ISHACK AI BOT

Debian: CVE-2023-3736: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 07/24/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3736 CVE - 2023-3736 DSA-5456-1

Google Chrome Vulnerability: CVE-2022-4924 Use after free in WebRTC Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/24/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-4924 CVE - 2022-4924 https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1272967

Google Chrome Vulnerability: CVE-2022-4914 Heap buffer overflow in PrintPreview Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/24/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2022-4914 CVE - 2022-4914 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html https://crbug.com/1232402

Red Hat: CVE-2023-3417: File Extension Spoofing using the Text Direction Override Character (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/24/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while infact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Solution(s) redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-3417 RHSA-2023:4493 RHSA-2023:4494 RHSA-2023:4495 RHSA-2023:4497 RHSA-2023:4499

Red Hat: CVE-2023-38200: registrar is subject to a DoS against SSL connections (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. Solution(s) redhat-upgrade-keylime redhat-upgrade-keylime-base redhat-upgrade-keylime-registrar redhat-upgrade-keylime-selinux redhat-upgrade-keylime-tenant redhat-upgrade-keylime-verifier redhat-upgrade-python3-keylime References CVE-2023-38200 RHSA-2023:5080

Red Hat: CVE-2023-33951: kernel: vmwgfx: race condition leading to information disclosure vulnerability (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:M/C:C/I:N/A:N) Published 07/24/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-33951 RHSA-2023:6583 RHSA-2023:6901 RHSA-2023:7077 RHSA-2024:1404 RHSA-2024:4823 RHSA-2024:4831 View more

Red Hat: CVE-2023-3812: kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/24/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-3812 RHSA-2023:7370 RHSA-2023:7379 RHSA-2023:7382 RHSA-2023:7389 RHSA-2023:7411 RHSA-2023:7418 RHSA-2023:7548 RHSA-2023:7549 RHSA-2023:7554 RHSA-2024:0340 RHSA-2024:0378 RHSA-2024:0412 RHSA-2024:0461 RHSA-2024:0554 RHSA-2024:0575 View more

SUSE: CVE-2023-3019: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/24/2023 Created 04/24/2024 Added 04/24/2024 Modified 01/28/2025 Description A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2023-3019 CVE - 2023-3019

Ubuntu: (Multiple Advisories) (CVE-2023-32257): Linux kernel vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/24/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/30/2025 Description A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1036-gkeop ubuntu-upgrade-linux-image-5-15-0-1044-nvidia ubuntu-upgrade-linux-image-5-15-0-1044-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1046-ibm ubuntu-upgrade-linux-image-5-15-0-1046-raspi ubuntu-upgrade-linux-image-5-15-0-1047-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1048-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1050-gke ubuntu-upgrade-linux-image-5-15-0-1050-kvm ubuntu-upgrade-linux-image-5-15-0-1051-gcp ubuntu-upgrade-linux-image-5-15-0-1051-oracle ubuntu-upgrade-linux-image-5-15-0-1053-aws ubuntu-upgrade-linux-image-5-15-0-1056-azure ubuntu-upgrade-linux-image-5-15-0-1056-azure-fde ubuntu-upgrade-linux-image-5-15-0-94-generic ubuntu-upgrade-linux-image-5-15-0-94-generic-64k ubuntu-upgrade-linux-image-5-15-0-94-generic-lpae ubuntu-upgrade-linux-image-5-15-0-94-lowlatency ubuntu-upgrade-linux-image-5-15-0-94-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1004-starfive ubuntu-upgrade-linux-image-6-2-0-1009-ibm ubuntu-upgrade-linux-image-6-2-0-1011-aws ubuntu-upgrade-linux-image-6-2-0-1011-azure ubuntu-upgrade-linux-image-6-2-0-1011-oracle ubuntu-upgrade-linux-image-6-2-0-1012-kvm ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1012-raspi ubuntu-upgrade-linux-image-6-2-0-1013-gcp ubuntu-upgrade-linux-image-6-2-0-32-generic ubuntu-upgrade-linux-image-6-2-0-32-generic-64k ubuntu-upgrade-linux-image-6-2-0-32-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-32257 CVE - 2023-32257 USN-6338-1 USN-6338-2 USN-6344-1 USN-6626-1 USN-6626-2 USN-6626-3 USN-6628-1 USN-6628-2 View more

