Browse, filter by detection status, or search by CVE to get
visibility into upcoming and new detections (QIDs) for all
severities.
Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.
Detection Status
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the apache portable runtime 1.6.3 release (cve-2017-12613). The fix for this issue was not carried forward to the apr 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. ( ( CVE-2021-35940) integer overflow or wraparound vulnerability in apr_base64 functions of apache portable runtime utility (apr-util) allows an attacker to write beyond bounds of a buffer. This issue affects apache portable runtime utility (apr-util) 1.6.1 and prior versions. ( ( CVE-2022-24963)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2023-2023-016 for affected packages and patching details, or update with your package manager.
all versions of samba prior to 4.13.16 are vulnerable to a malicious client using an smb1 or nfs race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that smb1 has to be enabled, or the share also available via nfs in order for this attack to succeed. ( ( CVE-2021-43566) samba ad users with permission to write to an account can impersonate arbitrary services (cve-2022-0336) in samba, gnutls gnutls_rnd() can fail and give predictable random values. ( ( CVE-2022-1615) a flaw was found in samba. Some smb1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). ( ( CVE-2022-32742) samba does not validate the validated-dns-host-name right for the dnshostname attribute which could permit unprivileged users to write it. ( ( CVE-2022-32743) a flaw was found in the samba ad ldap server. The ad dc database audit logging module can access ldap message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as useraccountcontrol. ( ( CVE-2022-32746) a heap-based buffer overflow vulnerability was found in samba within the gssapi unwrap_des() and unwrap_des3() routines of heimdal. The des and triple-des decryption routines in the heimdal gssapi library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2023-2023-032 for affected packages and patching details, or update with your package manager.
A vulnerability classified as problematic has been found in uikit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component xml handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is vdb-221499. ( ( CVE-2015-10082)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2067 for affected packages and patching details, or update with your package manager.
SUSE has released a security update for curl to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2225-1 for updates and patch information.
An issue was discovered in squid before 4.9. When handling a urn request, a corresponding http request is made. This http request doesn't go through the access checks that incoming http requests go through. This causes all access checks to be bypassed and allows access to restricted http servers, e.g., an attacker can connect to http servers that only listen on localhost. ( ( CVE-2019-12523) an issue was discovered in squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in denial of service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted uri scheme. ( ( CVE-2019-18676)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2065 for affected packages and patching details, or update with your package manager.
A highly-available key value store for shared configuration..Security Fix(es):
information discosure via debug function (cve-2021-28235). Html/template: improper handling of javascript whitespace.
<H2></H2>
Red Hat openstack for ibm power 16.2 ppc64le. Red hat openstack 16.2 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3445 for updates and patch information.
A highly-available key value store for shared configuration..Security Fix(es):
information discosure via debug function (cve-2021-28235). Key name can be accessed via leasetimetolive api (cve-2023-32082).
<H2></H2>
Red Hat openstack 17 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3441 for updates and patch information.
A highly-available key value store for shared configuration..Security Fix(es):
information discosure via debug function (cve-2021-28235). Golang.org/x/net/http2: avoid quadratic complexity in hpack decoding.
<H2></H2>
Red Hat openstack for ibm power 16.1 ppc64le. Red hat openstack 16.1 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3447 for updates and patch information.
BM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.
IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack.
Affected Version:
IBM MQ 8.0, 9.0, 9.1, 9.2
QID Detection Logic: (Authenticated)
Operating System: Windows
It checks for vulnerable IBM MQ versions.
Operating System: Linux
The QID runs the command "/opt/mqm/bin/dspmqver -v | grep -A3 '^Name'" and "/usr/mqm/bin/dspmqver -v | grep -A3 '^Name'" (for AIX only) to see if the system is running a vulnerable version of IBM MQ or not.
Consequence
A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Solution
Please refer to advisory IBM MQ 6613021 for further information.
The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. .. Security fix(es):
cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64. Red hat codeready linux builder for x86_64 - extended update support 8.6 x86_64. Red hat codeready linux builder for power, little endian - extended update support 8.6 ppc64le. Red hat codeready linux builder for ibm z systems - extended update support 8.6 s390x. Red hat codeready linux builder for arm 64 - extended update support 8.6 aarch64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3426 for updates and patch information.
The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. .. Security fix(es):
cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
<H2></H2>
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64. Red hat enterprise linux server - aus 8.8 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for ibm z systems - extended update support 8.8 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le. Red hat enterprise linux server - tus 8.8 x86_64. Red hat enterprise linux for arm 64 8 aarch64. Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64. Red hat codeready linux builder for x86_64 8 x86_64. Red hat codeready linux builder for power, little endian 8 ppc64le. Red hat codeready linux builder for arm 64 8 aarch64. Red hat codeready linux builder for ibm z systems 8 s390x. Red hat enterprise linux for arm 64 - extended update support 8.8 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le. Red hat codeready linux builder for x86_64 - extended update support 8.8 x86_64. Red hat codeready linux builder for power, little endian - extended update support 8.8 ppc64le. Red hat codeready linux builder for ibm z systems - extended update support 8.8 s390x. Red hat codeready linux builder for arm 64 - extended update support 8.8 aarch64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3425 for updates and patch information.
The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. .. Security fix(es):
cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64. Red hat enterprise linux for ibm z systems - extended update support 9.0 s390x. Red hat enterprise linux for power, little endian - extended update support 9.0 ppc64le. Red hat enterprise linux for arm 64 - extended update support 9.0 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 9.0 x86_64. Red hat codeready linux builder for x86_64 - extended update support 9.0 x86_64. Red hat codeready linux builder for power, little endian - extended update support 9.0 ppc64le. Red hat codeready linux builder for ibm z systems - extended update support 9.0 s390x. Red hat codeready linux builder for arm 64 - extended update support 9.0 aarch64. Red hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64. Red hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3424 for updates and patch information.
The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. .. Security fix(es):
cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64. Red hat codeready linux builder for x86_64 - extended update support 8.4 x86_64. Red hat codeready linux builder for power, little endian - extended update support 8.4 ppc64le. Red hat codeready linux builder for ibm z systems - extended update support 8.4 s390x. Red hat codeready linux builder for arm 64 - extended update support 8.4 aarch64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3427 for updates and patch information.
Oracle Enterprise Linux has released a security update for cups-filters to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for cups-filters to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.
Mozilla Firefox is prone to
CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
CVE-2023-34415: Site-isolation bypass on sites that allow open redirects to data: urls
CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
CVE-2023-34417: Memory safety bugs fixed in Firefox 114
Affected Products:
Prior to Firefox 114
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Vendor has released fix to address these vulnerabilities. Refer to MFSA2023-20 or later
Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.
Mozilla Firefox ESR is prone to
CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
Affected Products:
Prior to Firefox ESR 102.12
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Vendor has released fix to address these vulnerabilities. Refer to MFSA2023-19 or later
Chrome has released security updates for Windows, Mac, and Linux to fix the vulnerabilities.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Chrome security advisory 114.0.5735.106 for updates and patch information.
