ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-3354): QEMU vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/11/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/28/2025 Description A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. Solution(s) ubuntu-upgrade-qemu ubuntu-upgrade-qemu-system ubuntu-upgrade-qemu-system-arm ubuntu-upgrade-qemu-system-mips ubuntu-upgrade-qemu-system-misc ubuntu-upgrade-qemu-system-ppc ubuntu-upgrade-qemu-system-s390x ubuntu-upgrade-qemu-system-sparc ubuntu-upgrade-qemu-system-x86 ubuntu-upgrade-qemu-system-x86-microvm ubuntu-upgrade-qemu-system-x86-xen ubuntu-upgrade-qemu-system-xen References https://attackerkb.com/topics/cve-2023-3354 CVE - 2023-3354 USN-6567-1 USN-6567-2

Ubuntu: (Multiple Advisories) (CVE-2023-29406): Go vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 USN-7061-1 USN-7109-1

Ubuntu: USN-6217-1 (CVE-2023-33170): .NET vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/12/2023 Modified 01/28/2025 Description ASP.NET and Visual Studio Security Feature Bypass Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-6-0 ubuntu-upgrade-aspnetcore-runtime-7-0 ubuntu-upgrade-dotnet-host ubuntu-upgrade-dotnet-host-7-0 ubuntu-upgrade-dotnet-hostfxr-6-0 ubuntu-upgrade-dotnet-hostfxr-7-0 ubuntu-upgrade-dotnet-runtime-6-0 ubuntu-upgrade-dotnet-runtime-7-0 ubuntu-upgrade-dotnet-sdk-6-0 ubuntu-upgrade-dotnet-sdk-7-0 ubuntu-upgrade-dotnet6 ubuntu-upgrade-dotnet7 References https://attackerkb.com/topics/cve-2023-33170 CVE - 2023-33170 USN-6217-1

Amazon Linux 2023: CVE-2023-29406: Important priority package update for golang (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking. Solution(s) amazon-linux-2023-upgrade-amazon-ecr-credential-helper amazon-linux-2023-upgrade-amazon-ssm-agent amazon-linux-2023-upgrade-amazon-ssm-agent-debuginfo amazon-linux-2023-upgrade-amazon-ssm-agent-debugsource amazon-linux-2023-upgrade-cni-plugins amazon-linux-2023-upgrade-cni-plugins-debuginfo amazon-linux-2023-upgrade-cni-plugins-debugsource amazon-linux-2023-upgrade-containerd amazon-linux-2023-upgrade-containerd-debuginfo amazon-linux-2023-upgrade-containerd-debugsource amazon-linux-2023-upgrade-containerd-stress amazon-linux-2023-upgrade-containerd-stress-debuginfo amazon-linux-2023-upgrade-docker amazon-linux-2023-upgrade-docker-debuginfo amazon-linux-2023-upgrade-docker-debugsource amazon-linux-2023-upgrade-ecs-init amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests amazon-linux-2023-upgrade-nerdctl amazon-linux-2023-upgrade-oci-add-hooks amazon-linux-2023-upgrade-oci-add-hooks-debuginfo amazon-linux-2023-upgrade-oci-add-hooks-debugsource amazon-linux-2023-upgrade-runc amazon-linux-2023-upgrade-runc-debuginfo amazon-linux-2023-upgrade-runc-debugsource References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 https://alas.aws.amazon.com/AL2023/ALAS-2023-283.html https://alas.aws.amazon.com/AL2023/ALAS-2023-311.html https://alas.aws.amazon.com/AL2023/ALAS-2023-312.html https://alas.aws.amazon.com/AL2023/ALAS-2023-313.html https://alas.aws.amazon.com/AL2023/ALAS-2023-338.html https://alas.aws.amazon.com/AL2023/ALAS-2023-345.html https://alas.aws.amazon.com/AL2023/ALAS-2023-346.html https://alas.aws.amazon.com/AL2023/ALAS-2023-347.html https://alas.aws.amazon.com/AL2023/ALAS-2023-373.html https://alas.aws.amazon.com/AL2023/ALAS-2024-480.html View more

APSB23-40: Security updates available for Adobe ColdFusion | APSB23-40 (CVE-2023-29301) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/12/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-17 adobe-coldfusion-2021-release-update-7 adobe-coldfusion-2023-release-update-1 References https://attackerkb.com/topics/cve-2023-29301 CVE - 2023-29301 https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

