ISHACK AI BOT

Microsoft CVE-2023-36730: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 10/10/2023 Description Microsoft CVE-2023-36730: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5029377-fd074a69-e548-45af-ba86-86fefdfca81b-x64 msft-kb5029378-21fe36a7-1967-4c3a-bd71-b28b30b7aab4-x64 msft-kb5029379-4d85ef76-8ec7-468f-a36e-87904a0a3f2f-x64 msft-kb5029503-2b61f20c-c789-42dd-a46b-3804c0ccda06-x64 References https://attackerkb.com/topics/cve-2023-36730 CVE - 2023-36730 5029377 5029378 5029379 5029503

Microsoft Windows: CVE-2023-41765: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-41765 CVE - 2023-41765 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-41773: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-41773 CVE - 2023-41773 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-41770: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-41770 CVE - 2023-41770 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Huawei EulerOS: CVE-2023-43785: libX11 security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-libx11 References https://attackerkb.com/topics/cve-2023-43785 CVE - 2023-43785 EulerOS-SA-2023-3277

Huawei EulerOS: CVE-2023-43788: libXpm security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-libxpm References https://attackerkb.com/topics/cve-2023-43788 CVE - 2023-43788 EulerOS-SA-2023-3279

Adobe Photoshop: CVE-2023-26370: Security updates available for Adobe Photoshop (APSB23-51) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/10/2023 Created 04/29/2024 Added 03/04/2024 Modified 12/18/2024 Description Adobe has released an update for Photoshop for Windows and macOS. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution. Solution(s) adobe-photoshop-upgrade-latest References https://attackerkb.com/topics/cve-2023-26370 CVE - 2023-26370 https://helpx.adobe.com/security/products/photoshop/apsb23-51.html

Huawei EulerOS: CVE-2023-44487: nghttp2 security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) huawei-euleros-2_0_sp11-upgrade-libnghttp2 References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 EulerOS-SA-2023-3282

Fortinet FortiOS: Unspecified Security Vulnerability (CVE-2023-37935) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/10/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. Solution(s) fortios-upgrade-latest References https://attackerkb.com/topics/cve-2023-37935 CVE - 2023-37935 https://fortiguard.com/psirt/FG-IR-23-120

Huawei EulerOS: CVE-2023-45648: tomcat security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/10/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-tomcat huawei-euleros-2_0_sp8-upgrade-tomcat-admin-webapps huawei-euleros-2_0_sp8-upgrade-tomcat-el-3.0-api huawei-euleros-2_0_sp8-upgrade-tomcat-jsp-2.3-api huawei-euleros-2_0_sp8-upgrade-tomcat-lib huawei-euleros-2_0_sp8-upgrade-tomcat-servlet-4.0-api References https://attackerkb.com/topics/cve-2023-45648 CVE - 2023-45648 EulerOS-SA-2024-1305

Microsoft Windows: CVE-2023-36573: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36573 CVE - 2023-36573 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Microsoft Windows: CVE-2023-36579: Microsoft Message Queuing Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 09/06/2024 Description Microsoft Message Queuing Denial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5031377 microsoft-windows-windows_10-1607-kb5031362 microsoft-windows-windows_10-1809-kb5031361 microsoft-windows-windows_10-21h2-kb5031356 microsoft-windows-windows_10-22h2-kb5031356 microsoft-windows-windows_11-21h2-kb5031358 microsoft-windows-windows_11-22h2-kb5031354 microsoft-windows-windows_server_2012-kb5031427 microsoft-windows-windows_server_2012_r2-kb5031407 microsoft-windows-windows_server_2016-1607-kb5031362 microsoft-windows-windows_server_2019-1809-kb5031361 microsoft-windows-windows_server_2022-21h2-kb5031364 microsoft-windows-windows_server_2022-22h2-kb5031364 msft-kb5031411-6ff09e07-29d8-4561-a6a3-72286549d09e msft-kb5031411-ae877d0e-9c3e-4875-b882-770428331f79 msft-kb5031441-05f3d465-ad6d-4abd-bde5-91142eeedb50 References https://attackerkb.com/topics/cve-2023-36579 CVE - 2023-36579 https://support.microsoft.com/help/5031354 https://support.microsoft.com/help/5031356 https://support.microsoft.com/help/5031358 https://support.microsoft.com/help/5031361 https://support.microsoft.com/help/5031362 https://support.microsoft.com/help/5031364 https://support.microsoft.com/help/5031377 https://support.microsoft.com/help/5031407 https://support.microsoft.com/help/5031419 https://support.microsoft.com/help/5031427 View more

