Report Name: Linux Patch Wednesday October 2023
Generated: 2023-11-05 02:05:45

Product Name	Prevalence	U	C	H	M	L	A	Comment
Active Directory	0.9				1		1	Active Directory is a directory service developed by Microsoft for Windows domain networks
Apache Log4j	0.9			1			1	Apache Log4j is a Java-based logging utility
HTTP/2 protocol	0.9	1					1	HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Linux Kernel	0.9			2	5		7	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Binutils	0.8				8		8	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Chromium	0.8	2		6	11		19	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
GNOME desktop	0.8			1			1	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
GNU C Library	0.8		1		3		4	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
Mozilla Firefox	0.8			3	4		7	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty	0.8				1		1	Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
Node.js	0.8			3			3	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
Samba	0.8				1	1	2	Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
Webkit	0.8			1			1	WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS
Windows NTFS	0.8			1	1		2	The default file system of the Windows NT family
Xlib	0.8			1	4		5	Xlib (also known as libX11) is an X Window System protocol client library written in the C programming language
libvpx	0.8			1			1	libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
Apache Tomcat	0.7				3		3	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Babel	0.7			1			1	Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
Curl	0.7			1	1		2	Curl is a command-line tool for transferring data specified with URL syntax
FFmpeg	0.7				5		5	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Intel Ethernet Controller RDMA driver for linux	0.7				1		1	Remote Direct Memory Access (RDMA) is a computer networking technology usually implemented over high-speed, low-latency networks (aka fabrics) which allows for direct access to a remote host's memory, dramatically reducing latency and CPU overhead
Logstash	0.7				1		1	Logstash is an open source data collection engine with real-time pipelining capabilities
MariaDB	0.7				1		1	MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License
MediaWiki	0.7			1	2	2	5	MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
QEMU	0.7				3		3	QEMU is a generic and open source machine & userspace emulator and virtualizer
macOS	0.7			1			1	macOS is an operating system developed and marketed by Apple Inc
semver	0.7				1		1	The semantic version parser used by npm
vim	0.7				4		4	Vim is a free and open-source, screen-based text editor program
Bouncy Castle	0.6				1		1	Bouncy Castle is a collection of APIs used in cryptography
Eclipse Mosquitto	0.6				5		5	Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
FreeRDP	0.6				10		10	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
ImageMagick	0.6				1		1	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Jetty	0.6			2	3		5	Jetty is a Java based web server and servlet engine
LibTomMath	0.6			1			1	LibTomMath is a free open source portable number theoretic multiple-precision integer library written entirely in C
Nokogiri	0.6				1		1	Nokogiri is an open source XML and HTML library for the Ruby programming language
Puma	0.6			1			1	Puma is a Ruby/Rack web server built for parallelism
Python	0.6			1	2		3	Python is a high-level, general-purpose programming language
ReadyMedia	0.6			1			1	ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
Wireshark	0.6				1		1	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml2	0.6				1		1	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
pgAdmin	0.6			1			1	pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
tiffcrop	0.6				1		1	Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
Django	0.5				1		1	Django is a free and open-source, Python-based web framework that follows the model–template–views architectural pattern
FRRouting	0.5				1		1	Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
Go Project	0.5				1		1	Go is an open source project developed by a team at Google and many contributors from the open source community
HTTP/1 Client	0.5				1		1	The first usable version of HTTP protocol created in 1997
SchedMD Slurm	0.5				1		1	The Slurm Workload Manager, formerly known as Simple Linux Utility for Resource Management, or simply Slurm, is a free and open-source job scheduler for Linux and Unix-like kernels, used by many of the world's supercomputers and computer clusters
TLS	0.5			1			1	TLS
GPAC	0.4				1		1	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
LLDP	0.4				1		1	LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery Protocol)
tough-cookie	0.4				1		1	tough-cookie is a RFC6265 Cookies and CookieJar module for Node.js
Artifex Ghostscript	0.3			1			1	Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
OpenPMIx	0.3				1		1	Reference Implementation of the Process Management Interface Exascale (PMIx) standard
Unknown Product	0					12	12	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	1	1	10			12
Code Injection	0.97				3		3
Command Injection	0.97			2	2		4
Arbitrary File Reading	0.95			1			1
Authentication Bypass	0.95			1	2		3
Security Feature Bypass	0.9			7	7		14
Denial of Service	0.7	1		3	34		38
Memory Corruption	0.6	1		8	39		48
Open Redirect	0.6				1		1
Elevation of Privilege	0.5				2		2
Cross Site Scripting	0.4					1	1
Information Disclosure	0.4				1	1	2
Path Traversal	0.4				1		1
Spoofing	0.4				3		3
Tampering	0.3			1			1
Unknown Vulnerability Type	0				1	13	14

