ISHACK AI BOT

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-29311) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/12/2023 Created 07/17/2023 Added 07/17/2023 Modified 02/14/2025 Description Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-29311 CVE - 2023-29311 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-29312) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/12/2023 Created 07/17/2023 Added 07/17/2023 Modified 02/14/2025 Description Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-29312 CVE - 2023-29312 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Alma Linux: CVE-2023-38197: Moderate: qt5-qtbase security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Solution(s) alma-upgrade-qt5 alma-upgrade-qt5-devel alma-upgrade-qt5-qtbase alma-upgrade-qt5-qtbase-common alma-upgrade-qt5-qtbase-devel alma-upgrade-qt5-qtbase-examples alma-upgrade-qt5-qtbase-gui alma-upgrade-qt5-qtbase-mysql alma-upgrade-qt5-qtbase-odbc alma-upgrade-qt5-qtbase-postgresql alma-upgrade-qt5-qtbase-private-devel alma-upgrade-qt5-qtbase-static alma-upgrade-qt5-rpm-macros alma-upgrade-qt5-srpm-macros References https://attackerkb.com/topics/cve-2023-38197 CVE - 2023-38197 https://errata.almalinux.org/8/ALSA-2023-6967.html https://errata.almalinux.org/9/ALSA-2023-6369.html

Amazon Linux AMI 2: CVE-2023-35945: Security patch for ecs-service-connect-agent, nghttp2 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent amazon-linux-ami-2-upgrade-libnghttp2 amazon-linux-ami-2-upgrade-libnghttp2-devel amazon-linux-ami-2-upgrade-nghttp2 amazon-linux-ami-2-upgrade-nghttp2-debuginfo References https://attackerkb.com/topics/cve-2023-35945 AL2/ALAS-2023-2180 AL2/ALASECS-2023-006 CVE - 2023-35945

Debian: CVE-2023-38197: qtbase-opensource-src, qtbase-opensource-src-gles -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Solution(s) debian-upgrade-qtbase-opensource-src debian-upgrade-qtbase-opensource-src-gles References https://attackerkb.com/topics/cve-2023-38197 CVE - 2023-38197 DLA-3539-1

Alpine Linux: CVE-2022-24834: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/13/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. Solution(s) alpine-linux-upgrade-redis References https://attackerkb.com/topics/cve-2022-24834 CVE - 2022-24834 https://security.alpinelinux.org/vuln/CVE-2022-24834

SUSE: CVE-2023-29454: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 07/13/2023 Created 07/26/2023 Added 07/26/2023 Modified 01/28/2025 Description Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. Solution(s) suse-upgrade-zabbix-agent suse-upgrade-zabbix-java-gateway suse-upgrade-zabbix-phpfrontend suse-upgrade-zabbix-proxy suse-upgrade-zabbix-proxy-mysql suse-upgrade-zabbix-proxy-postgresql suse-upgrade-zabbix-proxy-sqlite suse-upgrade-zabbix-server suse-upgrade-zabbix-server-mysql suse-upgrade-zabbix-server-postgresql References https://attackerkb.com/topics/cve-2023-29454 CVE - 2023-29454

SUSE: CVE-2023-29450: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/13/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. Solution(s) suse-upgrade-zabbix-agent References https://attackerkb.com/topics/cve-2023-29450 CVE - 2023-29450

Red Hat OpenShift: CVE-2023-1260: kube-apiserver: PrivEsc Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 07/13/2023 Created 07/13/2023 Added 07/13/2023 Modified 01/30/2025 Description An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. Solution(s) linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift References https://attackerkb.com/topics/cve-2023-1260 CVE - 2023-1260 RHSA-2023:3976 RHSA-2023:4093 RHSA-2023:4312 RHSA-2023:4898 RHSA-2023:5008

Huawei EulerOS: CVE-2023-21400: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/13/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description In multiple functionsof io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-21400 CVE - 2023-21400 EulerOS-SA-2023-3275

