

debian: CVE-2023-5344 was patched at unknown date

ubuntu: CVE-2023-5344 was patched at 2023-10-25

24. Denial of Service - Audio File Library (CVE-2019-13147) - High [553]

Description: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

debian: CVE-2019-13147 was patched at 2023-11-13, unknown date

ubuntu: CVE-2019-13147 was patched at 2023-12-14

25. Remote Code Execution - TPM2 Software Stack (CVE-2023-22745) - High [547]

Description: tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions `Tss2_RC_SetHandler` and `Tss2_RC_Decode` both index into `layer_handler` with an 8 bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries, so trying to add a handler for higher-numbered layers or decode a response code with such a layer number reads/writes past the end of the buffer. This Buffer overrun, could result in arbitrary code execution. An example attack would be a MiTM bus attack that returns 0xFFFFFFFF for the RC. Given the common use case of TPM modules an attacker must have local access to the target machine with local system privileges which allows access to the TPM system. Usually TPM access requires administrative privilege.

debian: CVE-2023-22745 was patched at unknown date

oraclelinux: CVE-2023-22745 was patched at 2023-11-11, 2023-11-17

almalinux: CVE-2023-22745 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2023-22745 was patched at 2023-11-07, 2023-11-14

26. Memory Corruption - VLC Media Player (CVE-2023-47359) - High [541]

Description: Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.

debian: CVE-2023-47359 was patched at 2023-11-02, 2023-12-01, unknown date

redos: CVE-2023-47359 was patched at 2023-11-21

27. Denial of Service - libsndfile (CVE-2022-33065) - High [529]

Description: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

debian: CVE-2022-33065 was patched at unknown date

ubuntu: CVE-2022-33065 was patched at 2023-11-02

28. Memory Corruption - Audio File Library (CVE-2022-24599) - High [529]

Description: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.

debian: CVE-2022-24599 was patched at 2023-11-13, unknown date

ubuntu: CVE-2022-24599 was patched at 2023-12-14

29. Security Feature Bypass - Traceroute (CVE-2023-46316) - High [529]

Description: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

debian: CVE-2023-46316 was patched at unknown date

ubuntu: CVE-2023-46316 was patched at 2023-11-14

redos: CVE-2023-46316 was patched at 2023-11-02

30. Incorrect Calculation - vim (CVE-2023-3896) - High [527]

Description: Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

debian: CVE-2023-3896 was patched at unknown date

ubuntu: CVE-2023-3896 was patched at 2023-10-25

31. Incorrect Calculation - vim (CVE-2023-4734) - High [527]

Description: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

debian: CVE-2023-4734 was patched at unknown date

ubuntu: CVE-2023-4734 was patched at 2023-10-25

32. Memory Corruption - vim (CVE-2023-4733) - High [527]

Description: Use After Free in GitHub repository vim/vim prior to 9.0.1840.

debian: CVE-2023-4733 was patched at unknown date

ubuntu: CVE-2023-4733 was patched at 2023-10-25

33. Memory Corruption - vim (CVE-2023-4735) - High [527]

Description: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

debian: CVE-2023-4735 was patched at unknown date

debian: CVE-2023-47359 was patched at 2023-11-02, 2023-12-01, unknown date

ubuntu: CVE-2023-4735 was patched at 2023-10-25

redos: CVE-2023-47359 was patched at 2023-11-21

34. Memory Corruption - vim (CVE-2023-4738) - High [527]

Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

debian: CVE-2023-4738 was patched at unknown date

ubuntu: CVE-2023-4738 was patched at 2023-10-25

35. Memory Corruption - vim (CVE-2023-4750) - High [527]

Description: Use After Free in GitHub repository vim/vim prior to 9.0.1857.

debian: CVE-2023-4750 was patched at unknown date

ubuntu: CVE-2023-4750 was patched at 2023-10-25

36. Memory Corruption - vim (CVE-2023-4751) - High [527]

Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

debian: CVE-2023-4751 was patched at unknown date

ubuntu: CVE-2023-4751 was patched at 2023-10-25

37. Memory Corruption - vim (CVE-2023-5535) - High [527]

Description: Use After Free in GitHub repository vim/vim prior to v9.0.2010.