Source	U	C	H	M	L	A
debian	2	1	29	93	14	139
oraclelinux	2	1	9	15	1	28
almalinux	2	1	9	11		23
redhat	3	1	10	20	4	38
ubuntu	2	1	16	47	8	74
redos	1		5	18		24

Urgent (3)

1. Remote Code Execution - Chromium (CVE-2023-3171) - Urgent [954]

Description: Remote Code Execution in Chromium

redhat: CVE-2023-3171 was patched at 2023-10-06

2. Denial of Service - HTTP/2 protocol (CVE-2023-44487) - Urgent [905]

Description: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

debian: CVE-2023-44487 was patched at 2023-10-10, 2023-10-12, 2023-10-16, 2023-10-30, unknown date

oraclelinux: CVE-2023-44487 was patched at 2023-10-17, 2023-10-18, 2023-10-19, 2023-10-20, 2023-10-23, 2023-10-24, 2023-10-26

almalinux: CVE-2023-44487 was patched at 2023-10-16, 2023-10-17, 2023-10-18, 2023-10-19, 2023-10-23, 2023-10-24, 2023-10-25

redhat: CVE-2023-44487 was patched at 2023-10-16, 2023-10-17, 2023-10-18, 2023-10-19, 2023-10-20, 2023-10-23, 2023-10-24, 2023-10-25, 2023-10-27, 2023-10-31

ubuntu: CVE-2023-44487 was patched at 2023-10-10, 2023-10-19

3. Memory Corruption - Chromium (CVE-2023-5217) - Urgent [883]

Description: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5217 was patched at 2023-09-29, unknown date

oraclelinux: CVE-2023-5217 was patched at 2023-10-05, 2023-10-06, 2023-10-10, 2023-10-11, 2023-10-13

almalinux: CVE-2023-5217 was patched at 2023-10-04, 2023-10-09

redhat: CVE-2023-5217 was patched at 2023-10-04, 2023-10-05, 2023-10-09

ubuntu: CVE-2023-5217 was patched at 2023-10-02, 2023-10-03, 2023-10-23, 2023-11-01

redos: CVE-2023-5217 was patched at 2023-10-16

Critical (1)

4. Remote Code Execution - GNU C Library (CVE-2023-4911) - Critical [621]

Description: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

debian: CVE-2023-4911 was patched at 2023-10-03, unknown date

oraclelinux: CVE-2023-4911 was patched at 2023-10-05, 2023-10-06, 2023-10-09, 2023-10-10, 2023-10-12

almalinux: CVE-2023-4911 was patched at 2023-10-05

redhat: CVE-2023-4911 was patched at 2023-10-05

ubuntu: CVE-2023-4911 was patched at 2023-10-03

High (33)

5. Memory Corruption - Curl (CVE-2023-38545) - High [580]

Description: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.

debian: CVE-2023-38545 was patched at 2023-10-11, unknown date

oraclelinux: CVE-2023-38545 was patched at 2023-10-18

almalinux: CVE-2023-38545 was patched at 2023-10-17

redhat: CVE-2023-38545 was patched at 2023-10-13, 2023-10-17

ubuntu: CVE-2023-38545 was patched at 2023-10-11, 2023-10-17

redos: CVE-2023-38545 was patched at 2023-10-16

6. Memory Corruption - Jetty (CVE-2023-26048) - High [528]

Description: Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).