Alpine Linux: CVE-2023-35945: Incomplete Cleanup Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. Solution(s) alpine-linux-upgrade-nghttp2 References https://attackerkb.com/topics/cve-2023-35945 CVE - 2023-35945 https://security.alpinelinux.org/vuln/CVE-2023-35945

Red Hat: CVE-2023-38197: qtbase: infinite loops in QXmlStreamReader (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/13/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. Solution(s) redhat-upgrade-adwaita-qt-debuginfo redhat-upgrade-adwaita-qt-debugsource redhat-upgrade-adwaita-qt5 redhat-upgrade-adwaita-qt5-debuginfo redhat-upgrade-libadwaita-qt5 redhat-upgrade-libadwaita-qt5-debuginfo redhat-upgrade-python-pyqt5-sip-debugsource redhat-upgrade-python-qt5-debuginfo redhat-upgrade-python-qt5-debugsource redhat-upgrade-python-qt5-rpm-macros redhat-upgrade-python3-pyqt5-sip redhat-upgrade-python3-pyqt5-sip-debuginfo redhat-upgrade-python3-qt5 redhat-upgrade-python3-qt5-base redhat-upgrade-python3-qt5-base-debuginfo redhat-upgrade-python3-qt5-debuginfo redhat-upgrade-python3-qt5-devel redhat-upgrade-qgnomeplatform redhat-upgrade-qgnomeplatform-debuginfo redhat-upgrade-qgnomeplatform-debugsource redhat-upgrade-qt5 redhat-upgrade-qt5-assistant redhat-upgrade-qt5-assistant-debuginfo redhat-upgrade-qt5-designer redhat-upgrade-qt5-designer-debuginfo redhat-upgrade-qt5-devel redhat-upgrade-qt5-doctools redhat-upgrade-qt5-doctools-debuginfo redhat-upgrade-qt5-linguist redhat-upgrade-qt5-linguist-debuginfo redhat-upgrade-qt5-qdbusviewer redhat-upgrade-qt5-qdbusviewer-debuginfo redhat-upgrade-qt5-qt3d redhat-upgrade-qt5-qt3d-debuginfo redhat-upgrade-qt5-qt3d-debugsource redhat-upgrade-qt5-qt3d-devel redhat-upgrade-qt5-qt3d-devel-debuginfo redhat-upgrade-qt5-qt3d-doc redhat-upgrade-qt5-qt3d-examples redhat-upgrade-qt5-qt3d-examples-debuginfo redhat-upgrade-qt5-qt3d-tests-debuginfo redhat-upgrade-qt5-qtbase redhat-upgrade-qt5-qtbase-common redhat-upgrade-qt5-qtbase-debuginfo redhat-upgrade-qt5-qtbase-debugsource redhat-upgrade-qt5-qtbase-devel redhat-upgrade-qt5-qtbase-devel-debuginfo redhat-upgrade-qt5-qtbase-doc redhat-upgrade-qt5-qtbase-examples redhat-upgrade-qt5-qtbase-examples-debuginfo redhat-upgrade-qt5-qtbase-gui redhat-upgrade-qt5-qtbase-gui-debuginfo redhat-upgrade-qt5-qtbase-mysql redhat-upgrade-qt5-qtbase-mysql-debuginfo redhat-upgrade-qt5-qtbase-odbc redhat-upgrade-qt5-qtbase-odbc-debuginfo redhat-upgrade-qt5-qtbase-postgresql redhat-upgrade-qt5-qtbase-postgresql-debuginfo redhat-upgrade-qt5-qtbase-private-devel redhat-upgrade-qt5-qtbase-static redhat-upgrade-qt5-qtbase-tests-debuginfo redhat-upgrade-qt5-qtconnectivity redhat-upgrade-qt5-qtconnectivity-debuginfo redhat-upgrade-qt5-qtconnectivity-debugsource redhat-upgrade-qt5-qtconnectivity-devel redhat-upgrade-qt5-qtconnectivity-doc redhat-upgrade-qt5-qtconnectivity-examples redhat-upgrade-qt5-qtconnectivity-examples-debuginfo redhat-upgrade-qt5-qtconnectivity-tests-debuginfo redhat-upgrade-qt5-qtdeclarative redhat-upgrade-qt5-qtdeclarative-debuginfo redhat-upgrade-qt5-qtdeclarative-debugsource