ISHACK AI BOT

Debian: CVE-2020-20703: vim -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. Solution(s) debian-upgrade-vim References https://attackerkb.com/topics/cve-2020-20703 CVE - 2020-20703

Ubuntu: USN-6385-1 (CVE-2023-3220): Linux kernel (OEM) vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/20/2023 Created 09/20/2023 Added 09/20/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. Solution(s) ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-oem-22-04b References https://attackerkb.com/topics/cve-2023-3220 CVE - 2023-3220 USN-6385-1

Amazon Linux AMI 2: CVE-2023-1999: Security patch for firefox, thunderbird (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/20/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-1999 AL2/ALAS-2023-2028 AL2/ALASFIREFOX-2023-005 CVE - 2023-1999

Oracle Linux: CVE-2023-37453: ELSA-2024-2394:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 06/20/2023 Created 05/21/2024 Added 05/14/2024 Modified 01/07/2025 Description An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. An out-of-bounds read issue was found in the USB subsystem in the Linux kernel. This flaw allows a malicious user to crash the system, resulting in a denial of service condition. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-37453 CVE - 2023-37453 ELSA-2024-2394 ELSA-2024-3138

SUSE: CVE-2023-3138: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/19/2023 Created 06/21/2023 Added 06/20/2023 Modified 01/28/2025 Description A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. Solution(s) suse-upgrade-libx11-6 suse-upgrade-libx11-6-32bit suse-upgrade-libx11-data suse-upgrade-libx11-devel suse-upgrade-libx11-devel-32bit suse-upgrade-libx11-xcb1 suse-upgrade-libx11-xcb1-32bit References https://attackerkb.com/topics/cve-2023-3138 CVE - 2023-3138

Amazon Linux 2023: CVE-2023-4156: Low priority package update for gawk Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 06/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. Solution(s) amazon-linux-2023-upgrade-gawk amazon-linux-2023-upgrade-gawk-all-langpacks amazon-linux-2023-upgrade-gawk-debuginfo amazon-linux-2023-upgrade-gawk-debugsource amazon-linux-2023-upgrade-gawk-devel amazon-linux-2023-upgrade-gawk-doc References https://attackerkb.com/topics/cve-2023-4156 CVE - 2023-4156 https://alas.aws.amazon.com/AL2023/ALAS-2023-292.html

Amazon Linux 2023: CVE-2023-3316: Medium priority package update for libtiff Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 06/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-3316 CVE - 2023-3316 https://alas.aws.amazon.com/AL2023/ALAS-2023-267.html

Alma Linux: CVE-2023-3316: Moderate: libtiff security update (ALSA-2023-6575) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/19/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-3316 CVE - 2023-3316 https://errata.almalinux.org/9/ALSA-2023-6575.html

Ubuntu: USN-6283-1 (CVE-2023-3312): Linux kernel vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/19/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. Solution(s) ubuntu-upgrade-linux-image-6-2-0-1007-ibm ubuntu-upgrade-linux-image-6-2-0-1009-aws ubuntu-upgrade-linux-image-6-2-0-1009-azure ubuntu-upgrade-linux-image-6-2-0-1009-oracle ubuntu-upgrade-linux-image-6-2-0-1010-kvm ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-raspi ubuntu-upgrade-linux-image-6-2-0-1011-gcp ubuntu-upgrade-linux-image-6-2-0-27-generic ubuntu-upgrade-linux-image-6-2-0-27-generic-64k ubuntu-upgrade-linux-image-6-2-0-27-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual References https://attackerkb.com/topics/cve-2023-3312 CVE - 2023-3312 USN-6283-1

Alma Linux: CVE-2023-34416: Important: thunderbird security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/19/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-34416 CVE - 2023-34416 https://errata.almalinux.org/8/ALSA-2023-3588.html https://errata.almalinux.org/8/ALSA-2023-3590.html https://errata.almalinux.org/9/ALSA-2023-3587.html https://errata.almalinux.org/9/ALSA-2023-3589.html

Huawei EulerOS: CVE-2023-1999: libwebp security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) huawei-euleros-2_0_sp11-upgrade-libwebp References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 EulerOS-SA-2023-2695