debian: CVE-2023-26048 was patched at 2023-09-28, unknown date

7. Remote Code Execution - Linux Kernel (CVE-2023-44466) - High [495]

Description: An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.

debian: CVE-2023-44466 was patched at unknown date

ubuntu: CVE-2023-44466 was patched at 2023-10-04, 2023-10-06, 2023-10-19, 2023-10-24, 2023-10-31

8. Denial of Service - TLS (CVE-2023-29409) - High [494]

Description: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

debian: CVE-2023-29409 was patched at unknown date

oraclelinux: CVE-2023-29409 was patched at 2023-10-18

almalinux: CVE-2023-29409 was patched at 2023-10-16

redhat: CVE-2023-29409 was patched at 2023-10-16, 2023-10-20

9. Remote Code Execution - Python (CVE-2019-19450) - High [480]

Description: paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

debian: CVE-2019-19450 was patched at unknown date

oraclelinux: CVE-2019-19450 was patched at 2023-10-11, 2023-10-19

almalinux: CVE-2019-19450 was patched at 2023-10-17

redhat: CVE-2019-19450 was patched at 2023-10-10, 2023-10-17

10. Remote Code Execution - GNOME desktop (CVE-2023-43641) - High [478]

Description: libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

debian: CVE-2023-43641 was patched at 2023-10-11, unknown date

ubuntu: CVE-2023-43641 was patched at 2023-10-09, 2023-10-17

11. Tampering - Jetty (CVE-2023-26049) - High [475]

Description: Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.

debian: CVE-2023-26049 was patched at 2023-09-28, unknown date

12. Remote Code Execution - Webkit (CVE-2023-39928) - High [466]

Description: A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

debian: CVE-2023-39928 was patched at 2023-10-12, unknown date

ubuntu: CVE-2023-39928 was patched at 2023-10-10

13. Security Feature Bypass - Node.js (CVE-2023-32002) - High [460]

Description: The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

debian: CVE-2023-32002 was patched at unknown date

oraclelinux: CVE-2023-32002 was patched at 2023-09-28, 2023-10-05, 2023-10-10

almalinux: CVE-2023-32002 was patched at 2023-09-26, 2023-10-09

redhat: CVE-2023-32002 was patched at 2023-09-26, 2023-10-09

14. Command Injection - Puma (CVE-2023-40175) - High [451]

Description: Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-40175 was patched at unknown date

ubuntu: CVE-2023-40175 was patched at 2023-09-27

15. Remote Code Execution - macOS (CVE-2023-41074) - High [449]

Description: The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

debian: CVE-2023-41074 was patched at 2023-10-12, unknown date

ubuntu: CVE-2023-41074 was patched at 2023-10-10

16. Security Feature Bypass - Node.js (CVE-2023-32006) - High [436]

Description: The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

debian: CVE-2023-32006 was patched at unknown date

oraclelinux: CVE-2023-32006 was patched at 2023-09-28, 2023-10-05, 2023-10-10

almalinux: CVE-2023-32006 was patched at 2023-09-26, 2023-10-09

redhat: CVE-2023-32006 was patched at 2023-09-26, 2023-10-09

17. Remote Code Execution - LibTomMath (CVE-2023-36328) - High [433]

Description: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).

debian: CVE-2023-36328 was patched at unknown date

ubuntu: CVE-2023-36328 was patched at 2023-10-02

redos: CVE-2023-36328 was patched at 2023-10-23

18. Remote Code Execution - Artifex Ghostscript (CVE-2023-43115) - High [430]

Description: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

debian: CVE-2023-43115 was patched at unknown date

oraclelinux: CVE-2023-43115 was patched at 2023-11-03

almalinux: CVE-2023-43115 was patched at 2023-11-02

redhat: CVE-2023-43115 was patched at 2023-10-18, 2023-11-02

ubuntu: CVE-2023-43115 was patched at 2023-10-17

19. Remote Code Execution - Babel (CVE-2023-45133) - High [426]

Description: Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.