Alma Linux: CVE-2023-3019: Moderate: qemu-kvm security update (ALSA-2024-2135) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/24/2023 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Solution(s) alma-upgrade-qemu-guest-agent alma-upgrade-qemu-img alma-upgrade-qemu-kvm alma-upgrade-qemu-kvm-audio-pa alma-upgrade-qemu-kvm-block-blkio alma-upgrade-qemu-kvm-block-curl alma-upgrade-qemu-kvm-block-rbd alma-upgrade-qemu-kvm-common alma-upgrade-qemu-kvm-core alma-upgrade-qemu-kvm-device-display-virtio-gpu alma-upgrade-qemu-kvm-device-display-virtio-gpu-ccw alma-upgrade-qemu-kvm-device-display-virtio-gpu-pci alma-upgrade-qemu-kvm-device-display-virtio-vga alma-upgrade-qemu-kvm-device-usb-host alma-upgrade-qemu-kvm-device-usb-redirect alma-upgrade-qemu-kvm-docs alma-upgrade-qemu-kvm-tools alma-upgrade-qemu-kvm-ui-egl-headless alma-upgrade-qemu-kvm-ui-opengl alma-upgrade-qemu-pr-helper References https://attackerkb.com/topics/cve-2023-3019 CVE - 2023-3019 https://errata.almalinux.org/9/ALSA-2024-2135.html

Alma Linux: CVE-2023-3417: Important: thunderbird security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/24/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while infact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Solution(s) alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-3417 CVE - 2023-3417 https://errata.almalinux.org/8/ALSA-2023-4497.html https://errata.almalinux.org/9/ALSA-2023-4499.html

Alma Linux: CVE-2023-33951: Important: kernel security, bug fix, and enhancement update (ALSA-2023-7077) Severity 4 CVSS (AV:L/AC:M/Au:M/C:C/I:N/A:N) Published 07/24/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-33951 CVE - 2023-33951 https://errata.almalinux.org/8/ALSA-2023-7077.html

Ubuntu: (Multiple Advisories) (CVE-2023-32247): Linux kernel vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/30/2025 Description A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Solution(s) ubuntu-upgrade-linux-image-5-15-0-101-generic ubuntu-upgrade-linux-image-5-15-0-101-generic-64k ubuntu-upgrade-linux-image-5-15-0-101-generic-lpae ubuntu-upgrade-linux-image-5-15-0-101-lowlatency ubuntu-upgrade-linux-image-5-15-0-101-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1039-gkeop ubuntu-upgrade-linux-image-5-15-0-1047-nvidia ubuntu-upgrade-linux-image-5-15-0-1047-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1049-ibm ubuntu-upgrade-linux-image-5-15-0-1049-raspi ubuntu-upgrade-linux-image-5-15-0-1051-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1053-gke ubuntu-upgrade-linux-image-5-15-0-1053-kvm ubuntu-upgrade-linux-image-5-15-0-1054-gcp ubuntu-upgrade-linux-image-5-15-0-1054-oracle ubuntu-upgrade-linux-image-5-15-0-1056-aws ubuntu-upgrade-linux-image-5-15-0-1059-azure ubuntu-upgrade-linux-image-5-15-0-1059-azure-fde ubuntu-upgrade-linux-image-6-2-0-1004-starfive ubuntu-upgrade-linux-image-6-2-0-1009-ibm ubuntu-upgrade-linux-image-6-2-0-1011-aws ubuntu-upgrade-linux-image-6-2-0-1011-azure ubuntu-upgrade-linux-image-6-2-0-1011-oracle ubuntu-upgrade-linux-image-6-2-0-1012-kvm ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1012-raspi ubuntu-upgrade-linux-image-6-2-0-1013-gcp ubuntu-upgrade-linux-image-6-2-0-32-generic ubuntu-upgrade-linux-image-6-2-0-32-generic-64k ubuntu-upgrade-linux-image-6-2-0-32-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-32247 CVE - 2023-32247 USN-6338-1 USN-6338-2 USN-6344-1 USN-6704-1 USN-6704-2 USN-6704-3 USN-6704-4 USN-6705-1 View more

Alma Linux: CVE-2023-3750: Moderate: libvirt security, bug fix, and enhancement update (ALSA-2023-6409) Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:C) Published 07/24/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. Solution(s) alma-upgrade-libvirt alma-upgrade-libvirt-client alma-upgrade-libvirt-client-qemu alma-upgrade-libvirt-daemon alma-upgrade-libvirt-daemon-common alma-upgrade-libvirt-daemon-config-network alma-upgrade-libvirt-daemon-config-nwfilter alma-upgrade-libvirt-daemon-driver-interface alma-upgrade-libvirt-daemon-driver-network alma-upgrade-libvirt-daemon-driver-nodedev alma-upgrade-libvirt-daemon-driver-nwfilter alma-upgrade-libvirt-daemon-driver-qemu alma-upgrade-libvirt-daemon-driver-secret alma-upgrade-libvirt-daemon-driver-storage alma-upgrade-libvirt-daemon-driver-storage-core alma-upgrade-libvirt-daemon-driver-storage-disk alma-upgrade-libvirt-daemon-driver-storage-iscsi alma-upgrade-libvirt-daemon-driver-storage-logical alma-upgrade-libvirt-daemon-driver-storage-mpath alma-upgrade-libvirt-daemon-driver-storage-rbd alma-upgrade-libvirt-daemon-driver-storage-scsi alma-upgrade-libvirt-daemon-kvm alma-upgrade-libvirt-daemon-lock alma-upgrade-libvirt-daemon-log alma-upgrade-libvirt-daemon-plugin-lockd alma-upgrade-libvirt-daemon-plugin-sanlock alma-upgrade-libvirt-daemon-proxy alma-upgrade-libvirt-devel alma-upgrade-libvirt-docs alma-upgrade-libvirt-libs alma-upgrade-libvirt-nss References https://attackerkb.com/topics/cve-2023-3750 CVE - 2023-3750 https://errata.almalinux.org/9/ALSA-2023-6409.html