redhat-upgrade-qt5-qtdeclarative-devel redhat-upgrade-qt5-qtdeclarative-devel-debuginfo redhat-upgrade-qt5-qtdeclarative-doc redhat-upgrade-qt5-qtdeclarative-examples redhat-upgrade-qt5-qtdeclarative-examples-debuginfo redhat-upgrade-qt5-qtdeclarative-static redhat-upgrade-qt5-qtdeclarative-tests-debuginfo redhat-upgrade-qt5-qtdoc redhat-upgrade-qt5-qtgraphicaleffects redhat-upgrade-qt5-qtgraphicaleffects-debuginfo redhat-upgrade-qt5-qtgraphicaleffects-debugsource redhat-upgrade-qt5-qtgraphicaleffects-doc redhat-upgrade-qt5-qtgraphicaleffects-tests-debuginfo redhat-upgrade-qt5-qtimageformats redhat-upgrade-qt5-qtimageformats-debuginfo redhat-upgrade-qt5-qtimageformats-debugsource redhat-upgrade-qt5-qtimageformats-doc redhat-upgrade-qt5-qtimageformats-tests-debuginfo redhat-upgrade-qt5-qtlocation redhat-upgrade-qt5-qtlocation-debuginfo redhat-upgrade-qt5-qtlocation-debugsource redhat-upgrade-qt5-qtlocation-devel redhat-upgrade-qt5-qtlocation-doc redhat-upgrade-qt5-qtlocation-examples redhat-upgrade-qt5-qtlocation-examples-debuginfo redhat-upgrade-qt5-qtlocation-tests-debuginfo redhat-upgrade-qt5-qtmultimedia redhat-upgrade-qt5-qtmultimedia-debuginfo redhat-upgrade-qt5-qtmultimedia-debugsource redhat-upgrade-qt5-qtmultimedia-devel redhat-upgrade-qt5-qtmultimedia-doc redhat-upgrade-qt5-qtmultimedia-examples redhat-upgrade-qt5-qtmultimedia-examples-debuginfo redhat-upgrade-qt5-qtmultimedia-tests-debuginfo redhat-upgrade-qt5-qtquickcontrols redhat-upgrade-qt5-qtquickcontrols-debuginfo redhat-upgrade-qt5-qtquickcontrols-debugsource redhat-upgrade-qt5-qtquickcontrols-doc redhat-upgrade-qt5-qtquickcontrols-examples redhat-upgrade-qt5-qtquickcontrols-examples-debuginfo redhat-upgrade-qt5-qtquickcontrols-tests-debuginfo redhat-upgrade-qt5-qtquickcontrols2 redhat-upgrade-qt5-qtquickcontrols2-debuginfo redhat-upgrade-qt5-qtquickcontrols2-debugsource redhat-upgrade-qt5-qtquickcontrols2-devel redhat-upgrade-qt5-qtquickcontrols2-doc redhat-upgrade-qt5-qtquickcontrols2-examples redhat-upgrade-qt5-qtquickcontrols2-examples-debuginfo redhat-upgrade-qt5-qtquickcontrols2-tests-debuginfo redhat-upgrade-qt5-qtscript redhat-upgrade-qt5-qtscript-debuginfo redhat-upgrade-qt5-qtscript-debugsource redhat-upgrade-qt5-qtscript-devel redhat-upgrade-qt5-qtscript-doc redhat-upgrade-qt5-qtscript-examples redhat-upgrade-qt5-qtscript-examples-debuginfo redhat-upgrade-qt5-qtscript-tests-debuginfo redhat-upgrade-qt5-qtsensors redhat-upgrade-qt5-qtsensors-debuginfo redhat-upgrade-qt5-qtsensors-debugsource redhat-upgrade-qt5-qtsensors-devel redhat-upgrade-qt5-qtsensors-doc redhat-upgrade-qt5-qtsensors-examples redhat-upgrade-qt5-qtsensors-examples-debuginfo redhat-upgrade-qt5-qtsensors-tests-debuginfo redhat-upgrade-qt5-qtserialbus redhat-upgrade-qt5-qtserialbus-debuginfo redhat-upgrade-qt5-qtserialbus-debugsource redhat-upgrade-qt5-qtserialbus-devel redhat-upgrade-qt5-qtserialbus-doc redhat-upgrade-qt5-qtserialbus-examples redhat-upgrade-qt5-qtserialbus-examples-debuginfo redhat-upgrade-qt5-qtserialbus-tests-debuginfo redhat-upgrade-qt5-qtserialport