debian: CVE-2023-45133 was patched at 2023-10-16, unknown date

20. Arbitrary File Reading - ReadyMedia (CVE-2022-26505) - High [424]

Description: A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.

debian: CVE-2022-26505 was patched at unknown date

ubuntu: CVE-2022-26505 was patched at 2023-09-27

21. Memory Corruption - Mozilla Firefox (CVE-2023-5176) - High [419]

Description: Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

debian: CVE-2023-5176 was patched at 2023-09-28, 2023-10-03, unknown date

oraclelinux: CVE-2023-5176 was patched at 2023-10-05, 2023-10-06, 2023-10-13

almalinux: CVE-2023-5176 was patched at 2023-10-04

redhat: CVE-2023-5176 was patched at 2023-10-04, 2023-10-05

ubuntu: CVE-2023-5176 was patched at 2023-10-03

22. Remote Code Execution - Windows NTFS (CVE-2023-4692) - High [419]

Description: An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.

debian: CVE-2023-4692 was patched at 2023-10-06, unknown date

ubuntu: CVE-2023-4692 was patched at 2023-10-04

23. Remote Code Execution - Xlib (CVE-2023-43787) - High [419]

Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

debian: CVE-2023-43787 was patched at 2023-10-05, unknown date

ubuntu: CVE-2023-43787 was patched at 2023-10-03, 2023-10-10, 2023-10-23

redos: CVE-2023-43787 was patched at 2023-10-19

24. Authentication Bypass - MediaWiki (CVE-2023-3550) - High [417]

Description: Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.

debian: CVE-2023-3550 was patched at 2023-10-10, unknown date

25. Denial of Service - Apache Log4j (CVE-2023-26464) - High [417]

Description: ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

redhat: CVE-2023-26464 was patched at 2023-10-06

26. Security Feature Bypass - Chromium (CVE-2023-5483) - High [413]

Description: Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-5483 was patched at 2023-10-12, unknown date

27. Security Feature Bypass - Node.js (CVE-2023-32559) - High [413]

Description: A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

debian: CVE-2023-32559 was patched at unknown date

oraclelinux: CVE-2023-32559 was patched at 2023-09-28, 2023-10-05, 2023-10-10

almalinux: CVE-2023-32559 was patched at 2023-09-26, 2023-10-09

redhat: CVE-2023-32559 was patched at 2023-09-26, 2023-10-09

28. Memory Corruption - Linux Kernel (CVE-2023-38427) - High [411]

Description: An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.

debian: CVE-2023-38427 was patched at unknown date

ubuntu: CVE-2023-38427 was patched at 2023-10-05, 2023-10-31

29. Memory Corruption - Chromium (CVE-2023-5186) - High [407]

Description: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

debian: CVE-2023-5186 was patched at 2023-09-29, unknown date

30. Memory Corruption - Chromium (CVE-2023-5218) - High [407]

Description: Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

debian: CVE-2023-5218 was patched at 2023-10-12, unknown date

31. Memory Corruption - Mozilla Firefox (CVE-2023-5172) - High [407]

Description: A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.

ubuntu: CVE-2023-5172 was patched at 2023-10-03

32. Memory Corruption - Mozilla Firefox (CVE-2023-5175) - High [407]

Description: During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.

ubuntu: CVE-2023-5175 was patched at 2023-10-03

33. Command Injection - pgAdmin (CVE-2023-5002) - High [404]

Description: A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

redos: CVE-2023-5002 was patched at 2023-10-13

34. Denial of Service - libvpx (CVE-2023-44488) - High [401]

Description: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

debian: CVE-2023-44488 was patched at 2023-10-05, unknown date

oraclelinux: CVE-2023-44488 was patched at 2023-10-10, 2023-10-11, 2023-10-30, 2023-10-31

almalinux: CVE-2023-44488 was patched at 2023-10-09, 2023-10-30

redhat: CVE-2023-44488 was patched at 2023-10-09, 2023-10-30

ubuntu: CVE-2023-44488 was patched at 2023-10-02, 2023-10-23, 2023-11-01

redos: CVE-2023-44488 was patched at 2023-10-16

35. Security Feature Bypass - Chromium (CVE-2023-5475) - High [401]

Description: Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

debian: CVE-2023-5475 was patched at 2023-10-12, unknown date

36. Security Feature Bypass - Chromium (CVE-2023-5479) - High [401]

Description: Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-5479 was patched at 2023-10-12, unknown date