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. ( ( CVE-2023-32205) the mozilla foundation security advisory describes this flaw as: an out-of-bound read could have led to a crash in the rlbox expat driver. ( ( CVE-2023-32206) the mozilla foundation security advisory describes this flaw as: a missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. ( ( CVE-2023-32207) the mozilla foundation security advisory describes this flaw as: a type checking bug would have led to invalid code being compiled. ( ( CVE-2023-32211) the mozilla foundation security advisory describes this flaw as: an attacker could have positioned a `datalist` element to obscure the address bar. ( ( CVE-2023-32212) the mozilla foundation security advisory describes this flaw as: when reading a file, an uninitialized value could have been used as read limit. ( ( CVE-2023-32213) mozilla developers and community members reported memory safety bugs present in firefox 112 and firefox esr 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ( ( CVE-2023-32215)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2051 for affected packages and patching details, or update with your package manager.
Oracle Enterprise Linux has released a security update for webkit2gtk3 to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for webkit2gtk3 to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
a null pointer dereference flaw was found in the floppy disk emulator of qemu. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the qemu process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. ( ( CVE-2021-20196) a use-after-free flaw was found in the megaraid emulator of qemu. This issue occurs while processing scsi i/o requests in the case of an error mptsas_free_request() that does not dequeue the request object req from a pending requests queue. Versions between 2.10.0 and 5.2.0 are potentially affected. ( ( CVE-2021-3392) a flaw was found in the usb redirector device (usb-redir) of qemu. Small usb packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (vla) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the qemu process to perform an excessive allocation on the stack, resulting in a denial of service. ( ( CVE-2021-3527) an off-by-one error was found in the scsi device emulation in qemu. It could occur while processing mode select commands in mode_sense_page() if the page argument was set to mode_page_alls (0x3f). A malicious guest could use this flaw to potentially crash qemu, resulting in a denial of service condition. ( ( CVE-2021-3930) a flaw was found in the qxl display device emulation in qemu.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2061 for affected packages and patching details, or update with your package manager.
In the linux kernel through 6.3.1, a use-after-free in netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. ( ( CVE-2023-32233)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2050 for affected packages and patching details, or update with your package manager.
The kernel packages contain the linux kernel, the core of any linux operating system...Security Fix(es):
kernel: net/ulp: use-after-free in listening ulp sockets (cve-2023-0461). Kernel: udmabuf: improper validation of array index leading to local privilege escalation (cve-2023-2008). Kernel: use-after-free in netfilter nf_tables when processing batch requests can lead to privilege escalation (cve-2023-32233).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64. Red hat enterprise linux for ibm z systems - extended update support 9.0 s390x. Red hat enterprise linux for power, little endian - extended update support 9.0 ppc64le. Red hat enterprise linux for arm 64 - extended update support 9.0 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 9.0 x86_64. Red hat codeready linux builder for x86_64 - extended update support 9.0 x86_64. Red hat codeready linux builder for power, little endian - extended update support 9.0 ppc64le. Red hat codeready linux builder for ibm z systems - extended update support 9.0 s390x. Red hat codeready linux builder for arm 64 - extended update support 9.0 aarch64. Red hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64. Red hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3465 for updates and patch information.
Incorrect http request header comparison in squid http proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in collapsed forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. ( ( CVE-2016-10003)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2066 for affected packages and patching details, or update with your package manager.
An issue was discovered in squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, squid and the default certificate validation helper are vulnerable to a denial of service when opening a tls connection to an attacker-controlled server for https. This occurs because unrecognized error values are mapped to null, but later code expects that each error value is mapped to a valid error string. ( ( CVE-2020-14058)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2063 for affected packages and patching details, or update with your package manager.
Pax_decode_header in sparse.c in gnu tar before 1.32 had a null pointer dereference when parsing certain archives that have malformed extended headers. ( ( CVE-2019-9923)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2064 for affected packages and patching details, or update with your package manager.
An infinite recursion is triggered in jettison when constructing a jsonarray from a collection that contains a self-reference in one of its elements. This leads to a stackoverflowerror exception being thrown. ( ( CVE-2023-1436)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2053 for affected packages and patching details, or update with your package manager.
An issue was discovered in squid before 4.10. Due to incorrect input validation, the ntlm authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the squid process also terminating and a denial of service for all clients using the proxy. ( ( CVE-2020-8517)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2062 for affected packages and patching details, or update with your package manager.
get_sort_by_table in mariadb before 10.6.2 allows an application crash via certain subquery uses of order by. ( ( CVE-2021-46657) mariadb before 10.7.2 allows an application crash because it does not recognize that select_lex::nest_level is local to each view. ( ( CVE-2021-46659) mariadb through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (cte). ( ( CVE-2021-46661) mariadb through 10.5.13 allows a ha_maria::extra application crash via certain select statements. ( ( CVE-2021-46663) mariadb before 10.6.2 allows an application crash because of mishandling of a pushdown from a having clause to a where clause. ( ( CVE-2021-46666) an integer overflow vulnerability was found in mariadb, where an invalid size of ref_pointer_array is allocated. This issue results in a denial of service. ( ( CVE-2021-46667) mariadb through 10.5.9 allows an application crash via certain long select distinct statements that improperly interact with storage-engine resource limitations for temporary data structures. ( ( CVE-2021-46668) an issue in the component my_decimal::operator= of mariadb server v10.6.3 and below was discovered to allow attackers to cause a denial of service (dos) via specially crafted sql statements. ( ( CVE-2022-27380) an issue in the component item_subselect::init_expr_cache_tracker of mariadb server v10.6 and below was discovered to allow attackers to cause a denial of service (dos) via specially crafted sql statements. ( ( CVE-2022-27384) mariadb server before 10.7 is vulnerable to denial of service. ( CVE-2022-31624)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2057 for affected packages and patching details, or update with your package manager.
Flask is called a micro-framework because the idea to keep the core.simple but extensible. There is no database abstraction layer, no form.validation or anything else where different libraries already exist that.can handle that. However flask knows the concept of extensions that can add.this functionality into your application as if it was implemented in flask.itself. There are currently extensions for object relational mappers, form.validation, upload handling, various open authentication technologies and.more...Security Fix(es):
possible disclosure of permanent session cookie due to missing vary:.
Affected Products:
Red Hat openstack 17 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3440 for updates and patch information.
Flask is called a micro-framework because the idea to keep the core.simple but extensible. There is no database abstraction layer, no form.validation or anything else where different libraries already exist that.can handle that. However flask knows the concept of extensions that can add.this functionality into your application as if it was implemented in flask.itself. There are currently extensions for object relational mappers, form.validation, upload handling, various open authentication technologies and.more...Security Fix(es):
possible disclosure of permanent session cookie due to missing vary:.
Affected Products:
Red Hat openstack for ibm power 16.2 ppc64le. Red hat openstack 16.2 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3444 for updates and patch information.
Flask is called a micro-framework because the idea to keep the core.simple but extensible. There is no database abstraction layer, no form.validation or anything else where different libraries already exist that.can handle that. However flask knows the concept of extensions that can add.this functionality into your application as if it was implemented in flask.itself. There are currently extensions for object relational mappers, form.validation, upload handling, various open authentication technologies and.more...Security Fix(es):
possible disclosure of permanent session cookie due to missing vary:.
Affected Products:
Red Hat openstack for ibm power 16.1 ppc64le. Red hat openstack 16.1 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3446 for updates and patch information.