redhat-upgrade-qt5-qtserialport-debuginfo redhat-upgrade-qt5-qtserialport-debugsource redhat-upgrade-qt5-qtserialport-devel redhat-upgrade-qt5-qtserialport-doc redhat-upgrade-qt5-qtserialport-examples redhat-upgrade-qt5-qtserialport-examples-debuginfo redhat-upgrade-qt5-qtserialport-tests-debuginfo redhat-upgrade-qt5-qtsvg redhat-upgrade-qt5-qtsvg-debuginfo redhat-upgrade-qt5-qtsvg-debugsource redhat-upgrade-qt5-qtsvg-devel redhat-upgrade-qt5-qtsvg-doc redhat-upgrade-qt5-qtsvg-examples redhat-upgrade-qt5-qtsvg-examples-debuginfo redhat-upgrade-qt5-qtsvg-tests-debuginfo redhat-upgrade-qt5-qttools redhat-upgrade-qt5-qttools-common redhat-upgrade-qt5-qttools-debuginfo redhat-upgrade-qt5-qttools-debugsource redhat-upgrade-qt5-qttools-devel redhat-upgrade-qt5-qttools-devel-debuginfo redhat-upgrade-qt5-qttools-doc redhat-upgrade-qt5-qttools-examples redhat-upgrade-qt5-qttools-examples-debuginfo redhat-upgrade-qt5-qttools-libs-designer redhat-upgrade-qt5-qttools-libs-designer-debuginfo redhat-upgrade-qt5-qttools-libs-designercomponents redhat-upgrade-qt5-qttools-libs-designercomponents-debuginfo redhat-upgrade-qt5-qttools-libs-help redhat-upgrade-qt5-qttools-libs-help-debuginfo redhat-upgrade-qt5-qttools-static redhat-upgrade-qt5-qttools-tests-debuginfo redhat-upgrade-qt5-qttranslations redhat-upgrade-qt5-qtwayland redhat-upgrade-qt5-qtwayland-debuginfo redhat-upgrade-qt5-qtwayland-debugsource redhat-upgrade-qt5-qtwayland-devel redhat-upgrade-qt5-qtwayland-devel-debuginfo redhat-upgrade-qt5-qtwayland-doc redhat-upgrade-qt5-qtwayland-examples redhat-upgrade-qt5-qtwayland-examples-debuginfo redhat-upgrade-qt5-qtwayland-tests-debuginfo redhat-upgrade-qt5-qtwebchannel redhat-upgrade-qt5-qtwebchannel-debuginfo redhat-upgrade-qt5-qtwebchannel-debugsource redhat-upgrade-qt5-qtwebchannel-devel redhat-upgrade-qt5-qtwebchannel-doc redhat-upgrade-qt5-qtwebchannel-examples redhat-upgrade-qt5-qtwebchannel-examples-debuginfo redhat-upgrade-qt5-qtwebchannel-tests-debuginfo redhat-upgrade-qt5-qtwebsockets redhat-upgrade-qt5-qtwebsockets-debuginfo redhat-upgrade-qt5-qtwebsockets-debugsource redhat-upgrade-qt5-qtwebsockets-devel redhat-upgrade-qt5-qtwebsockets-doc redhat-upgrade-qt5-qtwebsockets-examples redhat-upgrade-qt5-qtwebsockets-examples-debuginfo redhat-upgrade-qt5-qtwebsockets-tests-debuginfo redhat-upgrade-qt5-qtx11extras redhat-upgrade-qt5-qtx11extras-debuginfo redhat-upgrade-qt5-qtx11extras-debugsource redhat-upgrade-qt5-qtx11extras-devel redhat-upgrade-qt5-qtx11extras-doc redhat-upgrade-qt5-qtx11extras-tests-debuginfo redhat-upgrade-qt5-qtxmlpatterns redhat-upgrade-qt5-qtxmlpatterns-debuginfo redhat-upgrade-qt5-qtxmlpatterns-debugsource redhat-upgrade-qt5-qtxmlpatterns-devel redhat-upgrade-qt5-qtxmlpatterns-devel-debuginfo redhat-upgrade-qt5-qtxmlpatterns-doc redhat-upgrade-qt5-qtxmlpatterns-examples redhat-upgrade-qt5-qtxmlpatterns-examples-debuginfo redhat-upgrade-qt5-qtxmlpatterns-tests-debuginfo redhat-upgrade-qt5-rpm-macros redhat-upgrade-qt5-srpm-macros References CVE-2023-38197 RHSA-2023:6369 RHSA-2023:6967