37. Security Feature Bypass - Chromium (CVE-2023-5487) - High [401]

Description: Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

debian: CVE-2023-5487 was patched at 2023-10-12, unknown date

Medium (96)

38. Security Feature Bypass - Apache Tomcat (CVE-2023-45648) - Medium [396]

Description: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

debian: CVE-2023-45648 was patched at 2023-10-10, unknown date

redhat: CVE-2023-45648 was patched at 2023-10-31

39. Memory Corruption - Linux Kernel (CVE-2023-38431) - Medium [388]

Description: An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.

debian: CVE-2023-38431 was patched at unknown date

ubuntu: CVE-2023-38431 was patched at 2023-10-05, 2023-10-31

40. Memory Corruption - FreeRDP (CVE-2023-40567) - Medium [385]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.

debian: CVE-2023-40567 was patched at unknown date

ubuntu: CVE-2023-40567 was patched at 2023-10-04

41. Denial of Service - QEMU (CVE-2023-3255) - Medium [384]

Description: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.

debian: CVE-2023-3255 was patched at unknown date

debian: CVE-2023-32559 was patched at unknown date

oraclelinux: CVE-2023-3255 was patched at 2023-10-07

oraclelinux: CVE-2023-32559 was patched at 2023-09-28, 2023-10-05, 2023-10-10

almalinux: CVE-2023-32559 was patched at 2023-09-26, 2023-10-09

redhat: CVE-2023-32559 was patched at 2023-09-26, 2023-10-09

42. Denial of Service - semver (CVE-2022-25883) - Medium [384]

Description: Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

debian: CVE-2022-25883 was patched at unknown date

oraclelinux: CVE-2022-25883 was patched at 2023-09-28, 2023-10-05

almalinux: CVE-2022-25883 was patched at 2023-09-26

redhat: CVE-2022-25883 was patched at 2023-09-26, 2023-10-06

43. Memory Corruption - Chromium (CVE-2023-5187) - Medium [383]

Description: Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5187 was patched at 2023-09-29, unknown date

44. Memory Corruption - Chromium (CVE-2023-5346) - Medium [383]

Description: Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2023-5346 was patched at 2023-10-04, unknown date

45. Memory Corruption - Chromium (CVE-2023-5474) - Medium [383]

Description: Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

debian: CVE-2023-5474 was patched at 2023-10-12, unknown date

46. Memory Corruption - Chromium (CVE-2023-5476) - Medium [383]

Description: Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2023-5476 was patched at 2023-10-12, unknown date

47. Memory Corruption - vim (CVE-2022-3520) - Medium [378]

Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.

debian: CVE-2022-3520 was patched at unknown date

debian: CVE-2022-35205 was patched at unknown date

ubuntu: CVE-2022-3520 was patched at 2023-10-09

ubuntu: CVE-2022-35205 was patched at 2023-10-04

48. Denial of Service - GNU C Library (CVE-2023-4527) - Medium [377]

Description: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

debian: CVE-2023-4527 was patched at unknown date

oraclelinux: CVE-2023-4527 was patched at 2023-10-10, 2023-10-12

almalinux: CVE-2023-4527 was patched at 2023-10-05

redhat: CVE-2023-4527 was patched at 2023-10-05

ubuntu: CVE-2023-4527 was patched at 2023-10-03

49. Denial of Service - GNU C Library (CVE-2023-4806) - Medium [377]

Description: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

debian: CVE-2023-4806 was patched at unknown date

oraclelinux: CVE-2023-4806 was patched at 2023-10-10, 2023-10-12

almalinux: CVE-2023-4806 was patched at 2023-10-05

redhat: CVE-2023-4806 was patched at 2023-10-05

50. Security Feature Bypass - Chromium (CVE-2023-5478) - Medium [377]

Description: Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2023-5478 was patched at 2023-10-12, unknown date