Ubuntu: (Multiple Advisories) (CVE-2023-3316): LibTIFF vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/19/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-3316 CVE - 2023-3316 USN-6229-1 USN-6290-1

Huawei EulerOS: CVE-2023-1999: libwebp security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/20/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) huawei-euleros-2_0_sp10-upgrade-libwebp References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 EulerOS-SA-2023-2385

Microsoft Office: ADV170021: Microsoft Office Defense in Depth Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2023 Created 06/27/2023 Added 06/20/2023 Modified 06/20/2023 Description Microsoft Office: ADV170021: Microsoft Office Defense in Depth Update Solution(s) microsoft-excel_2016-kb4011627 References https://support.microsoft.com/help/4011627

Amazon Linux 2023: CVE-2023-30588: Important priority package update for nodejs Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 06/20/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. Solution(s) amazon-linux-2023-upgrade-nodejs amazon-linux-2023-upgrade-nodejs-debuginfo amazon-linux-2023-upgrade-nodejs-debugsource amazon-linux-2023-upgrade-nodejs-devel amazon-linux-2023-upgrade-nodejs-docs amazon-linux-2023-upgrade-nodejs-full-i18n amazon-linux-2023-upgrade-nodejs-libs amazon-linux-2023-upgrade-nodejs-libs-debuginfo amazon-linux-2023-upgrade-npm amazon-linux-2023-upgrade-v8-devel References https://attackerkb.com/topics/cve-2023-30588 CVE - 2023-30588 https://alas.aws.amazon.com/AL2023/ALAS-2023-237.html

SUSE: CVE-2023-3220: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/20/2023 Created 07/12/2023 Added 07/12/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-3220 CVE - 2023-3220

Amazon Linux AMI 2: CVE-2020-20703: Security patch for vim (ALAS-2021-1728) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/20/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. Solution(s) amazon-linux-ami-2-upgrade-vim-common amazon-linux-ami-2-upgrade-vim-debuginfo amazon-linux-ami-2-upgrade-vim-enhanced amazon-linux-ami-2-upgrade-vim-filesystem amazon-linux-ami-2-upgrade-vim-minimal amazon-linux-ami-2-upgrade-vim-x11 References https://attackerkb.com/topics/cve-2020-20703 AL2/ALAS-2021-1728 CVE - 2020-20703

Ubuntu: (CVE-2020-20703): vim vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/20/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. Solution(s) ubuntu-upgrade-vim References https://attackerkb.com/topics/cve-2020-20703 CVE - 2020-20703 https://github.com/vim/vim/issues/5041 https://www.cve.org/CVERecord?id=CVE-2020-20703

Microsoft Office: ADV170020: Microsoft Office Defense in Depth Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/20/2023 Created 06/27/2023 Added 06/20/2023 Modified 06/20/2023 Description Microsoft Office: ADV170020: Microsoft Office Defense in Depth Update Solution(s) microsoft-word_2016-kb4011242 References https://support.microsoft.com/help/4011242

Debian: CVE-2023-3220: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3220 CVE - 2023-3220

VMware Photon OS: CVE-2023-1999 Severity 5 CVSS (AV:N/AC:H/Au:S/C:C/I:N/A:N) Published 06/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999

Rocky Linux: CVE-2023-1999: libwebp (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/20/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) rocky-upgrade-libwebp rocky-upgrade-libwebp-debuginfo rocky-upgrade-libwebp-debugsource rocky-upgrade-libwebp-devel rocky-upgrade-libwebp-tools-debuginfo References https://attackerkb.com/topics/cve-2023-1999 CVE - 2023-1999 https://errata.rockylinux.org/RLSA-2023:2076 https://errata.rockylinux.org/RLSA-2023:2078

Gentoo Linux: CVE-2023-34416: Mozilla Thunderbird: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/19/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-34416 CVE - 2023-34416 202312-03 202401-10

Gentoo Linux: CVE-2023-32208: Mozilla Firefox: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/19/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-32208 CVE - 2023-32208 202401-10

Alpine Linux: CVE-2023-32214: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/19/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-32214 CVE - 2023-32214 https://security.alpinelinux.org/vuln/CVE-2023-32214