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-29313) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/12/2023 Created 07/17/2023 Added 07/17/2023 Modified 02/14/2025 Description Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-29313 CVE - 2023-29313 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Huawei EulerOS: CVE-2023-3618: libtiff security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. Solution(s) huawei-euleros-2_0_sp10-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-3618 CVE - 2023-3618 EulerOS-SA-2023-3219

SonicWall GMS: CVE-2023-34134: Password Hash Read via Web Service Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/12/2023 Created 07/13/2023 Added 07/12/2023 Modified 07/27/2023 Description Exposure of Sensitive Information to an Unauthorized Actor in SonicWall GMS product results in Password Hash Read via Web Service. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34134 CVE - 2023-34134 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

Oracle Linux: CVE-2023-38197: ELSA-2023-6369:qt5 security and bug fix update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 11/18/2023 Added 11/16/2023 Modified 12/05/2024 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. A vulnerability was found in Qtbase, where it is vulnerable to a denial of service caused by an infinite loop flaw in the QXmlStreamReader() function. This flaw occurs because the QXmlStreamReader function accepts multiple DOCTYPE elements containing DTD fragments in the XML prolog and the XML body. Well-formed but invalid XML files - with multiple DTD fragments in prolog and body, combined with recursive entity expansions, causes infinite loops in QXmlStreamReader. By persuading a victim to open specially crafted XML content, an attacker can cause a denial of service condition. Solution(s) oracle-linux-upgrade-adwaita-qt5 oracle-linux-upgrade-libadwaita-qt5 oracle-linux-upgrade-python3-pyqt5-sip oracle-linux-upgrade-python3-qt5 oracle-linux-upgrade-python3-qt5-base oracle-linux-upgrade-python3-qt5-devel oracle-linux-upgrade-python-qt5-rpm-macros oracle-linux-upgrade-qgnomeplatform oracle-linux-upgrade-qt5 oracle-linux-upgrade-qt5-assistant oracle-linux-upgrade-qt5-designer oracle-linux-upgrade-qt5-devel oracle-linux-upgrade-qt5-doctools oracle-linux-upgrade-qt5-linguist oracle-linux-upgrade-qt5-qdbusviewer oracle-linux-upgrade-qt5-qt3d oracle-linux-upgrade-qt5-qt3d-devel oracle-linux-upgrade-qt5-qt3d-doc oracle-linux-upgrade-qt5-qt3d-examples oracle-linux-upgrade-qt5-qtbase oracle-linux-upgrade-qt5-qtbase-common oracle-linux-upgrade-qt5-qtbase-devel oracle-linux-upgrade-qt5-qtbase-doc oracle-linux-upgrade-qt5-qtbase-examples oracle-linux-upgrade-qt5-qtbase-gui oracle-linux-upgrade-qt5-qtbase-mysql oracle-linux-upgrade-qt5-qtbase-odbc oracle-linux-upgrade-qt5-qtbase-postgresql oracle-linux-upgrade-qt5-qtbase-private-devel oracle-linux-upgrade-qt5-qtbase-static oracle-linux-upgrade-qt5-qtconnectivity oracle-linux-upgrade-qt5-qtconnectivity-devel oracle-linux-upgrade-qt5-qtconnectivity-doc oracle-linux-upgrade-qt5-qtconnectivity-examples oracle-linux-upgrade-qt5-qtdeclarative oracle-linux-upgrade-qt5-qtdeclarative-devel