Html/template: improper sanitization of css values angle brackets (<>) were not considered dangerous characters when inserted into css contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the css context and allowing for injection of unexpected hmtl, if executed with untrusted input. ( ( CVE-2023-24539)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2052 for affected packages and patching details, or update with your package manager.
The fix for bug( CVE-2020-9484 introduced a time of check, time of use vulnerability into apache tomcat 10.1.0-m1 to 10.1.0-m8, 10.0.0-m5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the tomcat process is using. This issue is only exploitable when tomcat is configured to persist sessions using the filestore. ( ( CVE-2022-23181)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2023-2023-059 for affected packages and patching details, or update with your package manager.
An identity spoofing vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service.
Affected Versions:
IBM Spectrum Protect Operations Center 8.1.0.000-8.1.15.xxx
IBM Spectrum Protect Client Management Service 8.1.0.000-8.1.15.xxx
QID Detection Logic(Authenticated): This checks for vulnerable versions of IBM Spectrum Protect Operations Center
Consequence
Successful exploitation could lead to Identity spoofing by an authenticated user using a specially crafted request.
Solution
Vendor has released updated version to address this issue. Refer to 6621141 for details.
Gnu emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news...Security Fix(es):
emacs: command injection vulnerability in htmlfontify.el (cve-2022-48339).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux desktop 7 x86_64. Red hat enterprise linux for ibm z systems 7 s390x. Red hat enterprise linux for power, big endian 7 ppc64. Red hat enterprise linux for scientific computing 7 x86_64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3481 for updates and patch information.
IBM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.
protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data.
Affected Version:
IBM MQ 9.2, 9.3
QID Detection Logic: (Authenticated)
Operating System: Linux
The QID runs the command "/opt/mqm/bin/dspmqver -v | grep -A3 '^Name' to see if the system is running a vulnerable version of IBM MQ or not.
Consequence
By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses.
Solution
Please refer to advisory IBM MQ 6853381 for further information.
Ghost is a free and open source blogging platform, a headless Node.js CMS designed to simplify the process of online publishing for individual bloggers as well as online publications.
Affected versions of Ghost allows remote attackers to read arbitrary files within the active theme's folder via "/assets/built%2F..%2F..%2F/" directory traversal. This vulnerability occurs in "frontend/web/middleware/static-theme.js".
Affected Products:
Ghost prior to version 5.42.1
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to "assets/built%2F..%2F..%2F/package.jsons" endpoint and based on the response determines if the target application is vulnerable.
Consequence
Successful exploitation of this vulnerability could allow remote attackers to read sensitive files within the target application.
Solution
Customers are advised to upgrade to latest version of Ghost to remediate this vulnerability. For more information please refer GitHub Security Advisory
Insufficient granularity of access control in out-of-band management in some intel(r) atom and intel xeon scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. ( ( CVE-2022-21216) incorrect calculation in microcode keying mechanism for some 3rd generation intel(r) xeon(r) scalable processors may allow a privileged user to potentially enable information disclosure via local access. ( ( CVE-2022-33972) improper isolation of shared resources in some intel(r) processors when using intel(r) software guard extensions may allow a privileged user to potentially enable information disclosure via local access. ( ( CVE-2022-38090)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2056 for affected packages and patching details, or update with your package manager.
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in tiffclose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. ( ( CVE-2022-2521)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2055 for affected packages and patching details, or update with your package manager.
An infinite loop flaw was found in the e1000 nic emulator of the qemu. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume cpu cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. ( ( CVE-2021-20257)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2060 for affected packages and patching details, or update with your package manager.
Oracle Enterprise Linux has released a security update for python-pip to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
There is a vulnerability in the RESTEasy library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 or restfulWS-3.1 is enabled. This has been addressed in the remediation section.
Affected Versions:
WebSphere Application Server Liberty Version 21.0.0.12 - 23.0.0.3
QID Detection Logic:(Authenticated) It reads the fix xml file and WebSphereApplicationServer.properties to detect the vulnerable version. and it also checks for fixpack version.
Consequence
An authenticated attacker could exploit this vulnerability to gain elevated privileges
Solution
Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix 6982895
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a fuse filesystem. This flaw allows an unprivileged local attacker to unmount fuse filesystems that belong to certain other users who have a uid that is a prefix of the uid of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. ( ( CVE-2021-3995) a logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a fuse filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. ( CVE-2021-3996) a flaw was found in the linux kernel's util-linux chfn and chsh utilities when compiled with readline support. The readline library uses an inputrc environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. ( ( CVE-2022-0563)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2023-2023-024 for affected packages and patching details, or update with your package manager.
An out-of-bounds write vulnerability was found in libflak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause local information disclosure. ( ( CVE-2021-0561)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2023-2023-008 for affected packages and patching details, or update with your package manager.
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. ( ( CVE-2021-3800)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2058 for affected packages and patching details, or update with your package manager.
A heap-based buffer overflow flaw was found in the fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the fribidi application with the --caprtl option, leading to a crash and causing a denial of service. ( ( CVE-2022-25309)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2054 for affected packages and patching details, or update with your package manager.
IBM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.
IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.
Affected Products:
IBM MQ 9.1,9.2,9.3
QID Detection Logic: (Authenticated)
Operating System: Windows
It checks for vulnerable IBM MQ versions.
Operating System: Linux
The QID runs the command "/opt/mqm/bin/dspmqver -v | grep -A3 '^Name'" and "/usr/mqm/bin/dspmqver -v | grep -A3 '^Name'" (for AIX only) to see if the system is running a vulnerable version of IBM MQ or not.
Consequence
This vulnerability allows the attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.
Solution
Please refer to advisory IBM MQ 6853379 for further information.
In apache commons io before 2.7, when invoking the method filenameutils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. ( ( CVE-2021-29425)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2-2023-2059 for affected packages and patching details, or update with your package manager.
Red hat jboss core services is a set of supplementary software for Red Hat jboss middleware products. This software, such as apache http server, is common to multiple jboss middleware products, and is packaged under Red Hat jboss core services to allow for faster distribution of updates, and for a more consistent update experience...Security Fix(es):
apr-util: out-of-bounds writes in the apr_base64 (cve-2022-25147). Curl: hsts bypass via idn (cve-2022-43551). Curl: http proxy deny use-after-free (cve-2022-43552). Curl: hsts ignored on multiple requests (cve-2023-23914). Curl: hsts amnesia with --parallel (cve-2023-23915). Curl: http multi-header compression denial of service (cve-2023-23916). Httpd: mod_dav: out-of-bounds read/write of zero byte (cve-2006-20001). Httpd: http request splitting with mod_rewrite and mod_proxy (cve-2023-25690). Openssl: timing attack in rsa decryption implementation (cve-2022-4304). Openssl: double free after calling pem_read_bio_ex (cve-2022-4450). Openssl: use-after-free following bio_new_ndef (cve-2023-0215). Openssl: x.400 address type confusion in x.509 generalname (cve-2023-0286).
Affected Products:
Red Hat jboss core services 1 for rhel 8 x86_64. Red hat jboss core services 1 for rhel 7 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3354 for updates and patch information.
Webkitgtk is the port of the portable web rendering engine webkit to the gtk platform...Security Fix(es):
webkitgtk: a use-after-free when processing maliciously crafted web content (cve-2023-32373). Webkitgtk: an out-of-bounds read when processing malicious content (cve-2023-28204).
