ISHACK AI BOT

Gentoo Linux: CVE-2023-25516: NVIDIA Drivers: Multiple Vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/04/2023 Created 05/10/2024 Added 05/10/2024 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. Solution(s) gentoo-linux-upgrade-x11-drivers-nvidia-drivers References https://attackerkb.com/topics/cve-2023-25516 CVE - 2023-25516 202405-28

Oracle Linux: CVE-2023-37207: ELSA-2023-4062:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 07/04/2023 Created 07/19/2023 Added 07/18/2023 Modified 01/07/2025 Description A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37207 CVE - 2023-37207 ELSA-2023-4062 ELSA-2023-4071 ELSA-2023-4063 ELSA-2023-4064 ELSA-2023-4076 ELSA-2023-4079 View more

Oracle Linux: CVE-2023-37211: ELSA-2023-4062:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/19/2023 Added 07/18/2023 Modified 01/07/2025 Description Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37211 CVE - 2023-37211 ELSA-2023-4062 ELSA-2023-4071 ELSA-2023-4063 ELSA-2023-4064 ELSA-2023-4076 ELSA-2023-4079 View more

Oracle Linux: CVE-2023-37201: ELSA-2023-4062:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/19/2023 Added 07/18/2023 Modified 01/07/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 ELSA-2023-4062 ELSA-2023-4071 ELSA-2023-4063 ELSA-2023-4064 ELSA-2023-4076 ELSA-2023-4079 View more

Oracle Linux: CVE-2023-37202: ELSA-2023-4062:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/19/2023 Added 07/18/2023 Modified 01/07/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37202 CVE - 2023-37202 ELSA-2023-4062 ELSA-2023-4071 ELSA-2023-4063 ELSA-2023-4064 ELSA-2023-4076 ELSA-2023-4079 View more

Oracle Linux: CVE-2023-37208: ELSA-2023-4062:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/19/2023 Added 07/18/2023 Modified 01/07/2025 Description When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37208 CVE - 2023-37208 ELSA-2023-4062 ELSA-2023-4071 ELSA-2023-4063 ELSA-2023-4064 ELSA-2023-4076 ELSA-2023-4079 View more

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37206) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37206 CVE - 2023-37206 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37207) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37207 CVE - 2023-37207 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37204) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37204 CVE - 2023-37204 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37203) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files.This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37203 CVE - 2023-37203 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

Debian: CVE-2023-25516: Multiple Affected Packages Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/04/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service. Solution(s) debian-upgrade-nvidia-graphics-drivers debian-upgrade-nvidia-graphics-drivers-legacy-390xx debian-upgrade-nvidia-graphics-drivers-tesla debian-upgrade-nvidia-graphics-drivers-tesla-418 debian-upgrade-nvidia-graphics-drivers-tesla-450 debian-upgrade-nvidia-graphics-drivers-tesla-460 debian-upgrade-nvidia-graphics-drivers-tesla-470 debian-upgrade-nvidia-open-gpu-kernel-modules References https://attackerkb.com/topics/cve-2023-25516 CVE - 2023-25516

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37210) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A website could prevent a user from exiting full-screen mode via alert and prompt calls.This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37210 CVE - 2023-37210 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37208) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37208 CVE - 2023-37208 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37205) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37205 CVE - 2023-37205 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37201) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-22 Firefox: Security Vulnerabilities fixed in Firefox 115 (CVE-2023-37212) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. Solution(s) mozilla-firefox-upgrade-115_0 References https://attackerkb.com/topics/cve-2023-37212 CVE - 2023-37212 http://www.mozilla.org/security/announce/2023/mfsa2023-22.html

MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37207) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-esr-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37207 CVE - 2023-37207 http://www.mozilla.org/security/announce/2023/mfsa2023-23.html

MFSA2023-23 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.13 (CVE-2023-37211) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/04/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) mozilla-firefox-esr-upgrade-102_13 References https://attackerkb.com/topics/cve-2023-37211 CVE - 2023-37211 http://www.mozilla.org/security/announce/2023/mfsa2023-23.html

Debian: CVE-2023-2727: kubernetes -- security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 07/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers. Solution(s) debian-upgrade-kubernetes References https://attackerkb.com/topics/cve-2023-2727 CVE - 2023-2727