oracle-linux-upgrade-qt5-qtdeclarative-doc oracle-linux-upgrade-qt5-qtdeclarative-examples oracle-linux-upgrade-qt5-qtdeclarative-static oracle-linux-upgrade-qt5-qtdoc oracle-linux-upgrade-qt5-qtgraphicaleffects oracle-linux-upgrade-qt5-qtgraphicaleffects-doc oracle-linux-upgrade-qt5-qtimageformats oracle-linux-upgrade-qt5-qtimageformats-doc oracle-linux-upgrade-qt5-qtlocation oracle-linux-upgrade-qt5-qtlocation-devel oracle-linux-upgrade-qt5-qtlocation-doc oracle-linux-upgrade-qt5-qtlocation-examples oracle-linux-upgrade-qt5-qtmultimedia oracle-linux-upgrade-qt5-qtmultimedia-devel oracle-linux-upgrade-qt5-qtmultimedia-doc oracle-linux-upgrade-qt5-qtmultimedia-examples oracle-linux-upgrade-qt5-qtquickcontrols oracle-linux-upgrade-qt5-qtquickcontrols2 oracle-linux-upgrade-qt5-qtquickcontrols2-devel oracle-linux-upgrade-qt5-qtquickcontrols2-doc oracle-linux-upgrade-qt5-qtquickcontrols2-examples oracle-linux-upgrade-qt5-qtquickcontrols-doc oracle-linux-upgrade-qt5-qtquickcontrols-examples oracle-linux-upgrade-qt5-qtscript oracle-linux-upgrade-qt5-qtscript-devel oracle-linux-upgrade-qt5-qtscript-doc oracle-linux-upgrade-qt5-qtscript-examples oracle-linux-upgrade-qt5-qtsensors oracle-linux-upgrade-qt5-qtsensors-devel oracle-linux-upgrade-qt5-qtsensors-doc oracle-linux-upgrade-qt5-qtsensors-examples oracle-linux-upgrade-qt5-qtserialbus oracle-linux-upgrade-qt5-qtserialbus-devel oracle-linux-upgrade-qt5-qtserialbus-doc oracle-linux-upgrade-qt5-qtserialbus-examples oracle-linux-upgrade-qt5-qtserialport oracle-linux-upgrade-qt5-qtserialport-devel oracle-linux-upgrade-qt5-qtserialport-doc oracle-linux-upgrade-qt5-qtserialport-examples oracle-linux-upgrade-qt5-qtsvg oracle-linux-upgrade-qt5-qtsvg-devel oracle-linux-upgrade-qt5-qtsvg-doc oracle-linux-upgrade-qt5-qtsvg-examples oracle-linux-upgrade-qt5-qttools oracle-linux-upgrade-qt5-qttools-common oracle-linux-upgrade-qt5-qttools-devel oracle-linux-upgrade-qt5-qttools-doc oracle-linux-upgrade-qt5-qttools-examples oracle-linux-upgrade-qt5-qttools-libs-designer oracle-linux-upgrade-qt5-qttools-libs-designercomponents oracle-linux-upgrade-qt5-qttools-libs-help oracle-linux-upgrade-qt5-qttools-static oracle-linux-upgrade-qt5-qttranslations oracle-linux-upgrade-qt5-qtwayland oracle-linux-upgrade-qt5-qtwayland-devel oracle-linux-upgrade-qt5-qtwayland-doc oracle-linux-upgrade-qt5-qtwayland-examples oracle-linux-upgrade-qt5-qtwebchannel oracle-linux-upgrade-qt5-qtwebchannel-devel oracle-linux-upgrade-qt5-qtwebchannel-doc oracle-linux-upgrade-qt5-qtwebchannel-examples oracle-linux-upgrade-qt5-qtwebsockets oracle-linux-upgrade-qt5-qtwebsockets-devel oracle-linux-upgrade-qt5-qtwebsockets-doc oracle-linux-upgrade-qt5-qtwebsockets-examples oracle-linux-upgrade-qt5-qtx11extras oracle-linux-upgrade-qt5-qtx11extras-devel oracle-linux-upgrade-qt5-qtx11extras-doc oracle-linux-upgrade-qt5-qtxmlpatterns oracle-linux-upgrade-qt5-qtxmlpatterns-devel oracle-linux-upgrade-qt5-qtxmlpatterns-doc oracle-linux-upgrade-qt5-qtxmlpatterns-examples oracle-linux-upgrade-qt5-rpm-macros oracle-linux-upgrade-qt5-srpm-macros References https://attackerkb.com/topics/cve-2023-38197 CVE - 2023-38197 ELSA-2023-6369 ELSA-2023-6967