Ubuntu: (CVE-2023-33952): linux vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/24/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-allwinner ubuntu-upgrade-linux-allwinner-5-19 ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-19 ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-19 ubuntu-upgrade-linux-hwe-5-19 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-19 ubuntu-upgrade-linux-oem-6-1 ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-riscv ubuntu-upgrade-linux-riscv-5-19 ubuntu-upgrade-linux-starfive ubuntu-upgrade-linux-starfive-5-19 References https://attackerkb.com/topics/cve-2023-33952 CVE - 2023-33952 https://git.kernel.org/linus/9ef8d83e8e25d5f1811b3a38eb1484f85f64296c https://www.cve.org/CVERecord?id=CVE-2023-33952 https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292/

Ubuntu: USN-7147-1 (CVE-2023-34478): Apache Shiro vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/24/2023 Created 12/12/2024 Added 12/11/2024 Modified 01/28/2025 Description Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ Solution(s) ubuntu-pro-upgrade-libshiro-java References https://attackerkb.com/topics/cve-2023-34478 CVE - 2023-34478 USN-7147-1

Alma Linux: CVE-2023-38200: Moderate: keylime security update (ALSA-2023-5080) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/28/2025 Description A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. Solution(s) alma-upgrade-keylime alma-upgrade-keylime-base alma-upgrade-keylime-registrar alma-upgrade-keylime-selinux alma-upgrade-keylime-tenant alma-upgrade-keylime-verifier alma-upgrade-python3-keylime References https://attackerkb.com/topics/cve-2023-38200 CVE - 2023-38200 https://errata.almalinux.org/9/ALSA-2023-5080.html

SUSE: CVE-2023-2860: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 07/24/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-2860 CVE - 2023-2860

Rocky Linux: CVE-2023-20593: kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/24/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-20593 CVE - 2023-20593 https://errata.rockylinux.org/RLSA-2023:5091 https://errata.rockylinux.org/RLSA-2023:5244

Ubuntu: USN-6247-1 (CVE-2023-2860): Linux kernel (OEM) vulnerabilities Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 07/24/2023 Created 07/26/2023 Added 07/26/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. Solution(s) ubuntu-upgrade-linux-image-5-17-0-1035-oem ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a References https://attackerkb.com/topics/cve-2023-2860 CVE - 2023-2860 USN-6247-1

Huawei EulerOS: CVE-2023-20593: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/24/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-20593 CVE - 2023-20593 EulerOS-SA-2023-3217

Amazon Linux AMI 2: CVE-2023-3417: Security patch for thunderbird (ALAS-2023-2248) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/24/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while infact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Solution(s) amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-3417 AL2/ALAS-2023-2248 CVE - 2023-3417

SUSE: CVE-2023-3745: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/24/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. Solution(s) suse-upgrade-imagemagick suse-upgrade-imagemagick-config-6-suse suse-upgrade-imagemagick-config-6-upstream suse-upgrade-imagemagick-config-7-suse suse-upgrade-imagemagick-config-7-upstream suse-upgrade-imagemagick-devel suse-upgrade-libmagick-6_q16-3 suse-upgrade-libmagick-7_q16hdri4 suse-upgrade-libmagick-7_q16hdri4-32bit suse-upgrade-libmagick-devel suse-upgrade-libmagickcore-6_q16-1 suse-upgrade-libmagickcore-6_q16-1-32bit suse-upgrade-libmagickcore-7_q16hdri6 suse-upgrade-libmagickcore-7_q16hdri6-32bit suse-upgrade-libmagickwand-6_q16-1 suse-upgrade-libmagickwand-7_q16hdri6 suse-upgrade-libmagickwand-7_q16hdri6-32bit suse-upgrade-perl-perlmagick References https://attackerkb.com/topics/cve-2023-3745 CVE - 2023-3745

VMware Photon OS: CVE-2023-33951 Severity 5 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:P) Published 07/24/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-33951 CVE - 2023-33951

CentOS Linux: CVE-2023-33952: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/24/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-33952