Apple Safari security update for CVE-2023-37450 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-safari-upgrade-16_5_2 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-37450 CVE - 2023-37450 http://support.apple.com/kb/HT213826

CentOS Linux: CVE-2023-33170: Important: .NET 7.0 security, bug fix, and enhancement update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description ASP.NET and Visual Studio Security Feature Bypass Vulnerability Solution(s) centos-upgrade-aspnetcore-runtime-6-0 centos-upgrade-aspnetcore-runtime-7-0 centos-upgrade-aspnetcore-targeting-pack-6-0 centos-upgrade-aspnetcore-targeting-pack-7-0 centos-upgrade-dotnet centos-upgrade-dotnet-apphost-pack-6-0 centos-upgrade-dotnet-apphost-pack-6-0-debuginfo centos-upgrade-dotnet-apphost-pack-7-0 centos-upgrade-dotnet-apphost-pack-7-0-debuginfo centos-upgrade-dotnet-host centos-upgrade-dotnet-host-debuginfo centos-upgrade-dotnet-hostfxr-6-0 centos-upgrade-dotnet-hostfxr-6-0-debuginfo centos-upgrade-dotnet-hostfxr-7-0 centos-upgrade-dotnet-hostfxr-7-0-debuginfo centos-upgrade-dotnet-runtime-6-0 centos-upgrade-dotnet-runtime-6-0-debuginfo centos-upgrade-dotnet-runtime-7-0 centos-upgrade-dotnet-runtime-7-0-debuginfo centos-upgrade-dotnet-sdk-6-0 centos-upgrade-dotnet-sdk-6-0-debuginfo centos-upgrade-dotnet-sdk-7-0 centos-upgrade-dotnet-sdk-7-0-debuginfo centos-upgrade-dotnet-targeting-pack-6-0 centos-upgrade-dotnet-targeting-pack-7-0 centos-upgrade-dotnet-templates-6-0 centos-upgrade-dotnet-templates-7-0 centos-upgrade-dotnet6-0-debuginfo centos-upgrade-dotnet6-0-debugsource centos-upgrade-dotnet7-0-debuginfo centos-upgrade-dotnet7-0-debugsource centos-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-33170

APSB23-40: Security updates available for Adobe ColdFusion | APSB23-40 (CVE-2023-29298) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 12/24/2024 Description Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-17 adobe-coldfusion-2021-release-update-7 adobe-coldfusion-2023-release-update-1 References https://attackerkb.com/topics/cve-2023-29298 CVE - 2023-29298 https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

CVE-2023-33161: Microsoft Excel Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description CVE-2023-33161: Microsoft Excel Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_75_0 References https://attackerkb.com/topics/cve-2023-33161 CVE - 2023-33161 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#july-11-2023

SUSE: CVE-2023-3354: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/11/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-oss suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-sdl suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-s390 suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-sdl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2023-3354 CVE - 2023-3354

SUSE: CVE-2023-36824: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12. Solution(s) suse-upgrade-redis7 References https://attackerkb.com/topics/cve-2023-36824 CVE - 2023-36824

Aruba AOS-10: CVE-2023-35978: Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Solution(s) aruba-aos-10-cve-2023-35978 References https://attackerkb.com/topics/cve-2023-35978 CVE - 2023-35978 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

Aruba AOS-10: CVE-2023-35974: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-10-cve-2023-35974 References https://attackerkb.com/topics/cve-2023-35974 CVE - 2023-35974 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-008.json

CVE-2023-33149: Microsoft Office Graphics Remote Code Execution Vulnerability [Office for Mac] Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description CVE-2023-33149: Microsoft Office Graphics Remote Code Execution Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_75_0 References https://attackerkb.com/topics/cve-2023-33149 CVE - 2023-33149 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#july-11-2023

Microsoft Windows: CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 08/07/2024 Description Windows SmartScreen Security Feature Bypass Vulnerability Solution(s) microsoft-windows-windows_10-1607-kb5028169 microsoft-windows-windows_10-1809-kb5028168 microsoft-windows-windows_10-21h2-kb5028166 microsoft-windows-windows_10-22h2-kb5028166 microsoft-windows-windows_11-21h2-kb5028182 microsoft-windows-windows_11-22h2-kb5028185 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 References https://attackerkb.com/topics/cve-2023-32049 CVE - 2023-32049 https://support.microsoft.com/help/5028166 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028182 https://support.microsoft.com/help/5028185 View more