51. Security Feature Bypass - Chromium (CVE-2023-5485) - Medium [377]

Description: Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2023-5485 was patched at 2023-10-12, unknown date

52. Memory Corruption - FreeRDP (CVE-2023-40186) - Medium [373]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian: CVE-2023-40186 was patched at unknown date

ubuntu: CVE-2023-40186 was patched at 2023-10-04

53. Memory Corruption - FreeRDP (CVE-2023-40569) - Medium [373]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.

debian: CVE-2023-40569 was patched at unknown date

ubuntu: CVE-2023-40569 was patched at 2023-10-04

54. Elevation of Privilege - Intel Ethernet Controller RDMA driver for linux (CVE-2023-25775) - Medium [372]

Description: Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

debian: CVE-2023-25775 was patched at unknown date

ubuntu: CVE-2023-25775 was patched at 2023-10-04

55. Memory Corruption - Mozilla Firefox (CVE-2023-5170) - Medium [371]

Description: In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

ubuntu: CVE-2023-5170 was patched at 2023-10-03

56. Denial of Service - FreeRDP (CVE-2023-39353) - Medium [367]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39353 was patched at unknown date

ubuntu: CVE-2023-39353 was patched at 2023-10-04

57. Denial of Service - FreeRDP (CVE-2023-40181) - Medium [367]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian: CVE-2023-40181 was patched at unknown date

ubuntu: CVE-2023-40181 was patched at 2023-10-04

58. Open Redirect - Apache Tomcat (CVE-2023-41080) - Medium [366]

Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.

debian: CVE-2023-41080 was patched at 2023-10-10, unknown date

59. Memory Corruption - Linux Kernel (CVE-2023-4623) - Medium [364]

Description: A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

debian: CVE-2023-4623 was patched at unknown date

ubuntu: CVE-2023-4623 was patched at 2023-10-04, 2023-10-19, 2023-10-20, 2023-10-23, 2023-10-24, 2023-10-25, 2023-10-26, 2023-10-30, 2023-10-31

60. Code Injection - HTTP/1 Client (CVE-2023-29406) - Medium [363]

Description: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

debian: CVE-2023-29406 was patched at unknown date

redhat: CVE-2023-29406 was patched at 2023-10-16, 2023-10-20

61. Denial of Service - FFmpeg (CVE-2020-22024) - Medium [360]

Description: Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 function in libavfilter/vf_lagfun.c, which could let a remote malicious user cause Denial of Service.

debian: CVE-2020-22024 was patched at unknown date

ubuntu: CVE-2020-22024 was patched at 2023-10-12

62. Denial of Service - FFmpeg (CVE-2020-22039) - Medium [360]

Description: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function.

debian: CVE-2020-22039 was patched at unknown date

ubuntu: CVE-2020-22039 was patched at 2023-10-12

63. Denial of Service - FFmpeg (CVE-2020-22043) - Medium [360]

Description: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c.

debian: CVE-2020-22043 was patched at unknown date

ubuntu: CVE-2020-22043 was patched at 2023-10-12

64. Denial of Service - FFmpeg (CVE-2020-22051) - Medium [360]

Description: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c.

debian: CVE-2020-22051 was patched at unknown date

ubuntu: CVE-2020-22051 was patched at 2023-10-12

65. Denial of Service - MariaDB (CVE-2023-5157) - Medium [360]

Description: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

debian: CVE-2023-5157 was patched at unknown date

oraclelinux: CVE-2023-5157 was patched at 2023-10-13, 2023-10-18

almalinux: CVE-2023-5157 was patched at 2023-10-12

redhat: CVE-2023-5157 was patched at 2023-10-12

66. Security Feature Bypass - Logstash (CVE-2021-22138) - Medium [360]

Description: In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data.