Alma Linux: CVE-2023-43785: Moderate: libX11 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) alma-upgrade-libx11 alma-upgrade-libx11-common alma-upgrade-libx11-devel alma-upgrade-libx11-xcb References https://attackerkb.com/topics/cve-2023-43785 CVE - 2023-43785 https://errata.almalinux.org/8/ALSA-2024-2973.html https://errata.almalinux.org/9/ALSA-2024-2145.html

VMware Photon OS: CVE-2023-44487 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487

VMware Photon OS: CVE-2023-43786 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-43786 CVE - 2023-43786

Huawei EulerOS: CVE-2023-42795: tomcat security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/10/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-tomcat huawei-euleros-2_0_sp8-upgrade-tomcat-admin-webapps huawei-euleros-2_0_sp8-upgrade-tomcat-el-3.0-api huawei-euleros-2_0_sp8-upgrade-tomcat-jsp-2.3-api huawei-euleros-2_0_sp8-upgrade-tomcat-lib huawei-euleros-2_0_sp8-upgrade-tomcat-servlet-4.0-api References https://attackerkb.com/topics/cve-2023-42795 CVE - 2023-42795 EulerOS-SA-2024-1305

Huawei EulerOS: CVE-2023-43786: libXpm security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) huawei-euleros-2_0_sp8-upgrade-libxpm huawei-euleros-2_0_sp8-upgrade-libxpm-devel References https://attackerkb.com/topics/cve-2023-43786 CVE - 2023-43786 EulerOS-SA-2024-1282

Huawei EulerOS: CVE-2023-43785: libX11 security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) huawei-euleros-2_0_sp8-upgrade-libx11 huawei-euleros-2_0_sp8-upgrade-libx11-common huawei-euleros-2_0_sp8-upgrade-libx11-devel huawei-euleros-2_0_sp8-upgrade-libx11-xcb References https://attackerkb.com/topics/cve-2023-43785 CVE - 2023-43785 EulerOS-SA-2024-1281

Huawei EulerOS: CVE-2023-43787: libXpm security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Solution(s) huawei-euleros-2_0_sp8-upgrade-libxpm huawei-euleros-2_0_sp8-upgrade-libxpm-devel References https://attackerkb.com/topics/cve-2023-43787 CVE - 2023-43787 EulerOS-SA-2024-1282

Alma Linux: CVE-2023-42794: Moderate: tomcat security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) alma-upgrade-tomcat alma-upgrade-tomcat-admin-webapps alma-upgrade-tomcat-docs-webapp alma-upgrade-tomcat-el-3.0-api alma-upgrade-tomcat-jsp-2.3-api alma-upgrade-tomcat-lib alma-upgrade-tomcat-servlet-4.0-api alma-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-42794 CVE - 2023-42794 https://errata.almalinux.org/8/ALSA-2024-0125.html https://errata.almalinux.org/9/ALSA-2024-0474.html

Huawei EulerOS: CVE-2023-43788: libXpm security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/10/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) huawei-euleros-2_0_sp8-upgrade-libxpm huawei-euleros-2_0_sp8-upgrade-libxpm-devel References https://attackerkb.com/topics/cve-2023-43788 CVE - 2023-43788 EulerOS-SA-2024-1282

Alma Linux: CVE-2023-43787: Moderate: libX11 security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/10/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Solution(s) alma-upgrade-libx11 alma-upgrade-libx11-common alma-upgrade-libx11-devel alma-upgrade-libx11-xcb References https://attackerkb.com/topics/cve-2023-43787 CVE - 2023-43787 https://errata.almalinux.org/8/ALSA-2024-2973.html https://errata.almalinux.org/9/ALSA-2024-2145.html

FreeBSD: VID-1EE26D45-6DDB-11EE-9898-00E081B7AA2D (CVE-2023-36478): jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/24/2023 Added 10/19/2023 Modified 01/28/2025 Description Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. Solution(s) freebsd-upgrade-package-jenkins freebsd-upgrade-package-jenkins-lts References CVE-2023-36478

Alma Linux: CVE-2023-43786: Moderate: libX11 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/10/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Solution(s) alma-upgrade-libx11 alma-upgrade-libx11-common alma-upgrade-libx11-devel alma-upgrade-libx11-xcb References https://attackerkb.com/topics/cve-2023-43786 CVE - 2023-43786 https://errata.almalinux.org/8/ALSA-2024-2973.html https://errata.almalinux.org/9/ALSA-2024-2145.html

FreeBSD: VID-7A1B2624-6A89-11EE-AF06-5404A68AD561 (CVE-2023-39325): traefik -- Resource exhaustion by malicious HTTP/2 client Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/10/2023 Created 10/16/2023 Added 10/15/2023 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) freebsd-upgrade-package-traefik References CVE-2023-39325