ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-32254): Linux kernel (OEM) vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/16/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/30/2025 Description A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. Solution(s) ubuntu-upgrade-linux-image-5-15-0-102-generic ubuntu-upgrade-linux-image-5-15-0-102-generic-64k ubuntu-upgrade-linux-image-5-15-0-102-generic-lpae ubuntu-upgrade-linux-image-5-15-0-102-lowlatency ubuntu-upgrade-linux-image-5-15-0-102-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1040-gkeop ubuntu-upgrade-linux-image-5-15-0-1048-nvidia ubuntu-upgrade-linux-image-5-15-0-1048-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1050-ibm ubuntu-upgrade-linux-image-5-15-0-1050-raspi ubuntu-upgrade-linux-image-5-15-0-1052-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1054-gke ubuntu-upgrade-linux-image-5-15-0-1054-kvm ubuntu-upgrade-linux-image-5-15-0-1055-gcp ubuntu-upgrade-linux-image-5-15-0-1055-oracle ubuntu-upgrade-linux-image-5-15-0-1057-aws ubuntu-upgrade-linux-image-5-15-0-1060-azure ubuntu-upgrade-linux-image-5-15-0-1060-azure-fde ubuntu-upgrade-linux-image-6-1-0-1014-oem ubuntu-upgrade-linux-image-6-2-0-1007-ibm ubuntu-upgrade-linux-image-6-2-0-1009-aws ubuntu-upgrade-linux-image-6-2-0-1009-azure ubuntu-upgrade-linux-image-6-2-0-1009-oracle ubuntu-upgrade-linux-image-6-2-0-1010-kvm ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-raspi ubuntu-upgrade-linux-image-6-2-0-1011-gcp ubuntu-upgrade-linux-image-6-2-0-27-generic ubuntu-upgrade-linux-image-6-2-0-27-generic-64k ubuntu-upgrade-linux-image-6-2-0-27-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 References https://attackerkb.com/topics/cve-2023-32254 CVE - 2023-32254 USN-6173-1 USN-6283-1 USN-6725-1 USN-6725-2

Debian: CVE-2023-3291: gpac -- security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 06/16/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-3291 CVE - 2023-3291 DSA-5452 DSA-5452-1

Debian: CVE-2023-35788: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/16/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/28/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 DLA-3508-1 DSA-5448 DSA-5448-1 DSA-5480

Debian: CVE-2023-3247: php7.4, php8.2 -- security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 06/16/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/30/2025 Description In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. Solution(s) debian-upgrade-php7-4 debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2023-3247 CVE - 2023-3247 DSA-5424-1 DSA-5425-1

Huawei EulerOS: CVE-2023-3268: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 EulerOS-SA-2023-2860

SUSE: CVE-2023-3195: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/16/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. Solution(s) suse-upgrade-imagemagick suse-upgrade-imagemagick-config-6-suse suse-upgrade-imagemagick-config-6-upstream suse-upgrade-imagemagick-devel suse-upgrade-libmagick-6_q16-3 suse-upgrade-libmagick-devel suse-upgrade-libmagickcore-6_q16-1 suse-upgrade-libmagickcore-6_q16-1-32bit suse-upgrade-libmagickwand-6_q16-1 suse-upgrade-perl-perlmagick References https://attackerkb.com/topics/cve-2023-3195 CVE - 2023-3195

SUSE: CVE-2023-35790: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/16/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. Solution(s) suse-upgrade-libjxl-devel suse-upgrade-libjxl-tools suse-upgrade-libjxl0_8 suse-upgrade-libjxl0_8-64bit References https://attackerkb.com/topics/cve-2023-35790 CVE - 2023-35790