<H2></H2>
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64. Red hat enterprise linux server - aus 8.8 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for ibm z systems - extended update support 8.8 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le. Red hat enterprise linux server - tus 8.8 x86_64. Red hat enterprise linux for arm 64 8 aarch64. Red hat enterprise linux for arm 64 - extended update support 8.8 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3433 for updates and patch information.
Webkitgtk is the port of the portable web rendering engine webkit to the gtk platform...Security Fix(es):
webkitgtk: a use-after-free when processing maliciously crafted web content (cve-2023-32373). Webkitgtk: an out-of-bounds read when processing malicious content (cve-2023-28204).
<H2></H2>
Red Hat enterprise linux for x86_64 9 x86_64. Red hat enterprise linux for x86_64 - extended update support 9.2 x86_64. Red hat enterprise linux server - aus 9.2 x86_64. Red hat enterprise linux for ibm z systems 9 s390x. Red hat enterprise linux for ibm z systems - extended update support 9.2 s390x. Red hat enterprise linux for power, little endian 9 ppc64le. Red hat enterprise linux for power, little endian - extended update support 9.2 ppc64le. Red hat enterprise linux for arm 64 9 aarch64. Red hat enterprise linux for arm 64 - extended update support 9.2 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 9.2 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 9.2 x86_64. Red hat enterprise linux server for arm 64 - 4 years of updates 9.2 aarch64. Red hat enterprise linux server for ibm z systems - 4 years of updates 9.2 s390x.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3432 for updates and patch information.
NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure.
Affected versions:
GeForce All versions prior to 531.41 on R510 and
GeForce All versions prior to 474.30 on R470 Driver Branch
Studio All drivers on R530 and R525 Driver Branch
NVIDIA RTX/Quadro, NVS All driver versions prior to 474.30 on R470 Driver Branch
NVIDIA RTX/Quadro, NVS All driver versions prior to 531.41 on R530 Driver Branch
NVIDIA RTX/Quadro, NVS All driver versions prior to 528.89 on R525 Driver Branch
NVIDIA RTX/Quadro, NVS All driver versions prior to 518.03 on R515 Driver Branch
Tesla All driver versions on R525 Driver Branch
Tesla All driver versions prior to 473.30 on R470 Driver Branch
Tesla All driver versions prior to 454.14 on R450 Driver Branch
Tesla All driver versions prior to 518.03 on R515 Driver Branch
QID detection logic (authenticated):
The QID checks for vulnerable versions of nvcpl.dll.
Consequence
Successful exploitation of these vulnerabilities may impact confidentiality,integrity and availability
Solution
Customers are advised to refer NVIDIA Security Bulletin for more information related to these vulnerabilities.
This is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel...Security Fix(es):
kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (cve-2022-3564). Kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (cve-2022-4378).
<H2></H2>
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3431 for updates and patch information.
An insecure redirect vulnerability in Workspace ONE Access and Identity Manager was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.
QID Detection Logic (Authenticated):
This QID checks for vulnerable versions of VMware Identity Manager and VMware Workspace ONE Access with build version on the target and checks for the presence of patch.
Consequence
An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
Solution
VMware has released patches for these vulnerabilities.
This QID find out the BIOS version on GNU / Linux operating systems.
Dmidecode will inform us about the hardware of our system as described in the BIOS, according to the SMBIOS / DMI standard. The firmware, also known as BIOS , Dmidecode does not scan hardware, it only reports what the BIOS responds to.
Please make sure dmidecode installed on your system.
Consequence
NA
Solution
NA
—
QID: 45574
Test Only-Microsoft Edge Installed Extensions
Severity
Minimal1
Qualys ID
45574
CVSS Scores
Base / Temporal
Description
Microsoft Edge is a Web browser developed and released by Microsoft. Extensions are small software programs that can modify and enhance the functionality of the Edge browser. The result section lists the installed Edge extensions.
This is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel...Security Fix(es):
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (cve-2023-32233).
Affected Products:
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64. Red hat enterprise linux server - aus 8.8 x86_64. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le. Red hat enterprise linux server - tus 8.8 x86_64. Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3351 for updates and patch information.
The kernel packages contain the linux kernel, the core of any linux operating system...Security Fix(es):
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (cve-2023-32233).
Affected Products:
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64. Red hat enterprise linux server - aus 8.8 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for ibm z systems - extended update support 8.8 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le. Red hat enterprise linux server - tus 8.8 x86_64. Red hat enterprise linux for arm 64 8 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64. Red hat codeready linux builder for x86_64 8 x86_64. Red hat codeready linux builder for power, little endian 8 ppc64le. Red hat codeready linux builder for arm 64 8 aarch64. Red hat enterprise linux for arm 64 - extended update support 8.8 aarch64. Red hat codeready linux builder for x86_64 - extended update support 8.8 x86_64. Red hat codeready linux builder for power, little endian - extended update support 8.8 ppc64le. Red hat codeready linux builder for arm 64 - extended update support 8.8 aarch64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3349 for updates and patch information.
The apache portable runtime (apr) is a portability library used by the apache http server and other projects. " Apr-util" is a library which provides additional utility interfaces for apr; including support for xml parsing, ldap, database interfaces, uri parsing, and more..Security Fix(es):
apr-util: out-of-bounds writes in the apr_base64 (cve-2022-25147).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3360 for updates and patch information.
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c
Affected Versions:
9.x prior to 9.2.27
10.x prior to 10.2.16
11.x prior to 11.2.5
QID Detection Logic :
This QID retrieves Skyhigh Web Gateway version and checks to see if it's vulnerable.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Customers are advised to update to updated versions
11.2.5 and
10.2.16 and
9.2.27
IBM WebSphere Application Server is vulnerable to cross-site scripting.
Affected Versions:
WebSphere Application Server Version 9.0.0.0 through 9.0.5.15
WebSphere Application Server Version 8.5.0.0 through 8.5.5.23
QID Detection Logic:(Authenticated) It reads the fix xml file and WebSphereApplicationServer.properties to detect the vulnerable version and also checks for fix pack version.
Consequence
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Report All Data From Sudoers file on Linux/Unix Machines.
QID Detection Logic for Machines running Linux/Unix:
This authenticated QID reads data from the file "/etc/sudoers" and display all data in it's result section.
Consequence
NA
Solution
NA
—
QID: 45572
Microsoft Windows User account control information
Severity
Minimal1
Qualys ID
45572
CVSS Scores
Base / Temporal
Description
User information
Consequence
N/A
Solution
N/A
CVE-2023-27492+
QID: 355316
Amazon Linux Security Advisory for ecs-service-connect-agent : ALAS2ECS-2023-003
envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass json web token (jwt) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the url used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue. ( ( CVE-2023-27487) envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-utf-8 data was received, envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. ` character. ( CVE-2023-27496)
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2ECS-2023-003 for affected packages and patching details, or update with your package manager.
containerd is an open source container runtime. A bug was found in containerds cri implementation where a user can exhaust memory on the host. In the cri stream server, a goroutine is launched to handle terminal resize events if a tty is requested. If the users process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerds cri implementation and the stream server is used for handling container io. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. ( ( CVE-2022-23471) containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an oci image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. ( ( CVE-2023-25153) containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2ECS-2023-002 for affected packages and patching details, or update with your package manager.