debian: CVE-2023-5535 was patched at unknown date

ubuntu: CVE-2023-5535 was patched at 2023-10-25

38. Memory Corruption - Linux Kernel (CVE-2023-42754) - High [525]

Description: A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

debian: CVE-2023-42754 was patched at 2024-01-11, unknown date

ubuntu: CVE-2023-42754 was patched at 2023-10-31, 2023-11-21, 2023-11-30, 2023-12-05, 2023-12-06, 2023-12-11, 2023-12-12, 2023-12-13, 2024-01-05, 2024-01-09, 2024-01-10

39. Cross Site Scripting - Cacti (CVE-2023-39515) - High [523]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

debian: CVE-2023-39515 was patched at 2023-11-08, unknown date

40. Cross Site Scripting - Cacti (CVE-2023-39516) - High [523]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the 'General Administration>Sites/Devices/Data' permissions can configure the data source path in Cacti. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. The same page can be used for previewing the data source path. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually escape HTML output.

debian: CVE-2023-39516 was patched at 2023-11-08, unknown date

41. Denial of Service - goproxy (CVE-2023-37788) - High [517]

Description: goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.

debian: CVE-2023-37788 was patched at unknown date

redhat: CVE-2023-37788 was patched at 2023-10-31

42. Information Disclosure - Tang (CVE-2023-1672) - High [517]

Description: A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

debian: CVE-2023-1672 was patched at 2023-11-07, unknown date

ubuntu: CVE-2023-1672 was patched at 2023-11-20

oraclelinux: CVE-2023-1672 was patched at 2023-11-11, 2023-11-17

almalinux: CVE-2023-1672 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2023-1672 was patched at 2023-11-07, 2023-11-14

43. Security Feature Bypass - Calendar (CVE-2023-45150) - High [517]

Description: Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app.

redos: CVE-2023-45150 was patched at 2023-10-20

44. Remote Code Execution - Chromium (CVE-2023-5857) - High [502]

Description: Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)

debian: CVE-2023-5857 was patched at 2023-11-02, unknown date

45. Denial of Service - ImageMagick (CVE-2023-5349) - High [498]

Description: A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

debian: CVE-2023-5349 was patched at 2023-10-22, unknown date

46. Memory Corruption - vim (CVE-2023-5441) - High [491]

Description: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

debian: CVE-2023-5441 was patched at unknown date

ubuntu: CVE-2023-5441 was patched at 2023-10-25

47. Remote Code Execution - Cobbler (CVE-2021-40323) - High [488]

Description: Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

ubuntu: CVE-2021-40323 was patched at 2023-11-13

48. Incorrect Calculation - VLC Media Player (CVE-2023-47360) - High [482]

Description: Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

debian: CVE-2023-47360 was patched at 2023-11-02, 2023-12-01, unknown date

redos: CVE-2023-47360 was patched at 2023-11-21

49. Open Redirect - Cacti (CVE-2023-39364) - High [479]

Description: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39364 was patched at 2023-11-08, unknown date

50. Remote Code Execution - postgresql (CVE-2023-5869) - High [476]

Description: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

debian: CVE-2023-5869 was patched at 2023-11-13, 2023-11-14, unknown date

ubuntu: CVE-2023-5869 was patched at 2023-12-06, 2024-01-09, 2024-01-17

oraclelinux: CVE-2023-5869 was patched at 2023-11-30, 2023-12-13, 2023-12-15, 2023-12-18, 2023-12-19, 2023-12-20

almalinux: CVE-2023-5869 was patched at 2023-11-29, 2023-12-11, 2023-12-13, 2023-12-20

redhat: CVE-2023-5869 was patched at 2023-11-28, 2023-11-29, 2023-11-30, 2023-12-05, 2023-12-06, 2023-12-07, 2023-12-11, 2023-12-13, 2023-12-19, 2023-12-20

51. Security Feature Bypass - Chromium (CVE-2023-5482) - High [460]

Description: Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5482 was patched at 2023-11-02, unknown date

52. Security Feature Bypass - Cobbler (CVE-2018-1000226) - High [458]

Description: Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

ubuntu: CVE-2018-1000226 was patched at 2023-11-13

53. Security Feature Bypass - Slurm (CVE-2022-29502) - High [458]

Description: SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.