SUSE: CVE-2023-34474: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/16/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. Solution(s) suse-upgrade-imagemagick suse-upgrade-imagemagick-config-7-suse suse-upgrade-imagemagick-config-7-upstream suse-upgrade-imagemagick-devel suse-upgrade-imagemagick-devel-32bit suse-upgrade-imagemagick-doc suse-upgrade-imagemagick-extra suse-upgrade-libmagick-7_q16hdri5 suse-upgrade-libmagick-7_q16hdri5-32bit suse-upgrade-libmagick-devel suse-upgrade-libmagick-devel-32bit suse-upgrade-libmagickcore-7_q16hdri10 suse-upgrade-libmagickcore-7_q16hdri10-32bit suse-upgrade-libmagickwand-7_q16hdri10 suse-upgrade-libmagickwand-7_q16hdri10-32bit suse-upgrade-perl-perlmagick References https://attackerkb.com/topics/cve-2023-34474 CVE - 2023-34474

VMware Photon OS: CVE-2023-2431 Severity 3 CVSS (AV:L/AC:L/Au:M/C:P/I:P/A:N) Published 06/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2431 CVE - 2023-2431

Red Hat JBossEAP: Improper Certificate Validation (CVE-2023-33201) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/16/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.. A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-33201 CVE - 2023-33201 https://access.redhat.com/security/cve/CVE-2023-33201 https://bugzilla.redhat.com/show_bug.cgi?id=2215465 https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 https://access.redhat.com/errata/RHSA-2023:5484 https://access.redhat.com/errata/RHSA-2023:5485 https://access.redhat.com/errata/RHSA-2023:5486 https://access.redhat.com/errata/RHSA-2023:5488 View more

Red Hat: CVE-2023-3268: kernel: out-of-bounds access in relay_file_read (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-3268 RHSA-2023:6583 RHSA-2023:6901 RHSA-2023:7077 RHSA-2024:0412 RHSA-2024:1250 RHSA-2024:1306 View more

SUSE: CVE-2023-2431: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 06/16/2023 Created 06/29/2023 Added 06/29/2023 Modified 01/28/2025 Description A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet. Solution(s) suse-upgrade-kubernetes1-23-apiserver suse-upgrade-kubernetes1-23-client suse-upgrade-kubernetes1-23-client-bash-completion suse-upgrade-kubernetes1-23-client-common suse-upgrade-kubernetes1-23-client-fish-completion suse-upgrade-kubernetes1-23-controller-manager suse-upgrade-kubernetes1-23-kubeadm suse-upgrade-kubernetes1-23-kubelet suse-upgrade-kubernetes1-23-kubelet-common suse-upgrade-kubernetes1-23-proxy suse-upgrade-kubernetes1-23-scheduler References https://attackerkb.com/topics/cve-2023-2431 CVE - 2023-2431

Alma Linux: CVE-2023-3268: Important: kernel security, bug fix, and enhancement update (ALSA-2023-7077) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 https://errata.almalinux.org/8/ALSA-2023-7077.html

Oracle Linux: CVE-2023-24936: ELSA-2023-3581:.NET 6.0 security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 06/14/2023 Created 06/16/2023 Added 06/15/2023 Modified 01/07/2025 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-runtime-7-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-7-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-7-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-hostfxr-7-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-runtime-7-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-7-0 oracle-linux-upgrade-dotnet-sdk-7-0-source-built-artifacts oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-targeting-pack-7-0 oracle-linux-upgrade-dotnet-templates-6-0 oracle-linux-upgrade-dotnet-templates-7-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-24936 CVE - 2023-24936 ELSA-2023-3581 ELSA-2023-3593 ELSA-2023-3582 ELSA-2023-3592

Alma Linux: CVE-2023-35789: Moderate: librabbitmq security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 06/16/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. Solution(s) alma-upgrade-librabbitmq alma-upgrade-librabbitmq-devel alma-upgrade-librabbitmq-tools References https://attackerkb.com/topics/cve-2023-35789 CVE - 2023-35789 https://errata.almalinux.org/8/ALSA-2023-7150.html https://errata.almalinux.org/9/ALSA-2023-6482.html

Amazon Linux 2023: CVE-2023-26965: Medium priority package update for libtiff Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-26965 CVE - 2023-26965 https://alas.aws.amazon.com/AL2023/ALAS-2023-271.html

