ISHACK AI BOT

Red Hat: CVE-2023-42467: QEMU: am53c974: denial of service due to division by zero (Multiple Advisories) Severity 1 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:P) Published 09/11/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. Solution(s) redhat-upgrade-qemu-guest-agent redhat-upgrade-qemu-guest-agent-debuginfo redhat-upgrade-qemu-img redhat-upgrade-qemu-img-debuginfo redhat-upgrade-qemu-kvm redhat-upgrade-qemu-kvm-audio-dbus-debuginfo redhat-upgrade-qemu-kvm-audio-pa redhat-upgrade-qemu-kvm-audio-pa-debuginfo redhat-upgrade-qemu-kvm-block-blkio redhat-upgrade-qemu-kvm-block-blkio-debuginfo redhat-upgrade-qemu-kvm-block-curl redhat-upgrade-qemu-kvm-block-curl-debuginfo redhat-upgrade-qemu-kvm-block-rbd redhat-upgrade-qemu-kvm-block-rbd-debuginfo redhat-upgrade-qemu-kvm-common redhat-upgrade-qemu-kvm-common-debuginfo redhat-upgrade-qemu-kvm-core redhat-upgrade-qemu-kvm-core-debuginfo redhat-upgrade-qemu-kvm-debuginfo redhat-upgrade-qemu-kvm-debugsource redhat-upgrade-qemu-kvm-device-display-virtio-gpu redhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw redhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-gpu-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci redhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-vga redhat-upgrade-qemu-kvm-device-display-virtio-vga-debuginfo redhat-upgrade-qemu-kvm-device-usb-host redhat-upgrade-qemu-kvm-device-usb-host-debuginfo redhat-upgrade-qemu-kvm-device-usb-redirect redhat-upgrade-qemu-kvm-device-usb-redirect-debuginfo redhat-upgrade-qemu-kvm-docs redhat-upgrade-qemu-kvm-tests-debuginfo redhat-upgrade-qemu-kvm-tools redhat-upgrade-qemu-kvm-tools-debuginfo redhat-upgrade-qemu-kvm-ui-dbus-debuginfo redhat-upgrade-qemu-kvm-ui-egl-headless redhat-upgrade-qemu-kvm-ui-egl-headless-debuginfo redhat-upgrade-qemu-kvm-ui-opengl redhat-upgrade-qemu-kvm-ui-opengl-debuginfo redhat-upgrade-qemu-pr-helper redhat-upgrade-qemu-pr-helper-debuginfo References CVE-2023-42467 RHSA-2024:2135

Amazon Linux AMI 2: CVE-2023-4581: Security patch for firefox (ALASFIREFOX-2023-014) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 09/11/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2023-4581 AL2/ALASFIREFOX-2023-014 CVE - 2023-4581

Gentoo Linux: CVE-2023-4583: Mozilla Thunderbird: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/11/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-4583 CVE - 2023-4583 202402-25

Gentoo Linux: CVE-2023-4582: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/11/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-4582 CVE - 2023-4582 202402-25

Gentoo Linux: CVE-2023-4585: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/11/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-4585 CVE - 2023-4585 202402-25

Alpine Linux: CVE-2023-4580: Missing Encryption of Sensitive Data Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4580 CVE - 2023-4580 https://security.alpinelinux.org/vuln/CVE-2023-4580

Alpine Linux: CVE-2023-4576: Integer Overflow or Wraparound Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4576 CVE - 2023-4576 https://security.alpinelinux.org/vuln/CVE-2023-4576

Alpine Linux: CVE-2023-4574: Use After Free Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4574 CVE - 2023-4574 https://security.alpinelinux.org/vuln/CVE-2023-4574

Alpine Linux: CVE-2023-4583: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4583 CVE - 2023-4583 https://security.alpinelinux.org/vuln/CVE-2023-4583

Alpine Linux: CVE-2023-4581: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 09/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4581 CVE - 2023-4581 https://security.alpinelinux.org/vuln/CVE-2023-4581

Alpine Linux: CVE-2023-4575: Use After Free Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4575 CVE - 2023-4575 https://security.alpinelinux.org/vuln/CVE-2023-4575

Gentoo Linux: CVE-2023-4574: Mozilla Thunderbird: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/11/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-4574 CVE - 2023-4574 202402-25

Oracle Linux: CVE-2023-4874: ELSA-2024-2290:mutt security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/09/2023 Created 05/22/2024 Added 05/07/2024 Modified 01/07/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt &gt;1.5.2 &lt;2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Solution(s) oracle-linux-upgrade-mutt References https://attackerkb.com/topics/cve-2023-4874 CVE - 2023-4874 ELSA-2024-2290 ELSA-2024-3058

Amazon Linux 2023: CVE-2023-4874: Medium priority package update for mutt Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/09/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt &gt;1.5.2 &lt;2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Solution(s) amazon-linux-2023-upgrade-mutt amazon-linux-2023-upgrade-mutt-debuginfo amazon-linux-2023-upgrade-mutt-debugsource References https://attackerkb.com/topics/cve-2023-4874 CVE - 2023-4874 https://alas.aws.amazon.com/AL2023/ALAS-2023-357.html

Oracle Linux: CVE-2023-4875: ELSA-2024-2290:mutt security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/09/2023 Created 05/22/2024 Added 05/07/2024 Modified 01/07/2025 Description Null pointer dereference when composing from a specially crafted draft message in Mutt &gt;1.5.2 &lt;2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Solution(s) oracle-linux-upgrade-mutt References https://attackerkb.com/topics/cve-2023-4875 CVE - 2023-4875 ELSA-2024-2290 ELSA-2024-3058

Amazon Linux AMI: CVE-2023-4874: Security patch for mutt (ALAS-2023-1836) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/09/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Solution(s) amazon-linux-upgrade-mutt References ALAS-2023-1836 CVE-2023-4874

Red Hat: CVE-2023-4874: mutt: null pointer dereference (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/09/2023 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Solution(s) redhat-upgrade-mutt redhat-upgrade-mutt-debuginfo redhat-upgrade-mutt-debugsource References CVE-2023-4874 RHSA-2024:2290 RHSA-2024:3058

Debian: CVE-2023-41915: pmix -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/09/2023 Created 11/02/2023 Added 11/02/2023 Modified 01/28/2025 Description OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Solution(s) debian-upgrade-pmix References https://attackerkb.com/topics/cve-2023-41915 CVE - 2023-41915 DLA-3643-1 DSA-5547

Amazon Linux AMI 2: CVE-2023-4874: Security patch for mutt (ALAS-2023-2265) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/09/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Solution(s) amazon-linux-ami-2-upgrade-mutt amazon-linux-ami-2-upgrade-mutt-debuginfo References https://attackerkb.com/topics/cve-2023-4874 AL2/ALAS-2023-2265 CVE - 2023-4874

Huawei EulerOS: CVE-2023-4874: mutt security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Solution(s) huawei-euleros-2_0_sp10-upgrade-mutt References https://attackerkb.com/topics/cve-2023-4874 CVE - 2023-4874 EulerOS-SA-2023-3222

Rocky Linux: CVE-2023-41915: pmix (RLSA-2024-3008) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/09/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Solution(s) rocky-upgrade-pmix rocky-upgrade-pmix-debuginfo rocky-upgrade-pmix-debugsource rocky-upgrade-pmix-devel References https://attackerkb.com/topics/cve-2023-41915 CVE - 2023-41915 https://errata.rockylinux.org/RLSA-2024:3008

Alma Linux: CVE-2023-4875: Moderate: mutt security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:C) Published 09/09/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Solution(s) alma-upgrade-mutt References https://attackerkb.com/topics/cve-2023-4875 CVE - 2023-4875 https://errata.almalinux.org/8/ALSA-2024-3058.html https://errata.almalinux.org/9/ALSA-2024-2290.html

Alma Linux: CVE-2023-4874: Moderate: mutt security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/09/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Solution(s) alma-upgrade-mutt References https://attackerkb.com/topics/cve-2023-4874 CVE - 2023-4874 https://errata.almalinux.org/8/ALSA-2024-3058.html https://errata.almalinux.org/9/ALSA-2024-2290.html

Amazon Linux AMI: CVE-2023-4875: Security patch for mutt (ALAS-2023-1836) Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:C) Published 09/09/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Solution(s) amazon-linux-upgrade-mutt References ALAS-2023-1836 CVE-2023-4875

Ubuntu: (Multiple Advisories) (CVE-2023-4874): Mutt vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/09/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Solution(s) ubuntu-pro-upgrade-mutt ubuntu-pro-upgrade-mutt-patched References https://attackerkb.com/topics/cve-2023-4874 CVE - 2023-4874 USN-6374-1 USN-6374-2