OS X update for Accounts (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SonicWall GMS: CVE-2023-34137: CAS Authentication Bypass Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 07/12/2023 Created 07/13/2023 Added 07/12/2023 Modified 07/27/2023 Description An Authentication Bypass in SonicWall GMS product results in CAS Authentication Bypass. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34137 CVE - 2023-34137 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

MFSA2023-27 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.0.1 (CVE-2023-3600) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/12/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1. Solution(s) mozilla-thunderbird-upgrade-115_0_1 References https://attackerkb.com/topics/cve-2023-3600 CVE - 2023-3600 http://www.mozilla.org/security/announce/2023/mfsa2023-27.html

OS X update for AppleVA (CVE-2023-3618) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-3618: libtiff security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-3618 CVE - 2023-3618 EulerOS-SA-2023-3135

SonicWall GMS: CVE-2023-34127: Post-Authenticated Command Injection Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/14/2023 Description A vulnerability in SonicWall GMS allows for Post-Authenticated Command Injection on the OS level. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34127 CVE - 2023-34127 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

SonicWall GMS: CVE-2023-34129: Post-Authenticated Arbitrary File Write via Web Service (Zip Slip) Severity 8 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:P) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/24/2023 Description A vulnerability in SonicWall GMS allows for Post-Authenticated Arbitrary File Write via Web Service (Zip Slip). This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34129 CVE - 2023-34129 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

SonicWall GMS: CVE-2023-34135: Client-Side Hashing Function Allows Pass-the-Hash Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/12/2023 Created 07/14/2023 Added 07/14/2023 Modified 07/14/2023 Description A vulnerability in SonicWall GMS allows for a Pass-the-Hash attack. This vulnerability impacts GMS versions 9.3.2-SP1 and before Solution(s) sonicwall-gms-upgrade-9-3 References https://attackerkb.com/topics/cve-2023-34135 CVE - 2023-34135 https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-gms-analytics-impacted-by-suite-of-vulnerabilities/230710150218060/

VMware Photon OS: CVE-2023-3618 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/12/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3618 CVE - 2023-3618