redos: CVE-2021-22138 was patched at 2023-09-28

67. Memory Corruption - Mozilla Firefox (CVE-2023-5169) - Medium [359]

Description: A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

debian: CVE-2023-5169 was patched at 2023-09-28, 2023-10-03, unknown date

oraclelinux: CVE-2023-5169 was patched at 2023-10-05, 2023-10-06, 2023-10-13

almalinux: CVE-2023-5169 was patched at 2023-10-04

redhat: CVE-2023-5169 was patched at 2023-10-04, 2023-10-05

ubuntu: CVE-2023-5169 was patched at 2023-10-03

68. Memory Corruption - Mozilla Firefox (CVE-2023-5171) - Medium [359]

Description: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

debian: CVE-2023-5171 was patched at 2023-09-28, 2023-10-03, unknown date

oraclelinux: CVE-2023-5171 was patched at 2023-10-05, 2023-10-06, 2023-10-13

almalinux: CVE-2023-5171 was patched at 2023-10-04

redhat: CVE-2023-5171 was patched at 2023-10-04, 2023-10-05

ubuntu: CVE-2023-5171 was patched at 2023-10-03

69. Memory Corruption - Mozilla Firefox (CVE-2023-5173) - Medium [359]

Description: In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.

ubuntu: CVE-2023-5173 was patched at 2023-10-03

70. Memory Corruption - Netty (CVE-2023-34462) - Medium [359]

Description: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.

debian: CVE-2023-34462 was patched at unknown date

redhat: CVE-2023-34462 was patched at 2023-10-06

71. Denial of Service - Linux Kernel (CVE-2023-28327) - Medium [358]

Description: A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.

debian: CVE-2023-28327 was patched at unknown date

redhat: CVE-2023-28327 was patched at 2023-10-10

72. Code Injection - Bouncy Castle (CVE-2023-33201) - Medium [356]

Description: Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

debian: CVE-2023-33201 was patched at unknown date

redhat: CVE-2023-33201 was patched at 2023-10-06

73. Command Injection - Jetty (CVE-2023-40167) - Medium [356]

Description: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.

debian: CVE-2023-40167 was patched at 2023-09-28, unknown date

74. Denial of Service - Eclipse Mosquitto (CVE-2021-41039) - Medium [355]

Description: In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.

debian: CVE-2021-41039 was patched at 2023-10-01, unknown date

75. Denial of Service - FreeRDP (CVE-2023-39350) - Medium [355]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39350 was patched at unknown date

ubuntu: CVE-2023-39350 was patched at 2023-10-04

76. Denial of Service - FreeRDP (CVE-2023-40589) - Medium [355]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian: CVE-2023-40589 was patched at unknown date

ubuntu: CVE-2023-40589 was patched at 2023-10-04

77. Denial of Service - GNU C Library (CVE-2023-4813) - Medium [353]

Description: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

debian: CVE-2023-4813 was patched at unknown date

oraclelinux: CVE-2023-4813 was patched at 2023-10-10, 2023-10-12

almalinux: CVE-2023-4813 was patched at 2023-10-05

redhat: CVE-2023-4813 was patched at 2023-10-05

78. Security Feature Bypass - Chromium (CVE-2023-5477) - Medium [353]

Description: Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)

debian: CVE-2023-5477 was patched at 2023-10-12, unknown date

79. Security Feature Bypass - OpenPMIx (CVE-2023-41915) - Medium [353]

Description: OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

debian: CVE-2023-41915 was patched at 2023-11-04, unknown date

ubuntu: CVE-2023-41915 was patched at 2023-10-17

80. Authentication Bypass - Python (CVE-2023-40217) - Medium [352]

Description: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

debian: CVE-2023-40217 was patched at unknown date

oraclelinux: CVE-2023-40217 was patched at 2023-10-13, 2023-10-17, 2023-10-24, 2023-10-25

almalinux: CVE-2023-40217 was patched at 2023-10-05, 2023-10-23

redhat: CVE-2023-40217 was patched at 2023-10-05, 2023-10-09, 2023-10-23, 2023-10-24, 2023-11-02