Oracle Linux: CVE-2023-29331: ELSA-2023-3581:.NET 6.0 security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 06/16/2023 Added 06/15/2023 Modified 01/07/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-runtime-7-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-7-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-7-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-hostfxr-7-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-runtime-7-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-7-0 oracle-linux-upgrade-dotnet-sdk-7-0-source-built-artifacts oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-targeting-pack-7-0 oracle-linux-upgrade-dotnet-templates-6-0 oracle-linux-upgrade-dotnet-templates-7-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-29331 CVE - 2023-29331 ELSA-2023-3581 ELSA-2023-3593 ELSA-2023-3582 ELSA-2023-3592

Ubuntu: USN-6204-1 (CVE-2023-34095): CPDB vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/14/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions. Solution(s) ubuntu-upgrade-cpdb-libs-tools ubuntu-upgrade-libcpdb-frontend2 ubuntu-upgrade-libcpdb-libs-common1 ubuntu-upgrade-libcpdb-libs-frontend1 ubuntu-upgrade-libcpdb-libs-tools ubuntu-upgrade-libcpdb2 References https://attackerkb.com/topics/cve-2023-34095 CVE - 2023-34095 USN-6204-1

Rocky Linux: CVE-2023-29337: .NET-7.0 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 06/14/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description NuGet Client Remote Code Execution Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-6.0 rocky-upgrade-aspnetcore-runtime-7.0 rocky-upgrade-aspnetcore-targeting-pack-6.0 rocky-upgrade-aspnetcore-targeting-pack-7.0 rocky-upgrade-dotnet rocky-upgrade-dotnet-apphost-pack-6.0 rocky-upgrade-dotnet-apphost-pack-6.0-debuginfo rocky-upgrade-dotnet-apphost-pack-7.0 rocky-upgrade-dotnet-apphost-pack-7.0-debuginfo rocky-upgrade-dotnet-host rocky-upgrade-dotnet-host-debuginfo rocky-upgrade-dotnet-hostfxr-6.0 rocky-upgrade-dotnet-hostfxr-6.0-debuginfo rocky-upgrade-dotnet-hostfxr-7.0 rocky-upgrade-dotnet-hostfxr-7.0-debuginfo rocky-upgrade-dotnet-runtime-6.0 rocky-upgrade-dotnet-runtime-6.0-debuginfo rocky-upgrade-dotnet-runtime-7.0 rocky-upgrade-dotnet-runtime-7.0-debuginfo rocky-upgrade-dotnet-sdk-6.0 rocky-upgrade-dotnet-sdk-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0-source-built-artifacts rocky-upgrade-dotnet-sdk-7.0 rocky-upgrade-dotnet-sdk-7.0-debuginfo rocky-upgrade-dotnet-sdk-7.0-source-built-artifacts rocky-upgrade-dotnet-targeting-pack-6.0 rocky-upgrade-dotnet-targeting-pack-7.0 rocky-upgrade-dotnet-templates-6.0 rocky-upgrade-dotnet-templates-7.0 rocky-upgrade-dotnet6.0-debuginfo rocky-upgrade-dotnet7.0-debuginfo rocky-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-29337 CVE - 2023-29337 https://errata.rockylinux.org/RLSA-2023:3582 https://errata.rockylinux.org/RLSA-2023:3593

Ubuntu: (Multiple Advisories) (CVE-2023-32636): GLib vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Solution(s) ubuntu-pro-upgrade-libglib2-0-0 ubuntu-pro-upgrade-libglib2-0-bin References https://attackerkb.com/topics/cve-2023-32636 CVE - 2023-32636 USN-6165-1 USN-6165-2