debian: CVE-2022-29502 was patched at unknown date

ubuntu: CVE-2022-29502 was patched at 2023-10-30

54. Command Injection - Squid (CVE-2023-46846) - High [447]

Description: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

debian: CVE-2023-46846 was patched at 2024-01-09, unknown date

ubuntu: CVE-2023-46846 was patched at 2023-11-21

oraclelinux: CVE-2023-46846 was patched at 2023-11-03, 2023-11-07, 2023-11-16, 2023-11-22

almalinux: CVE-2023-46846 was patched at 2023-11-02, 2023-11-07, 2023-11-14

redhat: CVE-2023-46846 was patched at 2023-11-02, 2023-11-07, 2023-11-08, 2023-11-14

redos: CVE-2023-46846 was patched at 2023-11-21

55. Remote Code Execution - Linux Kernel (CVE-2023-39191) - High [435]

Description: An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

debian: CVE-2023-39191 was patched at unknown date

oraclelinux: CVE-2023-39191 was patched at 2023-11-12

redhat: CVE-2023-39191 was patched at 2024-01-23, 2024-01-25

56. Security Feature Bypass - ZooKeeper (CVE-2023-44981) - High [434]

Description: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

debian: CVE-2023-44981 was patched at 2023-10-21, 2023-10-31, unknown date

ubuntu: CVE-2023-44981 was patched at 2024-01-16

57. Memory Corruption - Apache HTTP Server (CVE-2023-31122) - High [429]

Description: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

debian: CVE-2023-31122 was patched at unknown date

ubuntu: CVE-2023-31122 was patched at 2023-11-22, 2023-11-23

redos: CVE-2023-31122 was patched at 2023-10-30

58. Security Feature Bypass - GNOME desktop (CVE-2023-28100) - High [425]

Description: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.

debian: CVE-2023-28100 was patched at unknown date

oraclelinux: CVE-2023-28100 was patched at 2023-11-11, 2023-11-17

almalinux: CVE-2023-28100 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2023-28100 was patched at 2023-11-07, 2023-11-14

59. Denial of Service - Squid (CVE-2023-46847) - High [422]

Description: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

debian: CVE-2023-46847 was patched at 2024-01-09, unknown date

ubuntu: CVE-2023-46847 was patched at 2023-11-21, 2023-12-11

oraclelinux: CVE-2023-46847 was patched at 2023-11-03, 2023-11-07, 2023-11-08, 2023-11-16, 2023-11-22, 2024-01-12

almalinux: CVE-2023-46847 was patched at 2023-11-02, 2023-11-07, 2023-11-14

redhat: CVE-2023-46847 was patched at 2023-11-02, 2023-11-07, 2023-11-08, 2023-11-13, 2023-11-14, 2023-11-29

redos: CVE-2023-46847 was patched at 2023-11-21

60. Remote Code Execution - Go (CVE-2023-39323) - High [416]

Description: Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.

debian: CVE-2023-39323 was patched at unknown date

ubuntu: CVE-2023-39323 was patched at 2024-01-11

redos: CVE-2023-39323 was patched at 2023-11-09

61. Security Feature Bypass - Chromium (CVE-2023-5480) - High [413]

Description: Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)

debian: CVE-2023-5480 was patched at 2023-11-02, unknown date

62. Security Feature Bypass - Chromium (CVE-2023-5853) - High [413]

Description: Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-5853 was patched at 2023-11-02, unknown date

63. Security Feature Bypass - Chromium (CVE-2023-5859) - High [413]

Description: Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)

debian: CVE-2023-5859 was patched at 2023-11-02, unknown date

64. Denial of Service - Squid (CVE-2023-46848) - High [410]

Description: Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

debian: CVE-2023-46848 was patched at unknown date

ubuntu: CVE-2023-46848 was patched at 2023-11-21

oraclelinux: CVE-2023-46848 was patched at 2023-11-03, 2023-11-16

almalinux: CVE-2023-46848 was patched at 2023-11-02, 2023-11-07

redhat: CVE-2023-46848 was patched at 2023-11-02, 2023-11-07

redos: CVE-2023-46848 was patched at 2023-11-21

65. Memory Corruption - Kerberos (CVE-2023-36054) - High [410]

Description: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

debian: CVE-2023-36054 was patched at 2023-10-22, unknown date

ubuntu: CVE-2023-36054 was patched at 2023-11-01, 2023-11-06

oraclelinux: CVE-2023-36054 was patched at 2023-11-11

almalinux: CVE-2023-36054 was patched at 2023-11-07

redhat: CVE-2023-36054 was patched at 2023-11-07

66. Security Feature Bypass - http::tiny (CVE-2023-31486) - High [410]

Description: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

debian: CVE-2023-31486 was patched at unknown date

oraclelinux: CVE-2023-31486 was patched at 2023-11-11, 2023-11-17

almalinux: CVE-2023-31486 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2023-31486 was patched at 2023-11-07, 2023-11-14, 2024-01-25