A bug was found in containerd where containers launched through containerd's cri implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a kubernetes pod security policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's cri implementation. ( ( CVE-2022-23648) this update includes the latest ecs agent and the latest docker, containerd, and runc versions. The severity is moderate. The packages are grouped in this advisory to indicate that all packages should be applied together to apply security updates and maintain operational stability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS2ECS-2022-001 for affected packages and patching details, or update with your package manager.
The public key infrastructure (pki) core contains fundamental packages required by Red Hat certificate system...Security Fix(es):
pki-core: access to external entities when parsing xml can lead to xxe (cve-2022-2414). Pki-core: when using the caserverkeygen_dirusercert profile, user can get certificates for other uids by entering name in subject field (cve-2022-2393).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3394 for updates and patch information.
In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server.
Affected Versions:
SAP NetWeaver for ABAP Versions - 707, 737, 747, 757
QID Detection Logic(s):
Scan initiates HTTP request on Web Server and determines version based on the Server Header.
Consequence
Successful exploitation of these vulnerabilities may may lead to a high impact on the availability and integrity of the application.
Solution
Customers are advised to follow the SAP NetWeaver ABAP for remediation instructions.
IBM Db2 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.
Affected Versions:
IBM DB2 10.5 prior to version V10.5 FP11
IBM DB2 11.1 prior to version V11.1.4 FP7
IBM DB2 11.5 prior to version V11.5.7
IBM DB2 11.5.8000 prior to version V11.5.8000.317
QID Detection Logic:
Authenticated (DB2):
This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.
Authenticated (Windows):
This QID checks for vulnerable versions of DB2 on windows OS
Consequence
Successful exploitation of the vulnerability may allow attacker to run remote code execution
Solution
Please refer to the following links 6985691
Please refer to the following links 6985677
Juniper Junos is the network operating system used in Juniper Networks hardware systems.
An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through.
This issue affects:
All versions prior to 19.1R3-S10
19.2 versions prior to 19.2R3-S7
19.3 versions prior to 19.3R3-S8
19.4 versions prior to 19.4R3-S11
20.1 version 20.1R1 and later versions prior to 20.2R3-S7
20.3 version 20.3R1 and later versions prior to 20.4R3-S6
21.1 versions prior to 21.1R3-S5
21.2 versions prior to 21.2R3-S4
21.3 versions prior to 21.3R3-S3
21.4 versions prior to 21.4R3-S3
22.1 versions prior to 22.1R3-S1
22.2 versions prior to 22.2R2-S1, 22.2R3
22.3 versions prior to 22.3R1-S2, 22.3R2
NOTE:
Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series
QID detection logic: (Authenticated)
It checks for vulnerable Junos OS version.
Consequence
Successful exploitation of this vulnerability may allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through.
Solution
The following software releases have been updated to resolve this specific issue For more information please visit JSA70592
Fedora has released a security update for openssl to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for texlive to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for python3.6 to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities. QID Detection Logic: (Authenticated). It checks package versions to check for the vulnerable packages.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Fedora has released a security update for webkitgtk to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Oracle Enterprise Linux has released a security update for kernel security and bug fix update to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for qemu to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for virt:kvm_utils2 to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for olcne to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
WordPress Plugin WP Data Access Create professional responsive data tables within minutes.
Due to a lack of authorization checks on the multiple_roles_update function and authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update.
Affected versions:
WP Data Access versions prior to 5.3.8
QID Detection Logic :
This unauthenticated detection depends on the BlindElephant engine to detect the vulnerable version of the WP Data Access WordPress plugin.
Consequence
Successful exploitation of this vulnerability may allow an authenticated attackers with minimal permissions to modify their user role by supplying the 'wpda_role[]' parameter during a profile update.
Solution
Customers are advised to upgrade to WP Data Access 5.3.8 or later version to remediate this vulnerability.
SUSE has released a security update for imagemagick to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2345-1 for updates and patch information.
SUSE has released a security update for cups to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2346-1 for updates and patch information.
SUSE has released a security update for cups to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2347-1 for updates and patch information.
SUSE has released a security update for openssl-1_1 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2343-1 for updates and patch information.
SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2288-1 for updates and patch information.
Fedora has released a security update for edk2 to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for wordpress to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for editorconfig to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for bitcoin to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Oracle Enterprise Linux has released a security update for pcs to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software
Affected Versions:
GitLab affecting all versions before 15.8.2
GitLab affecting all versions before 15.7.7
GitLab EE affecting all versions 15.6.8
QID Detection Logic:(Authenticated)
It fires gitlab-rake gitlab:env:info command to check vulnerable version of GitLab.
Consequence
Successful exploitation of the vulnerability may lead to remote code and other multiple execution.
Solution
The vendor has released a patch for these vulnerabilities. For more information, please visit GitLab advisory
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device.
CVE-2023-20171 : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to delete arbitrary files on an affected device.
CVE-2023-20106: A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.
CVE-2023-20172: A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid Administrator-level privileges on the affected device.
Note: These vulnerabilities can be exploited only by valid and authorized users of the Cisco ISE system. As a best practice, customers can restrict console access and admin web access. To configure the access restrictions, choose Administration > System > Admin Access > Settings > Access > IP Access.
Affected Versions:
from 3.1 prior to 3.1P6
from 3.2 prior to 3.2P2
QID Detection Logic (Authenticated): The check matches the Cisco ISE version and ise_patch retrieved via Unix Auth using "show version" command.
Consequence
A successful exploit could allow the attacker to delete arbitrary files on an affected device
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
Affected Versions:
from 3.2 prior to 3.2P2
QID Detection Logic (Authenticated): The check matches the Cisco ISE version and ise_patch retrieved via Unix Auth using "show version" command.
Consequence
A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.
Advanced Custom Fields (ACF) is a powerful and popular WordPress plugin. With ACF, users can easily create custom fields, add metadata, and manipulate data, allowing for more complex and customizable websites.
The plugin has been found to have a vulnerability that can potentially allow Reflected Cross-Site Scripting (XSS) attacks. The vulnerability is caused by insufficient input sanitization and output escaping of the 'post_status' parameter. If successfully exploited, attackers can inject arbitrary web scripts that execute when a user performs a specific action, such as clicking on a malicious link. It is important to note that this vulnerability can be exploited without authentication, making it particularly dangerous for WordPress site owners.
Affected versions:
Advanced Custom Fields plugin versions 6.1.5 and below
QID Detection Logic :
This unauthenticated detection depends on the BlindElephant engine to detect the vulnerable version of the Advanced Custom Fields WordPress plugin.
Consequence
Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.
IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability.
Affected Versions:
WebSphere Application Server Version 9.0.0.0 through 9.0.5.15
WebSphere Application Server Version 8.5.0.0 through 8.5.5.23
QID Detection Logic:(Authenticated) It reads the fix xml file and WebSphereApplicationServer.properties to detect the vulnerable version and also checks for fix pack version.
Consequence
This vulnerability allow a remote attacker to exploit this vulnerability to expose sensitive information or consume memory resources.
Solution
Upgrade to minimal fix pack levels6989451 or Apply Fix Pack 9.0.5.16 or later for 9.0 versions and 8.5.5.24 or later for 8.5 versions.