81. Memory Corruption - tough-cookie (CVE-2023-26136) - Medium [352]

Description: Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

debian: CVE-2023-26136 was patched at unknown date

redhat: CVE-2023-26136 was patched at 2023-10-06

82. Denial of Service - Go Project (CVE-2023-39325) - Medium [351]

Description: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

debian: CVE-2023-39325 was patched at unknown date

oraclelinux: CVE-2023-39325 was patched at 2023-10-18, 2023-10-20

almalinux: CVE-2023-39325 was patched at 2023-10-16, 2023-10-18, 2023-10-24

redhat: CVE-2023-39325 was patched at 2023-10-16, 2023-10-17, 2023-10-18, 2023-10-20, 2023-10-23, 2023-10-24, 2023-10-31

83. Memory Corruption - FreeRDP (CVE-2023-40188) - Medium [350]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

debian: CVE-2023-40188 was patched at unknown date

ubuntu: CVE-2023-40188 was patched at 2023-10-04

84. Code Injection - Curl (CVE-2023-38546) - Medium [349]

Description: This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.

debian: CVE-2023-38546 was patched at 2023-10-11, unknown date

oraclelinux: CVE-2023-38546 was patched at 2023-10-18

almalinux: CVE-2023-38546 was patched at 2023-10-17

redhat: CVE-2023-38546 was patched at 2023-10-13, 2023-10-17, 2023-11-02

ubuntu: CVE-2023-38546 was patched at 2023-10-11, 2023-10-17

redos: CVE-2023-38546 was patched at 2023-10-16

85. Denial of Service - MediaWiki (CVE-2023-45363) - Medium [348]

Description: An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

debian: CVE-2023-45363 was patched at 2023-10-10, unknown date

86. Security Feature Bypass - MediaWiki (CVE-2023-45364) - Medium [348]

Description: An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.

debian: CVE-2023-45364 was patched at 2023-10-10, unknown date

87. Memory Corruption - Chromium (CVE-2023-5473) - Medium [347]

Description: Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

debian: CVE-2023-5473 was patched at 2023-10-12, unknown date

88. Denial of Service - Linux Kernel (CVE-2023-37453) - Medium [346]

Description: An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.

debian: CVE-2023-37453 was patched at unknown date

ubuntu: CVE-2023-37453 was patched at 2023-10-04

89. Elevation of Privilege - Linux Kernel (CVE-2023-42753) - Medium [346]

Description: An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

debian: CVE-2023-42753 was patched at unknown date

oraclelinux: CVE-2023-42753 was patched at 2023-09-22, 2023-09-23, 2023-10-10, 2023-10-13, 2023-10-17

ubuntu: CVE-2023-42753 was patched at 2023-10-04, 2023-10-19, 2023-10-20, 2023-10-23, 2023-10-24, 2023-10-25, 2023-10-26, 2023-10-30, 2023-10-31

90. Memory Corruption - FRRouting (CVE-2023-41360) - Medium [345]

Description: An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.

debian: CVE-2023-41360 was patched at unknown date

ubuntu: CVE-2023-41360 was patched at 2023-10-17, 2023-10-18

91. Command Injection - Jetty (CVE-2023-36479) - Medium [344]

Description: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.

debian: CVE-2023-36479 was patched at 2023-09-28, unknown date

92. Denial of Service - FreeRDP (CVE-2023-39351) - Medium [344]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39351 was patched at unknown date

ubuntu: CVE-2023-39351 was patched at 2023-10-04

93. Denial of Service - FreeRDP (CVE-2023-39354) - Medium [344]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-39354 was patched at unknown date

ubuntu: CVE-2023-39354 was patched at 2023-10-04

94. Denial of Service - Nokogiri (CVE-2022-23476) - Medium [344]

Description: Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

debian: CVE-2022-23476 was patched at unknown date

redos: CVE-2022-23476 was patched at 2023-10-03

95. Information Disclosure - Apache Tomcat (CVE-2023-42795) - Medium [342]

Description: Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

debian: CVE-2023-42795 was patched at 2023-10-10, unknown date

redhat: CVE-2023-42795 was patched at 2023-10-31

96. Memory Corruption - vim (CVE-2022-3491) - Medium [342]

Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.