67. Elevation of Privilege - Linux Kernel (CVE-2023-1252) - High [408]

Description: A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected.

debian: CVE-2023-1252 was patched at unknown date

oraclelinux: CVE-2023-1252 was patched at 2023-11-12, 2023-11-17

almalinux: CVE-2023-1252 was patched at 2023-11-14

redhat: CVE-2023-1252 was patched at 2023-11-14

68. Elevation of Privilege - Linux Kernel (CVE-2023-5345) - High [408]

Description: A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.

debian: CVE-2023-5345 was patched at unknown date

ubuntu: CVE-2023-5345 was patched at 2023-10-31, 2023-11-21, 2023-11-27, 2023-11-28, 2023-11-30, 2023-12-06, 2024-01-09, 2024-01-25

oraclelinux: CVE-2023-5345 was patched at 2023-12-14, 2023-12-22

almalinux: CVE-2023-5345 was patched at 2023-12-12

redhat: CVE-2023-5345 was patched at 2023-12-12

69. Denial of Service - Apache HTTP Server (CVE-2023-43622) - High [405]

Description: An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.

debian: CVE-2023-43622 was patched at unknown date

ubuntu: CVE-2023-43622 was patched at 2023-11-22

redos: CVE-2023-43622 was patched at 2023-10-30

70. Incorrect Calculation - Chromium (CVE-2023-5849) - High [401]

Description: Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5849 was patched at 2023-11-02, unknown date

71. Memory Corruption - Chromium (CVE-2023-5472) - High [401]

Description: Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5472 was patched at 2023-10-26, unknown date

72. Memory Corruption - Chromium (CVE-2023-5852) - High [401]

Description: Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

debian: CVE-2023-5852 was patched at 2023-11-02, unknown date

73. Memory Corruption - Chromium (CVE-2023-5854) - High [401]

Description: Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

debian: CVE-2023-5854 was patched at 2023-11-02, unknown date

74. Memory Corruption - Chromium (CVE-2023-5855) - High [401]

Description: Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

debian: CVE-2023-5855 was patched at 2023-11-02, unknown date

75. Memory Corruption - Chromium (CVE-2023-5856) - High [401]

Description: Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-5856 was patched at 2023-11-02, unknown date

76. Memory Corruption - Chromium (CVE-2023-5996) - High [401]

Description: Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5996 was patched at 2023-11-09, unknown date

77. Memory Corruption - Mozilla Firefox (CVE-2023-5730) - High [401]

Description: Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

debian: CVE-2023-5730 was patched at 2023-10-25, 2023-10-27, unknown date

ubuntu: CVE-2023-5730 was patched at 2023-10-30, 2023-11-02

oraclelinux: CVE-2023-5730 was patched at 2023-10-30, 2023-10-31

almalinux: CVE-2023-5730 was patched at 2023-10-30

redhat: CVE-2023-5730 was patched at 2023-10-30

78. Path Traversal - Node.js (CVE-2023-39332) - High [401]

Description: Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

oraclelinux: CVE-2023-39332 was patched at 2023-11-22

almalinux: CVE-2023-39332 was patched at 2023-11-14

redhat: CVE-2023-39332 was patched at 2023-11-14

79. Security Feature Bypass - Chromium (CVE-2023-5851) - High [401]

Description: Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-5851 was patched at 2023-11-02, unknown date

80. Security Feature Bypass - Chromium (CVE-2023-5858) - High [401]

Description: Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2023-5858 was patched at 2023-11-02, unknown date

Medium (103)

81. Memory Corruption - Kerberos (CVE-2023-39975) - Medium [398]

Description: kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.

oraclelinux: CVE-2023-39975 was patched at 2023-11-11

almalinux: CVE-2023-39975 was patched at 2023-11-07

redhat: CVE-2023-39975 was patched at 2023-11-07

82. Elevation of Privilege - Linux Kernel (CVE-2023-33952) - Medium [397]

Description: A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.