IBM Db2 is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers.
Affected Versions:
IBM DB2 11.5 prior to version V11.5.7
IBM DB2 11.5 prior to version V11.5.8
Note: the configurations cannot be checked hence potential detection
QID Detection Logic:
Authenticated (DB2):
This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.
Authenticated (Windows):
This QID checks for vulnerable versions of DB2 on windows OS
Consequence
Successful exploitation may lead to denial of service
Vulnerabilities in OpenSSL could allow a remote attacker to cause a buffer overflow (CVE-2022-3602), cause a denial of service (CVE-2022-3786), or obtain sensitive information (CVE-2022-3358). OpenSSL is used by AIX as part of AIX's secure network communications.
Affected Platform: AIX 7.3.1
QID Detection Logic (Authenticated):
The detection checks for installed packages version via command lslpp -L | grep -i openssl.base. It also checks for interim fixes installed The detection posts vulnerable if installed package version is less than patched version and interim fixes are also not installed.
Consequence
Successful exploitation of vulnerability may lead to arbritrary code execution, denial of service and information disclosure
MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch. It allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.
Affected Versions:
MOVEit Transfer 2023.0.x versions prior to 2023.0.1
MOVEit Transfer 2022.1.x versions prior to 2022.1.5
MOVEit Transfer 2022.0.x versions prior to 2022.0.4
MOVEit Transfer 2021.1.x versions prior to 2021.1.4
MOVEit Transfer 2021.0.x versions prior to 2021.0.6
QID Detection Logic: (Authenticated)
This QID checks file version of SysStat.exe to check the vulnerable version of the product.
Consequence
Successful exploitation of this vulnerability could lead to privilege escalation and potential unauthorized access to the MOVEit environment.
Solution
Customers are advised to refer to the article 000234532 for more information regarding the vulnerability and its related patches and workarounds.
The kernel packages contain the linux kernel, the core of any linux operating system...Security Fix(es):
kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (cve-2022-3564). Kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (cve-2022-4378). Kernel: unmap_mapping_range() race with munmap() on vm_pfnmap mappings leads to stale tlb entry (cve-2022-39188). Kernel: use-after-free related to leaf anon_vma double reuse (cve-2022-42703).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat virtualization host 4 for rhel 8 x86_64. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64. Red hat codeready linux builder for x86_64 - extended update support 8.6 x86_64. Red hat codeready linux builder for power, little endian - extended update support 8.6 ppc64le. Red hat codeready linux builder for arm 64 - extended update support 8.6 aarch64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3388 for updates and patch information.
Qatzip is a user space library which builds on top of the intel quickassist technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request(s) to the intel chipset series. Qatzip produces data using the standard gzip* format (rfc1952) with extended headers. The data can be decompressed with a compliant gzip* implementation. Qatzip is designed to take full advantage of the performance provided by intel quickassist technology...Security Fix(es):
qatzip: local privilege escalation (cve-2022-36369).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64. Red hat codeready linux builder for x86_64 - extended update support 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3397 for updates and patch information.
Openssl is a toolkit that implements the secure sockets layer (ssl) and transport layer security (tls) protocols, as well as a full-strength general-purpose cryptography library...Security Fix(es):
openssl: timing attack in rsa decryption implementation (cve-2022-4304). Openssl: double free after calling pem_read_bio_ex (cve-2022-4450). Openssl: use-after-free following bio_new_ndef (cve-2023-0215).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3408 for updates and patch information.
The pcs packages provide a command-line configuration system for the pacemaker and corosync utilities...Security Fix(es):
rubygem-rack: denial of service in multipart mime parsing (cve-2023-27530). Rubygem-rack: denial of service in header parsing (cve-2023-27539).
Affected Products:
Red Hat enterprise linux high availability for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux resilient storage for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux resilient storage for ibm power le - extended update support 8.6 ppc64le. Red hat enterprise linux high availability (for ibm power le) - extended update support 8.6 ppc64le. Red hat enterprise linux high availability for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux high availability for x86_64 - update services for sap solutions 8.6 x86_64. Red hat enterprise linux high availability (for ibm z systems) - extended update support 8.6 s390x. Red hat enterprise linux high availability (for arm 64) - extended update support 8.6 aarch64. Red hat enterprise linux resilient storage for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux high availability for x86_64 - telecommunications update service 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3403 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for tidy to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for strongswan to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2324-1 for updates and patch information.
SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2325-1 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for openvswitch to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for ncurses to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for advancecomp to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for dmidecode to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for advancecomp to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for fluent-bit to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for ncurses to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for fluent-bit to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for freetype to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for ruby to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for freetype to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
SUSE has released a security update for tomcat to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2318-1 for updates and patch information.
SUSE has released a security update for openssl-1_1 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2328-1 for updates and patch information.
SUSE has released a security update for compat-openssl098 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2329-1 for updates and patch information.
SUSE has released a security update for openssl-1_0_0 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2330-1 for updates and patch information.
SUSE has released a security update for openssl-1_0_0 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2331-1 for updates and patch information.
SUSE has released a security update for c-ares to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2313-1 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for podman to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
golang: crypto/tls: large handshake records may cause panics (cve-2022-41724)
Affected Products:
Red Hat openshift container platform 4.13 for rhel 9 x86_64
Red Hat openshift container platform 4.13 for rhel 8 x86_64
Red Hat openshift container platform for power 4.13 for rhel 9 ppc64le
Red Hat openshift container platform for power 4.13 for rhel 8 ppc64le
Red Hat openshift container platform for ibm z and linuxone 4.13 for rhel 9 s390x
Red Hat openshift container platform for ibm z and linuxone 4.13 for rhel 8 s390x
Red Hat openshift container platform for arm 64 4.13 for rhel 9 aarch64
Red Hat openshift container platform for arm 64 4.13 for rhel 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3303 for updates and patch information.
Red hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments...Security Fix(es):
golang: crypto/tls: large handshake records may cause panics (cve-2022-41724).
Affected Products:
Red Hat openshift container platform 4.13 for rhel 9 x86_64. Red hat openshift container platform 4.13 for rhel 8 x86_64. Red hat openshift container platform for power 4.13 for rhel 9 ppc64le. Red hat openshift container platform for power 4.13 for rhel 8 ppc64le. Red hat openshift container platform for ibm z and linuxone 4.13 for rhel 9 s390x. Red hat openshift container platform for ibm z and linuxone 4.13 for rhel 8 s390x. Red hat openshift container platform for arm 64 4.13 for rhel 9 aarch64. Red hat openshift container platform for arm 64 4.13 for rhel 8 aarch64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3303 for updates and patch information.
The gnutls packages provide the gnu transport layer security (gnutls) library, which implements cryptographic algorithms and protocols such as ssl, tls, and dtls...Security Fix(es):
gnutls: timing side-channel in the tls rsa key exchange code (cve-2023-0361).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2023:3361 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for qt5-qtsvg to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for redis to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for redis to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for redis to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
SUSE has released a security update for tiff to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise (Desktop|Server) 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2023:2321-1 for updates and patch information.
An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.
An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
Affected Versions:
WebSphere Application Server 8.5.0.0 through 8.5.5.23
QID Detection Logic (Authenticated):
This QID checks for the vulnerable version of IBM WebSphere Application Server and checks if the patches are installed or not.