Microsoft Windows: CVE-2023-32033: Microsoft Failover Cluster Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:M/Au:M/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 09/06/2024 Description Microsoft Failover Cluster Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5028233 microsoft-windows-windows_server_2012_r2-kb5028223 microsoft-windows-windows_server_2016-1607-kb5028169 microsoft-windows-windows_server_2019-1809-kb5028168 microsoft-windows-windows_server_2022-21h2-kb5028171 microsoft-windows-windows_server_2022-22h2-kb5028171 msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-32033 CVE - 2023-32033 https://support.microsoft.com/help/5028168 https://support.microsoft.com/help/5028169 https://support.microsoft.com/help/5028171 https://support.microsoft.com/help/5028223 https://support.microsoft.com/help/5028228 https://support.microsoft.com/help/5028233 View more

Microsoft CVE-2023-32050: Windows Installer Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 07/14/2023 Description Microsoft CVE-2023-32050: Windows Installer Elevation of Privilege Vulnerability Solution(s) msft-kb5028224-2e96cc2b-4c83-488b-8b9c-70778b8aa096 msft-kb5028226-2415aca4-06a8-45b8-86b5-471621f88a0c msft-kb5028226-9c685f84-7c63-490f-898f-767be90fb40c References https://attackerkb.com/topics/cve-2023-32050 CVE - 2023-32050 5028222 5028224 5028226 5028240

Huawei EulerOS: CVE-2023-3354: qemu security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. Solution(s) huawei-euleros-2_0_sp9-upgrade-qemu-img References https://attackerkb.com/topics/cve-2023-3354 CVE - 2023-3354 EulerOS-SA-2023-2906

Red Hat: CVE-2023-1672: tang: Race condition exists in the key generation and rotation functionality (Multiple Advisories) Severity 6 CVSS (AV:A/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. Solution(s) redhat-upgrade-tang redhat-upgrade-tang-debuginfo redhat-upgrade-tang-debugsource References CVE-2023-1672 RHSA-2023:6492 RHSA-2023:7022

Alpine Linux: CVE-2023-29406: Interpretation Conflict Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) alpine-linux-upgrade-go References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 https://security.alpinelinux.org/vuln/CVE-2023-29406

Microsoft Office: CVE-2023-33162: Microsoft Excel Information Disclosure Vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Microsoft Excel Information Disclosure Vulnerability Solution(s) microsoft-excel_2016-kb5002426 microsoft-office_online_server-kb5002421 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33162 CVE - 2023-33162 https://support.microsoft.com/help/5002421 https://support.microsoft.com/help/5002426

Microsoft Office: CVE-2023-33153: Microsoft Outlook Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description Microsoft Outlook Remote Code Execution Vulnerability Solution(s) microsoft-office_2016-kb4475581 office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2023-33153 CVE - 2023-33153 https://support.microsoft.com/help/4475581

Huawei EulerOS: CVE-2023-29406: golang security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) huawei-euleros-2_0_sp10-upgrade-golang huawei-euleros-2_0_sp10-upgrade-golang-devel huawei-euleros-2_0_sp10-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406 EulerOS-SA-2023-3213

SUSE: CVE-2023-29406: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/11/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Solution(s) suse-upgrade-go1-19 suse-upgrade-go1-19-doc suse-upgrade-go1-19-openssl suse-upgrade-go1-19-openssl-doc suse-upgrade-go1-19-openssl-race suse-upgrade-go1-19-race suse-upgrade-go1-20 suse-upgrade-go1-20-doc suse-upgrade-go1-20-openssl suse-upgrade-go1-20-openssl-doc suse-upgrade-go1-20-openssl-race suse-upgrade-go1-20-race References https://attackerkb.com/topics/cve-2023-29406 CVE - 2023-29406

CVE-2023-33162: Microsoft Excel Information Disclosure Vulnerability [Office for Mac] Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 07/11/2023 Created 07/12/2023 Added 07/11/2023 Modified 01/28/2025 Description CVE-2023-33162: Microsoft Excel Information Disclosure Vulnerability [Office for Mac] Solution(s) office-for-mac-upgrade-16_75_0 References https://attackerkb.com/topics/cve-2023-33162 CVE - 2023-33162 https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#july-11-2023