ISHACK AI BOT

Rocky Linux: CVE-2023-4581: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4581 CVE - 2023-4581 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4583: thunderbird (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4583 CVE - 2023-4583 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4585: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4585 CVE - 2023-4585 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4580: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4580 CVE - 2023-4580 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4578: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4578 CVE - 2023-4578 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4577: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4577 CVE - 2023-4577 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4575: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4575 CVE - 2023-4575 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4573: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4573 CVE - 2023-4573 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-4574: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-4574 CVE - 2023-4574 https://errata.rockylinux.org/RLSA-2023:4952 https://errata.rockylinux.org/RLSA-2023:4954

Rocky Linux: CVE-2023-42467: qemu-kvm (RLSA-2024-2135) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/11/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/28/2025 Description QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. Solution(s) rocky-upgrade-qemu-guest-agent rocky-upgrade-qemu-guest-agent-debuginfo rocky-upgrade-qemu-img rocky-upgrade-qemu-img-debuginfo rocky-upgrade-qemu-kvm rocky-upgrade-qemu-kvm-audio-pa rocky-upgrade-qemu-kvm-audio-pa-debuginfo rocky-upgrade-qemu-kvm-block-blkio rocky-upgrade-qemu-kvm-block-blkio-debuginfo rocky-upgrade-qemu-kvm-block-curl rocky-upgrade-qemu-kvm-block-curl-debuginfo rocky-upgrade-qemu-kvm-block-rbd rocky-upgrade-qemu-kvm-block-rbd-debuginfo rocky-upgrade-qemu-kvm-common rocky-upgrade-qemu-kvm-common-debuginfo rocky-upgrade-qemu-kvm-core rocky-upgrade-qemu-kvm-core-debuginfo rocky-upgrade-qemu-kvm-debuginfo rocky-upgrade-qemu-kvm-debugsource rocky-upgrade-qemu-kvm-device-display-virtio-gpu rocky-upgrade-qemu-kvm-device-display-virtio-gpu-ccw rocky-upgrade-qemu-kvm-device-display-virtio-gpu-ccw-debuginfo rocky-upgrade-qemu-kvm-device-display-virtio-gpu-debuginfo rocky-upgrade-qemu-kvm-device-display-virtio-gpu-pci rocky-upgrade-qemu-kvm-device-display-virtio-gpu-pci-debuginfo rocky-upgrade-qemu-kvm-device-display-virtio-vga rocky-upgrade-qemu-kvm-device-display-virtio-vga-debuginfo rocky-upgrade-qemu-kvm-device-usb-host rocky-upgrade-qemu-kvm-device-usb-host-debuginfo rocky-upgrade-qemu-kvm-device-usb-redirect rocky-upgrade-qemu-kvm-device-usb-redirect-debuginfo rocky-upgrade-qemu-kvm-docs rocky-upgrade-qemu-kvm-tools rocky-upgrade-qemu-kvm-tools-debuginfo rocky-upgrade-qemu-kvm-ui-egl-headless rocky-upgrade-qemu-kvm-ui-egl-headless-debuginfo rocky-upgrade-qemu-kvm-ui-opengl rocky-upgrade-qemu-kvm-ui-opengl-debuginfo rocky-upgrade-qemu-pr-helper rocky-upgrade-qemu-pr-helper-debuginfo References https://attackerkb.com/topics/cve-2023-42467 CVE - 2023-42467 https://errata.rockylinux.org/RLSA-2024:2135

OS X update for Mail (CVE-2023-40440) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/11/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted. Solution(s) apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-40440 CVE - 2023-40440 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844

Debian: CVE-2023-41164: python-django -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. Solution(s) debian-upgrade-python-django References https://attackerkb.com/topics/cve-2023-41164 CVE - 2023-41164 DLA-3558-1

Debian: CVE-2023-42467: qemu -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/11/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. Solution(s) debian-upgrade-qemu References https://attackerkb.com/topics/cve-2023-42467 CVE - 2023-42467

OS X update for FontParser (CVE-2023-41990) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/11/2023 Created 09/11/2023 Added 09/11/2023 Modified 01/28/2025 Description The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_2 References https://attackerkb.com/topics/cve-2023-41990 CVE - 2023-41990 https://support.apple.com/kb/HT213605 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

Amazon Linux AMI 2: CVE-2023-4574: Security patch for firefox (ALASFIREFOX-2023-014) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2023-4574 AL2/ALASFIREFOX-2023-014 CVE - 2023-4574

Amazon Linux AMI 2: CVE-2023-4575: Security patch for firefox (ALASFIREFOX-2023-014) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2023-4575 AL2/ALASFIREFOX-2023-014 CVE - 2023-4575

Microsoft Office: CVE-2023-36762: Microsoft Word Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:P) Published 09/12/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description Microsoft Office: CVE-2023-36762: Microsoft Word Remote Code Execution Vulnerability Solution(s) microsoft-word_2016-kb5002497 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-36762 CVE - 2023-36762 https://support.microsoft.com/help/5002497

SUSE: CVE-2023-4909: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4909 CVE - 2023-4909

Microsoft Edge Chromium: CVE-2023-4906 Insufficient policy enforcement in Autofill Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/18/2023 Added 09/16/2023 Modified 01/28/2025 Description Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4906 CVE - 2023-4906 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4906

Microsoft Edge Chromium: CVE-2023-4905 Inappropriate implementation in Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/18/2023 Added 09/16/2023 Modified 01/28/2025 Description Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4905 CVE - 2023-4905 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4905