Consequence
Successful exploitation could allow denial of service resulting in a low integrity impact using unknown attack vectors
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for rust to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.
CVE-2022-40710: A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations.
CVE-2022-40707 through 2022-40709: Out-of-bounds read vulnerabilities in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations.
Affected versions:
Versions 20 of the Trend Micro Deep Security Agent for Windows only.
QID Detection Logic(Authenticated):
This QID checks for vulnerable version of Trend Micro Deep Security Agent by checking the file version
Consequence
On successful exploitation the attacker may be able to elevate the privileges impacting confidentiality, integrity, and availability.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for golang to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
According to Node.js Released page Node.js v0.12.x is no longer supported from 2016-12-31 and will not be getting regular patches.
QID Detection: (Authenticated) - Linux
This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version.
Also, it checks the node.js version by checking the node binary for the underlying version.
Consequence
The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.
Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
According to Node.js Released page Node.js 17.x is no longer supported from 2022-06-01 and will not be getting regular patches.
QID Detection: (Authenticated) - Linux
This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version.
Also, it checks the node.js version by checking the node binary for the underlying version.
Consequence
The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.
Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
According to Node.js Released page Node.js 15.x is no longer supported from 2021-06-01 and will not be getting regular patches.
QID Detection: (Authenticated) - Linux
This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version.
Also, it checks the node.js version by checking the node binary for the underlying version.
Consequence
The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.
Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
According to Node.js Released page Node.js v0.10.x is no longer supported from 2016-10-31 and will not be getting regular patches.
QID Detection: (Authenticated) - Linux
This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version.
Also, it checks the node.js version by checking the node binary for the underlying version.
Consequence
The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.
Chrome has released security updates for Windows, Mac, and Linux to fix the vulnerabilities.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Chrome security advisory 114.0.5735.90 for updates and patch information.
An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.
Affected Versions:
FortiOS version 7.2.0 through 7.2.1
FortiOS version 7.0.0 through 7.0.7
FortiOS version 6.4.0 through 6.4.9
FortiOS version 6.2 through 6.2.12
QID Detection Logic (UnAuthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow Improper access control.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-255
A relative path traversal vulnerability [CWE-23] in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.
Affected Versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
QID Detection Logic (unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable OS may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-401
Fortinet FortiOS versions is vulnerable to path traversal vulnerability.
Affected Versions:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.12
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-363
An improper neutralization of special elements used in an OS command (OS Command Injection) vulnerability [CWE-78] in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
Affected Products
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.4.0 through 6.4.8
FortiOS version 6.2.0 through 6.2.10
FortiOS version 7.0.0 through 7.0.3
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnose system CLI commands
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-242
Dell has released an advisory to address CVE-2020-8741 and CVE-2021-0110
CVE-2020-8741: Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-0110: Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers may allow unauthenticated user to potentially enable denial of service via local access.
Affected Products:
Dell Latitude 5420 Prior to Driver Version 1.41.1193.0
Note: This QID only covers Dell Latitude 5420 Model
QID Detection Logic :
This QID checks if Vulnerable version of driver installed on windows system.
Consequence
Successful exploitation may allow an authenticated user to potentially enable escalation of privilege via local access.
Solution
Customers are recommended to update bios firmware. Refer to dsa-2021-237 for driver updates.
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.
Affected Products:
FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.6
FortiOS version 6.4.0 through 6.4.9
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable versions of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-363
Fedora has released a security update for python2.7 to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
An improper certificate validation vulnerability in FortiOS may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS )
Affected Versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.7
FortiOS version 6.4 all versions
FortiOS version 6.2 all versions
FortiOS version 6.0 all versions
QID Detection Logic (unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of this vulnerability may allow an authenticated attacker may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS )
Solution
Fortinet has released a patch addressing the vulnerability. For more information please refer to FG-IR-22-257
A buffer copy without checking size of input may allow a privileged attacker to execute arbitrary code or command via crafted CLI operations with the TFTP protocol.
Affected Products:
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.5
QID Detection Logic(UnAuthenticated):
QID checks the vulnerable version
Consequence
It may allow a privileged attacker to execute unauthorized arbitrary code or commands via crafted CLI.
Solution
Customers are advised to refer to FG-IR-21-206 for more information.
Multiple improper sanitization of user input during web page generation leads to Cross-site Scripting vulnerabilities in FortiOS administrative interface.
Affected Versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
QID Detection Logic (NoAuth):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-363
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiOS may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.
Affected Versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiOS version 6.4.0 through 6.4.12
FortiOS 6.2 all versions
QID Detection Logic (NoAuth):
Detection checks for vulnerable version of FortiOS.
Consequence
A Brute force attack allows attacker to obtain private user information such as usernames, passwords, passphrases, or Personal Identification Numbers (PINs).
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-444
A format string vulnerability [CWE-134] in the command line interpreter of FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Affected Products:
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.2
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-235
An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
Affected Products:
FortiOS version 7.0.0
FortiOS versions 6.4.6 and below
FortiOS versions 6.2.9 and below
FortiOS versions 6.0.12 and below
FortiOS versions 5.6.x
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.6 and below
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-20-131
A cleartext storage in a file or on disk vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials.
Affected Products:
FortiOS 6.2.0 to 6.2.2, 6.0.9 and below
QID Detection Logic (No Auth) :
Detection checks for vulnerable version of FortiOS.
Consequence
To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first.
Solution
Vendor has released fix to address these vulnerabilities. Upgrade to FortiOS versions 6.0.10 or 6.2.3 or above Refer to FG-IR-19-217 for further details.
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.
Affected Versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS 6.2 all versions
FortiOS 6.0 all versions
QID Detection Logic (No Auth):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable versions of FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-369
Fedora has released a security update for microcode_ctl to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
Affected Products:
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.2
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-179
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Affected Products:
FortiOS version 7.0.1 and below
FortiOS version 6.4.6 and below
FortiOS version 6.2.9 and below
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-074
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
Affected Products:
FortiOS version 7.0.3 and below
FortiOS version 6.4.8 and below
FortiOS version 6.2.10 and below
FortiOS version 6.0.14 to 6.0.0
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-230
An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
QID Detection Logic (Authenticated):
Detection checks for vulnerable versions of FortiOS.
Consequence
Vulnerable version may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-18-292
An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
Affected Products:
FortiOS version 6.2.0 through 6.2.10
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-147
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiOS and FortiProxy sslvpnd may allow an authenticated attacker to redirect users to any arbitrary website via a crafted URL.
Affected Versions:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.12
FortiOS all versions 6.2, 6.0
QID Detection Logic (No Auth):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an Execute unauthorized code or commands.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-479
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers.
Affected Versions:
FortiOS version 7.2.0 through 7.2.2
FortiOS version 7.0.0 through 7.0.8
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
QID Detection Logic (unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-362
An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
Affected Products:
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-239
A server-generated error message containing sensitive information vulnerability [CWE-550] in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
Affected Products:
FortiOS version 7.0.3 and below
FortiOS version 6.4.9 and below
FortiOS version 6.2.10 and below
FortiOS version 6.0.14 and below
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow a malicious web server to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-231
An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
Affected Products:
FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.8
FortiOS version 6.2.0 through 6.2.11
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-22-036
An improper privilege management vulnerability in FortiOS and FortiProxy may allow an administrator that has access to the admin profile section to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands.