debian: CVE-2023-33952 was patched at unknown date

oraclelinux: CVE-2023-33952 was patched at 2023-11-12, 2023-11-17

almalinux: CVE-2023-33952 was patched at 2023-11-14

redhat: CVE-2023-33952 was patched at 2023-11-14

83. Security Feature Bypass - VMware Tools (CVE-2023-34058) - Medium [396]

Description: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

debian: CVE-2023-34058 was patched at 2023-10-31, 2023-11-06, unknown date

ubuntu: CVE-2023-34058 was patched at 2023-10-31, 2023-12-06

oraclelinux: CVE-2023-34058 was patched at 2023-11-16, 2023-11-21

almalinux: CVE-2023-34058 was patched at 2023-11-15

redhat: CVE-2023-34058 was patched at 2023-11-15

84. Information Disclosure - Linux Kernel (CVE-2023-33951) - Medium [393]

Description: A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.

debian: CVE-2023-33951 was patched at unknown date

oraclelinux: CVE-2023-33951 was patched at 2023-11-12, 2023-11-17

almalinux: CVE-2023-33951 was patched at 2023-11-14

redhat: CVE-2023-33951 was patched at 2023-11-14

85. Denial of Service - Mozilla Firefox (CVE-2023-5724) - Medium [389]

Description: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

debian: CVE-2023-5724 was patched at 2023-10-25, 2023-10-27, unknown date

ubuntu: CVE-2023-5724 was patched at 2023-10-30, 2023-11-02

oraclelinux: CVE-2023-5724 was patched at 2023-10-30, 2023-10-31

almalinux: CVE-2023-5724 was patched at 2023-10-30

redhat: CVE-2023-5724 was patched at 2023-10-30

86. Denial of Service - Mozilla Firefox (CVE-2023-5728) - Medium [389]

Description: During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

debian: CVE-2023-5728 was patched at 2023-10-25, 2023-10-27, unknown date

ubuntu: CVE-2023-5728 was patched at 2023-10-30, 2023-11-02

oraclelinux: CVE-2023-5728 was patched at 2023-10-30, 2023-10-31

almalinux: CVE-2023-5728 was patched at 2023-10-30

redhat: CVE-2023-5728 was patched at 2023-10-30

87. Elevation of Privilege - X Server (CVE-2023-5367) - Medium [389]

Description: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

debian: CVE-2023-5367 was patched at 2023-10-25, unknown date

ubuntu: CVE-2023-5367 was patched at 2023-10-25, 2023-10-31

oraclelinux: CVE-2023-5367 was patched at 2023-11-08, 2023-11-22, 2024-01-03

almalinux: CVE-2023-5367 was patched at 2024-01-02

redhat: CVE-2023-5367 was patched at 2023-11-08, 2023-11-21, 2023-11-28, 2024-01-02, 2024-01-10

redos: CVE-2023-5367 was patched at 2023-11-15

88. Code Injection - GLPI (CVE-2023-41320) - Medium [387]

Description: GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.

redos: CVE-2023-41320 was patched at 2023-11-09

89. Authentication Bypass - Cobbler (CVE-2021-40325) - Medium [383]

Description: Cobbler before 3.3.0 allows authorization bypass for modification of settings.

ubuntu: CVE-2021-40325 was patched at 2023-11-13

90. Information Disclosure - Linux Kernel (CVE-2024-0443) - Medium [381]

Description: A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.

redhat: CVE-2024-0443 was patched at 2023-11-14

91. Elevation of Privilege - GNOME desktop (CVE-2023-28101) - Medium [380]

Description: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.

debian: CVE-2023-28101 was patched at unknown date

oraclelinux: CVE-2023-28101 was patched at 2023-11-11, 2023-11-17

almalinux: CVE-2023-28101 was patched at 2023-11-07, 2023-11-14

redhat: CVE-2023-28101 was patched at 2023-11-07, 2023-11-14

92. Remote Code Execution - Xrdp (CVE-2022-23613) - Medium [380]

Description: xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.

debian: CVE-2022-23613 was patched at unknown date

ubuntu: CVE-2022-23613 was patched at 2023-11-08

93. Memory Corruption - Mozilla Firefox (CVE-2023-5731) - Medium [377]

Description: Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.

ubuntu: CVE-2023-5731 was patched at 2023-10-30

94. Path Traversal - Node.js (CVE-2023-39331) - Medium [377]

Description: A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

oraclelinux: CVE-2023-39331 was patched at 2023-11-22

almalinux: CVE-2023-39331 was patched at 2023-11-07, 2023-11-14, 2023-11-15

redhat: CVE-2023-39331 was patched at 2023-11-07, 2023-11-14, 2023-11-15

95. Security Feature Bypass - Mozilla Firefox (CVE-2023-5723) - Medium [377]

Description: An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.