FreeBSD: VID-88754D55-521A-11EE-8290-A8A1599412C6 (CVE-2023-4902): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/12/2023 Created 09/14/2023 Added 09/13/2023 Modified 01/28/2025 Description Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4902

Rocky Linux: CVE-2023-36799: .NET-6.0 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/12/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description .NET Core and Visual Studio Denial of Service Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-6.0 rocky-upgrade-aspnetcore-targeting-pack-6.0 rocky-upgrade-dotnet-apphost-pack-6.0 rocky-upgrade-dotnet-apphost-pack-6.0-debuginfo rocky-upgrade-dotnet-hostfxr-6.0 rocky-upgrade-dotnet-hostfxr-6.0-debuginfo rocky-upgrade-dotnet-runtime-6.0 rocky-upgrade-dotnet-runtime-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0 rocky-upgrade-dotnet-sdk-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0-source-built-artifacts rocky-upgrade-dotnet-targeting-pack-6.0 rocky-upgrade-dotnet-templates-6.0 rocky-upgrade-dotnet6.0-debuginfo rocky-upgrade-dotnet6.0-debugsource References https://attackerkb.com/topics/cve-2023-36799 CVE - 2023-36799 https://errata.rockylinux.org/RLSA-2023:5144 https://errata.rockylinux.org/RLSA-2023:6242 https://errata.rockylinux.org/RLSA-2023:6245

Microsoft CVE-2023-36793: Visual Studio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/12/2023 Created 09/13/2023 Added 09/12/2023 Modified 12/12/2023 Description Microsoft CVE-2023-36793: Visual Studio Remote Code Execution Vulnerability Solution(s) msft-kb5029915-542716df-caf5-415e-8c9f-c38085d34259 msft-kb5029919-0e17a3d0-b8fc-4532-9c71-bc2db076cfde msft-kb5029919-84b53a65-a7f5-4a47-a0aa-42527999c1b1 msft-kb5029919-95ddc985-8460-4a29-9aa0-f709247af5a0 msft-kb5029919-fe3f6ce9-d8d5-441a-950d-346e90ab5b61 msft-kb5029920-a426c73a-7524-4c7f-a70d-85667828cd9b msft-kb5029921-3b881985-a34f-4d5a-ad13-86c323c62882 msft-kb5029921-628c531c-67ef-4610-9abe-1aebed19b278 msft-kb5029922-a41d238e-0ec3-4a3a-9774-7a50cb8c1b6a msft-kb5029923-0d6b22fb-3ac1-43ad-bc95-075d978a91d6 msft-kb5029923-2d155da6-4bb5-4a6e-9ee7-1e4df8daba37 msft-kb5029923-84573830-b6cc-474a-bc71-6621688c948a msft-kb5029923-97dd8942-1d6a-4ed4-8215-99bb804e8498 msft-kb5029925-34d51172-a980-4c94-ab76-97236f5f40e1 msft-kb5029925-3a2d3719-6f01-4e23-bea3-99cd4bb7c05c msft-kb5029925-b0e4432a-60a1-4e3c-872a-ba7012bcb442 msft-kb5029926-b08945ff-60f4-4622-8264-b63c6a6b0795 msft-kb5029928-3f086561-149b-44e8-9160-25222875a535 msft-kb5029928-416a429e-74cf-4982-ac66-cb93e0566340 msft-kb5029931-0dd59ec5-53f7-4fed-97fe-8a98982b43c3 msft-kb5029931-98a91386-2063-4fbf-ab09-71c6c8b4c2ce msft-kb5029931-f064c2b5-b2f4-4eba-a69d-c6fd93832ec8 msft-kb5029937-3f3eaa90-4538-49e1-b566-8ae52a2536e6 msft-kb5029937-7e72246e-c756-4dcc-95fa-b4f2f66df33d msft-kb5029938-7ab7a780-4264-47dd-a618-c43acf0da018 msft-kb5030160-18caa5c4-3297-4360-aa15-1892e4ba78d8 msft-kb5030213-8a70d83a-8fb5-4fec-a989-9ca8a6ebd163 msft-kb5030213-d028e1ce-791f-4d9d-b797-dba0788453c4 microsoft-windows-windows_server_2016-1607-kb5030213 msft-kb5030220-bff189a6-b562-4c86-acc5-8f50b2baf18e msft-kb5030220-ec0a57a4-61ea-425d-9135-c4ae102c1cf5 References https://attackerkb.com/topics/cve-2023-36793 CVE - 2023-36793 5029915 5029916 5029917 5029919 5029920 5029921 5029922 5029923 5029924 5029925 5029926 5029928 5029929 5029931 5029932 5029933 5029937 5029938 5030160 5030178 5030179 5030180 5030181 5030182 5030183 5030184 5030185 5030186 5030213 5030220 5030559 5030560 5031217 5032874 5032875 View more

Oracle Linux: CVE-2023-4863: ELSA-2023-5224:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/11/2023 Created 09/20/2023 Added 09/19/2023 Modified 02/11/2025 Description Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) A heap-based buffer flaw was found in the way libwebp, a library used to process &quot;WebP&quot; image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library. Solution(s) oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4863 CVE - 2023-4863 ELSA-2023-5224 ELSA-2023-5200 ELSA-2023-5191 ELSA-2023-5309 ELSA-2023-5184 ELSA-2023-5214 ELSA-2023-5201 ELSA-2023-5197 View more

Amazon Linux AMI 2: CVE-2023-4584: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/11/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-4584 AL2/ALAS-2023-2248 AL2/ALASFIREFOX-2023-014 CVE - 2023-4584