Affected Versions:
FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.7
FortiOS 6.4 all versions
FortiOS 6.2 all versions
FortiOS 6.0 all versions
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of this vulnerability may cause Escalation of Privilege
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-346
A improper neutralization of input during web page generation (cross-site scripting) [CWE-79] in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages.
Affected Versions:
FortiOS version 7.0.0 through 7.0.3
FortiOS version 6.4.0 through 6.4.9
FortiOS version 6.2.2 through 6.2.12
FortiOS version 6.0.7 through 6.0.15
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-21-248
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
Affected Versions:
FortiOS versions 7.0.3 and below
FortiOS versions 6.4.8 and below
FortiOS 6.2 all versions
FortiOS 6.0 all versions
QID Detection Logic (Unauthenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Successful exploitation of the vulnerability may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
Solution
Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-21-126
AIX is vulnerable to security restrictions bypass due to curl (CVE-2022-32221).
Affected Platform: AIX 7.3 TL1 (Technology level 1)
QID Detection Logic (Authenticated):
The detection checks for installed packages version via command lslpp -L | grep -i oss.lib.libcurl. It also checks for interim fixes installed The detection posts vulnerable if installed package version is less than patched version and interim fixes are also not installed.
Consequence
Vulnerability in cURL libcurl could allow a remote attacker to bypass security restriction and impacts integrity and availability
Solution
The vendor has released fixes to curl_advisory this vulnerability.
Fedora has released a security update for bottles to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Autodesk is a global leader in design and make technology that serves customers across the architecture, engineering, construction, design, manufacturing, and entertainment industries.
Affected versions:
Autodesk Installer version 1.29.0.90 or late up to 1.39.0.215
QID Detection Logic:(Authenticated)
It checks for Installer.exe file version to check the vulnerable version of Autodesk Installer.
Consequence
Successful exploit would directly impact the confidentiality, integrity or availability
IBM WebSphere Application Server is vulnerable to spoofing vulnerability.
Affected Versions:
WebSphere Application Server V9.0.0.0 through 9.0.5.12
WebSphere Application Server V8.5.0.0 through 8.5.5.21
WebSphere Application Server V8.0.0.0 through 8.0.0.15
WebSphere Application Server V7.0.0.0 through 7.0.0.45
QID Detection Logic (Authenticated):
This QID checks for the vulnerable version of IBM WebSphere Application Server and checks if the patches are installed or not.
Consequence
Successful exploitation could allow spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.
Juniper Junos is the network operating system used in Juniper Networks hardware systems.
Multiple NTP vulnerabilities have been resolved in Juniper Networks Junos OS and Junos OS Evolved by updating third party software where vulnerabilities were found during external security research.
Affected Junos versions:
Juniper Networks Junos OS
12.3 versions prior to 12.3R12-S15 on EX Series
12.3X48 versions prior to 12.3X48-D95 on SRX Series
14.1X53 versions prior to 14.1X53-D53
15.1 versions prior to 15.1R7-S6 on EX Series
15.1X49 versions prior to 15.1X49-D190 on SRX Series
16.1 versions prior to 16.1R7-S6
16.2 versions prior to 16.2R3
17.1 versions prior to 17.1R2-S11, 17.1R3-S1
17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3
17.3 versions prior to 17.3R2-S5, 17.3R3-S6
17.4 versions prior to 17.4R2-S7, 17.4R3
18.1 versions prior to 18.1R3-S8
18.2 versions prior to 18.2R2-S7, 18.2R3-S1
18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3
18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3
19.1 versions prior to 19.1R1-S3, 19.1R2
19.2 versions prior to 19.2R1-S1, 19.2R2
QID detection logic: (Authenticated)
It checks for vulnerable Junos OS version.
Note: This QID does not checks for only affected versions hence set to practice.
Consequence
Successful exploitation of these vulnerabilities could lead to addition or modification of data, or Denial of Service (DoS).
kpatch is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kpatch aims to maximize the system uptime and availability.
QID Detection Logic (Authenticated)(Alibaba Cloud Linux):
This QID will check the Fixed CVEs post kpatch applied by executing command- livepatch-mgr list --installed --running.
QID Detection Logic (Authenticated)(Suse Linux):
This QID will detect livepatch, kernel-livepatch versions, fixed CVEs ,bug fixes and enhancements ID post live patch applied.
This QID will execute command for Linux enterprise server prior to 15 - " kgr -v patches"
This QID will execute command for Linux enterprise server 15 and later- " klp -v patches"
QID Detection Logic(Authenticated):(RHEL Linux)
Detection logic will check Loaded patch and Installed patch modules details be executing command "kpatch list" and fixed CVEs details post kpatch applied by executing command "rpm -qf --changelog $(kpatch info $(kpatch list | grep enabled | cut -d' ' -f1) | grep filename | sed -e 's/^filename: *//' -e 's/var/usr/') | grep --color=never CVE".
NOTE: This QID will check kpatch for only RHEL, SUSE and Alibaba cloud Linux.
Consequence
NA
Solution
NA
CVE-2023-2255+
QID: 181810
Debian Security Update for libreoffice (DSA 5415-1)
A regression exists in the linux kernel within kvm: nvmx that allowed for speculative execution attacks. L2 can carry out spectre v2 attacks on l1 due to l1 thinking it doesn't need retpolines or ibpb after running l2 due to kvm (l0) advertising eibrs support to l1. An attacker at l2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to kernel 6.2 or past commit 2e7eab81425a (cve-2022-2196) in the linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. ( ( CVE-2023-26545)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2023-127 for affected packages and patching details, or update with your package manager.
Kernel: type confusion in pick_next_rt_entity(), which can result in memory corruption. ( ( CVE-2023-1077) a flaw use after free in the linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. ( ( CVE-2023-1118)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2023-138 for affected packages and patching details, or update with your package manager.
Mariadb v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. ( ( CVE-2022-32091) in mariadb before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. ( ( CVE-2022-38791) mariadb server before 10.3.34 thru 10.9.3 is vulnerable to denial of service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. ( ( CVE-2022-47015)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2023-155 for affected packages and patching details, or update with your package manager.
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. ( ( CVE-2023-27320)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2023-135 for affected packages and patching details, or update with your package manager.
OpenSUSE has released a security update for opera to fix the vulnerabilities.
Affected Products: openSUSE Leap 15.4:NonFree
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to openSUSE security advisory openSUSE-SU-2023:0114-1 for updates and patch information.
Fedora has released a security update for libssh to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for c to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Oracle Enterprise Linux has released a security update for istio to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Fedora has released a security update for rust to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for python3.11 to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Fedora has released a security update for python to fix the vulnerabilities.
Affected OS: Fedora 37
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 37 for updates and patch information.
Oracle Enterprise Linux has released a security update for go-toolset:ol8 to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for go-toolset and golang to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
The target does not have Solaris 11.4 SRU 52.132.2 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.
QID Detection Logic (Authenticated): This QID lists installed patch to check if the patches are missing.
NOTE: Revision 3: Published on 2022-12-20
Consequence
Exploitation could allow an attacker to compromise a vulnerable system.
Oracle Enterprise Linux has released a security update for istio to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for olcne to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information: