ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-4051): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-4051 CVE - 2023-4051 USN-6267-1 USN-6267-2 USN-6267-3

CentOS Linux: CVE-2023-4047: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-4047

CentOS Linux: CVE-2023-4049: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-4049

CentOS Linux: CVE-2023-4048: Important: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-4048

CentOS Linux: CVE-2023-4046: Important: firefox security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-4046

Alpine Linux: CVE-2023-4052: Link Following Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 08/01/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-4052 CVE - 2023-4052 https://security.alpinelinux.org/vuln/CVE-2023-4052

MFSA2023-33 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.1 (CVE-2023-4045) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 02/14/2025 Description Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) mozilla-thunderbird-upgrade-115_1 References https://attackerkb.com/topics/cve-2023-4045 CVE - 2023-4045 http://www.mozilla.org/security/announce/2023/mfsa2023-33.html

SUSE: CVE-2023-38559: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Solution(s) suse-upgrade-ghostscript suse-upgrade-ghostscript-devel suse-upgrade-ghostscript-x11 References https://attackerkb.com/topics/cve-2023-38559 CVE - 2023-38559

Amazon Linux AMI: CVE-2023-38559: Security patch for ghostscript (ALAS-2023-1801) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/24/2023 Added 08/23/2023 Modified 01/28/2025 Description A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Solution(s) amazon-linux-upgrade-ghostscript References ALAS-2023-1801 CVE-2023-38559

Huawei EulerOS: CVE-2023-3817: openssl security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-openssl huawei-euleros-2_0_sp8-upgrade-openssl-devel huawei-euleros-2_0_sp8-upgrade-openssl-libs huawei-euleros-2_0_sp8-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 EulerOS-SA-2023-3141

Amazon Linux AMI 2: CVE-2023-4004: Security patch for kernel, kernel-livepatch-5.10.186-179.751 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-186-179-751 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-186-179-751-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-192-182-736 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-128-80-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4004 AL2/ALASKERNEL-5.10-2023-039 AL2/ALASKERNEL-5.15-2023-026 AL2/ALASLIVEPATCH-2023-155 CVE - 2023-4004

Alma Linux: CVE-2023-30588: Moderate: nodejs:18 security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-30588 CVE - 2023-30588 https://errata.almalinux.org/8/ALSA-2023-4536.html https://errata.almalinux.org/8/ALSA-2023-4537.html https://errata.almalinux.org/9/ALSA-2023-4330.html https://errata.almalinux.org/9/ALSA-2023-4331.html

Alma Linux: CVE-2023-4004: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 https://errata.almalinux.org/8/ALSA-2023-5244.html https://errata.almalinux.org/9/ALSA-2023-5069.html https://errata.almalinux.org/9/ALSA-2023-5091.html

Red Hat: CVE-2023-4004: use-after-free due to improper element removal in nft_pipapo_remove() (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-4004 RHSA-2023:5069 RHSA-2023:5091 RHSA-2023:5093 RHSA-2023:5221 RHSA-2023:5244 RHSA-2023:5255 RHSA-2023:5548 RHSA-2023:5627 RHSA-2023:7382 RHSA-2023:7389 RHSA-2023:7411 View more

Huawei EulerOS: CVE-2023-4004: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 EulerOS-SA-2023-3033

Amazon Linux 2023: CVE-2023-3817: Medium priority package update for openssl Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the &quot;-check&quot; option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service. Solution(s) amazon-linux-2023-upgrade-openssl amazon-linux-2023-upgrade-openssl-debuginfo amazon-linux-2023-upgrade-openssl-debugsource amazon-linux-2023-upgrade-openssl-devel amazon-linux-2023-upgrade-openssl-libs amazon-linux-2023-upgrade-openssl-libs-debuginfo amazon-linux-2023-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 https://alas.aws.amazon.com/AL2023/ALAS-2023-306.html

Gentoo Linux: CVE-2023-3817: OpenSSL: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) gentoo-linux-upgrade-dev-libs-openssl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 202402-08

VMware Photon OS: CVE-2023-3817 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817

SUSE: CVE-2023-4004: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 08/15/2023 Added 08/15/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004

A cross-site scripting (XSS) vulnerability that was present in the in the Zimbra Classic Web Client has been addressed. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 07/31/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/20/2025 Description Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-37580 CVE - 2023-37580 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy http://www.openwall.com/lists/oss-security/2023/11/17/2

Ubuntu: (Multiple Advisories) (CVE-2023-3817): OpenSSL vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) ubuntu-pro-upgrade-libssl1-0-0 ubuntu-pro-upgrade-libssl1-1 ubuntu-pro-upgrade-libssl3 ubuntu-pro-upgrade-openssl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 USN-6435-1 USN-6435-2 USN-6450-1 USN-6709-1

OpenSSL vulnerability (CVE-2023-3817) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 06/06/2024 Added 06/05/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) http-openssl-1_0_2-upgrade-1_0_2_z_i http-openssl-1_1_1-upgrade-1_1_1_v http-openssl-3_0_10-upgrade-3_0_10 http-openssl-3_1_2-upgrade-3_1_2 References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817

FreeBSD: (Multiple Advisories) (CVE-2023-3817): MySQL -- Multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server freebsd-upgrade-package-openssl freebsd-upgrade-package-openssl30 freebsd-upgrade-package-openssl31 References CVE-2023-3817

CentOS Linux: CVE-2023-4004: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-4_18_0-477_10_1 centos-upgrade-kpatch-patch-4_18_0-477_10_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_10_1-debugsource centos-upgrade-kpatch-patch-4_18_0-477_13_1 centos-upgrade-kpatch-patch-4_18_0-477_13_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_13_1-debugsource centos-upgrade-kpatch-patch-4_18_0-477_15_1 centos-upgrade-kpatch-patch-4_18_0-477_15_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_15_1-debugsource centos-upgrade-kpatch-patch-4_18_0-477_21_1 centos-upgrade-kpatch-patch-4_18_0-477_21_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_21_1-debugsource centos-upgrade-kpatch-patch-5_14_0-284_11_1 centos-upgrade-kpatch-patch-5_14_0-284_11_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_11_1-debugsource centos-upgrade-kpatch-patch-5_14_0-284_18_1 centos-upgrade-kpatch-patch-5_14_0-284_18_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_18_1-debugsource centos-upgrade-kpatch-patch-5_14_0-284_25_1 centos-upgrade-kpatch-patch-5_14_0-284_25_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_25_1-debugsource References CVE-2023-4004

Alma Linux: CVE-2023-30581: Moderate: nodejs:18 security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/31/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-30581 CVE - 2023-30581 https://errata.almalinux.org/8/ALSA-2023-4536.html https://errata.almalinux.org/8/ALSA-2023-4537.html https://errata.almalinux.org/9/ALSA-2023-4330.html https://errata.almalinux.org/9/ALSA-2023-4331.html