VMware Photon OS: CVE-2023-2728 Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 07/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2728 CVE - 2023-2728

7-Zip: CVE-2023-52169: Buffer Over-read Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 07/31/2024 Description The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. Solution(s) 7-zip-7-zip-upgrade-latest References https://attackerkb.com/topics/cve-2023-52169 CVE - 2023-52169 https://nvd.nist.gov/vuln/detail/CVE-2023-52169 https://www.7-zip.org/download.html

CentOS Linux: CVE-2023-36053: Important: Satellite 6.13.5 Async Security Update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/03/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Solution(s) centos-upgrade-foreman-cli centos-upgrade-python39-pulp_manifest centos-upgrade-rubygem-amazing_print centos-upgrade-rubygem-apipie-bindings centos-upgrade-rubygem-clamp centos-upgrade-rubygem-domain_name centos-upgrade-rubygem-fast_gettext centos-upgrade-rubygem-ffi centos-upgrade-rubygem-ffi-debuginfo centos-upgrade-rubygem-ffi-debugsource centos-upgrade-rubygem-foreman_maintain centos-upgrade-rubygem-gssapi centos-upgrade-rubygem-hammer_cli centos-upgrade-rubygem-hammer_cli_foreman centos-upgrade-rubygem-hammer_cli_foreman_admin centos-upgrade-rubygem-hammer_cli_foreman_ansible centos-upgrade-rubygem-hammer_cli_foreman_azure_rm centos-upgrade-rubygem-hammer_cli_foreman_bootdisk centos-upgrade-rubygem-hammer_cli_foreman_discovery centos-upgrade-rubygem-hammer_cli_foreman_google centos-upgrade-rubygem-hammer_cli_foreman_openscap centos-upgrade-rubygem-hammer_cli_foreman_remote_execution centos-upgrade-rubygem-hammer_cli_foreman_tasks centos-upgrade-rubygem-hammer_cli_foreman_templates centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure centos-upgrade-rubygem-hammer_cli_foreman_webhooks centos-upgrade-rubygem-hammer_cli_katello centos-upgrade-rubygem-hashie centos-upgrade-rubygem-highline centos-upgrade-rubygem-http-accept centos-upgrade-rubygem-http-cookie centos-upgrade-rubygem-jwt centos-upgrade-rubygem-little-plugger centos-upgrade-rubygem-locale centos-upgrade-rubygem-logging centos-upgrade-rubygem-mime-types centos-upgrade-rubygem-mime-types-data centos-upgrade-rubygem-multi_json centos-upgrade-rubygem-netrc centos-upgrade-rubygem-oauth centos-upgrade-rubygem-oauth-tty centos-upgrade-rubygem-powerbar centos-upgrade-rubygem-rest-client centos-upgrade-rubygem-snaky_hash centos-upgrade-rubygem-unf centos-upgrade-rubygem-unf_ext centos-upgrade-rubygem-unf_ext-debuginfo centos-upgrade-rubygem-unf_ext-debugsource centos-upgrade-rubygem-unicode centos-upgrade-rubygem-unicode-debuginfo centos-upgrade-rubygem-unicode-debugsource centos-upgrade-rubygem-unicode-display_width centos-upgrade-rubygem-version_gem centos-upgrade-satellite-cli centos-upgrade-satellite-clone centos-upgrade-satellite-maintain References DSA-5465 CVE-2023-36053

Ubuntu: (Multiple Advisories) (CVE-2023-36053): Django vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/03/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. Solution(s) ubuntu-pro-upgrade-python-django ubuntu-pro-upgrade-python3-django References https://attackerkb.com/topics/cve-2023-36053 CVE - 2023-36053 DSA-5465 USN-6203-1 USN-6203-2

Debian: CVE-2023-36377: osslsigncode -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/03/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. Solution(s) debian-upgrade-osslsigncode References https://attackerkb.com/topics/cve-2023-36377 CVE - 2023-36377 DLA-3693-1

Debian: CVE-2023-2728: kubernetes -- security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:N) Published 07/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers. Solution(s) debian-upgrade-kubernetes References https://attackerkb.com/topics/cve-2023-2728 CVE - 2023-2728