Rocky Linux: CVE-2023-33128: .NET-7.0 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/14/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-6.0 rocky-upgrade-aspnetcore-runtime-7.0 rocky-upgrade-aspnetcore-targeting-pack-6.0 rocky-upgrade-aspnetcore-targeting-pack-7.0 rocky-upgrade-dotnet rocky-upgrade-dotnet-apphost-pack-6.0 rocky-upgrade-dotnet-apphost-pack-6.0-debuginfo rocky-upgrade-dotnet-apphost-pack-7.0 rocky-upgrade-dotnet-apphost-pack-7.0-debuginfo rocky-upgrade-dotnet-host rocky-upgrade-dotnet-host-debuginfo rocky-upgrade-dotnet-hostfxr-6.0 rocky-upgrade-dotnet-hostfxr-6.0-debuginfo rocky-upgrade-dotnet-hostfxr-7.0 rocky-upgrade-dotnet-hostfxr-7.0-debuginfo rocky-upgrade-dotnet-runtime-6.0 rocky-upgrade-dotnet-runtime-6.0-debuginfo rocky-upgrade-dotnet-runtime-7.0 rocky-upgrade-dotnet-runtime-7.0-debuginfo rocky-upgrade-dotnet-sdk-6.0 rocky-upgrade-dotnet-sdk-6.0-debuginfo rocky-upgrade-dotnet-sdk-6.0-source-built-artifacts rocky-upgrade-dotnet-sdk-7.0 rocky-upgrade-dotnet-sdk-7.0-debuginfo rocky-upgrade-dotnet-sdk-7.0-source-built-artifacts rocky-upgrade-dotnet-targeting-pack-6.0 rocky-upgrade-dotnet-targeting-pack-7.0 rocky-upgrade-dotnet-templates-6.0 rocky-upgrade-dotnet-templates-7.0 rocky-upgrade-dotnet6.0-debuginfo rocky-upgrade-dotnet7.0-debuginfo rocky-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-33128 CVE - 2023-33128 https://errata.rockylinux.org/RLSA-2023:3582 https://errata.rockylinux.org/RLSA-2023:3593

Amazon Linux AMI 2: CVE-2023-34623: Security patch for jtidy (ALAS-2024-2461) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Solution(s) amazon-linux-ami-2-upgrade-jtidy amazon-linux-ami-2-upgrade-jtidy-javadoc References https://attackerkb.com/topics/cve-2023-34623 AL2/ALAS-2024-2461 CVE - 2023-34623

Rocky Linux: CVE-2023-32032: .NET-7.0 (RLSA-2023-3593) Severity 6 CVSS (AV:L/AC:M/Au:S/C:P/I:C/A:C) Published 06/14/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description .NET and Visual Studio Elevation of Privilege Vulnerability Solution(s) rocky-upgrade-aspnetcore-runtime-7.0 rocky-upgrade-aspnetcore-targeting-pack-7.0 rocky-upgrade-dotnet rocky-upgrade-dotnet-apphost-pack-7.0 rocky-upgrade-dotnet-apphost-pack-7.0-debuginfo rocky-upgrade-dotnet-host rocky-upgrade-dotnet-host-debuginfo rocky-upgrade-dotnet-hostfxr-7.0 rocky-upgrade-dotnet-hostfxr-7.0-debuginfo rocky-upgrade-dotnet-runtime-7.0 rocky-upgrade-dotnet-runtime-7.0-debuginfo rocky-upgrade-dotnet-sdk-7.0 rocky-upgrade-dotnet-sdk-7.0-debuginfo rocky-upgrade-dotnet-sdk-7.0-source-built-artifacts rocky-upgrade-dotnet-targeting-pack-7.0 rocky-upgrade-dotnet-templates-7.0 rocky-upgrade-dotnet7.0-debuginfo rocky-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-32032 CVE - 2023-32032 https://errata.rockylinux.org/RLSA-2023:3593

Red Hat: CVE-2023-24936: Bypass restrictions when deserializing a DataSet or DataTable from XML (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 06/14/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-24936 RHSA-2023:3581 RHSA-2023:3582 RHSA-2023:3592 RHSA-2023:3593

VMware Photon OS: CVE-2023-26965 Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-26965 CVE - 2023-26965