ISHACK AI BOT

Amazon Linux 2023: CVE-2023-29331: Important priority package update for dotnet6.0 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-6-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet6-0-debuginfo amazon-linux-2023-upgrade-dotnet6-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-6-0 amazon-linux-2023-upgrade-dotnet-hostfxr-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-6-0 amazon-linux-2023-upgrade-dotnet-runtime-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0 amazon-linux-2023-upgrade-dotnet-sdk-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet-templates-6-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-29331 CVE - 2023-29331 https://alas.aws.amazon.com/AL2023/ALAS-2023-242.html

Amazon Linux 2023: CVE-2023-29337: Important priority package update for dotnet6.0 Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 06/14/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description NuGet Client Remote Code Execution Vulnerability A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-6-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet6-0-debuginfo amazon-linux-2023-upgrade-dotnet6-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-6-0 amazon-linux-2023-upgrade-dotnet-hostfxr-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-6-0 amazon-linux-2023-upgrade-dotnet-runtime-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0 amazon-linux-2023-upgrade-dotnet-sdk-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet-templates-6-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-29337 CVE - 2023-29337 https://alas.aws.amazon.com/AL2023/ALAS-2023-242.html

Ubuntu: USN-6683-1 (CVE-2023-34624): HtmlCleaner vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 03/09/2024 Added 03/08/2024 Modified 01/28/2025 Description An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Solution(s) ubuntu-pro-upgrade-libhtmlcleaner-java References https://attackerkb.com/topics/cve-2023-34624 CVE - 2023-34624 DSA-5471 USN-6683-1

Alma Linux: CVE-2023-33128: Important: .NET 6.0 security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/14/2023 Created 06/27/2023 Added 06/26/2023 Modified 02/14/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-6.0 alma-upgrade-aspnetcore-runtime-7.0 alma-upgrade-aspnetcore-targeting-pack-6.0 alma-upgrade-aspnetcore-targeting-pack-7.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-6.0 alma-upgrade-dotnet-apphost-pack-7.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-6.0 alma-upgrade-dotnet-hostfxr-7.0 alma-upgrade-dotnet-runtime-6.0 alma-upgrade-dotnet-runtime-7.0 alma-upgrade-dotnet-sdk-6.0 alma-upgrade-dotnet-sdk-6.0-source-built-artifacts alma-upgrade-dotnet-sdk-7.0 alma-upgrade-dotnet-sdk-7.0-source-built-artifacts alma-upgrade-dotnet-targeting-pack-6.0 alma-upgrade-dotnet-targeting-pack-7.0 alma-upgrade-dotnet-templates-6.0 alma-upgrade-dotnet-templates-7.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-33128 CVE - 2023-33128 https://errata.almalinux.org/8/ALSA-2023-3582.html https://errata.almalinux.org/8/ALSA-2023-3593.html https://errata.almalinux.org/9/ALSA-2023-3581.html https://errata.almalinux.org/9/ALSA-2023-3592.html

Amazon Linux 2023: CVE-2023-24895: Important priority package update for dotnet6.0 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 06/14/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability A flaw was found in dotnet. This issue can allow remote code execution when WPF is handling XAML Frame elements. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-6-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet6-0-debuginfo amazon-linux-2023-upgrade-dotnet6-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-6-0 amazon-linux-2023-upgrade-dotnet-hostfxr-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-6-0 amazon-linux-2023-upgrade-dotnet-runtime-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0 amazon-linux-2023-upgrade-dotnet-sdk-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet-templates-6-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-24895 CVE - 2023-24895 https://alas.aws.amazon.com/AL2023/ALAS-2023-242.html

Alma Linux: CVE-2023-29331: Important: .NET 6.0 security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 06/27/2023 Added 06/26/2023 Modified 02/14/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Solution(s) alma-upgrade-aspnetcore-runtime-6.0 alma-upgrade-aspnetcore-runtime-7.0 alma-upgrade-aspnetcore-targeting-pack-6.0 alma-upgrade-aspnetcore-targeting-pack-7.0 alma-upgrade-dotnet alma-upgrade-dotnet-apphost-pack-6.0 alma-upgrade-dotnet-apphost-pack-7.0 alma-upgrade-dotnet-host alma-upgrade-dotnet-hostfxr-6.0 alma-upgrade-dotnet-hostfxr-7.0 alma-upgrade-dotnet-runtime-6.0 alma-upgrade-dotnet-runtime-7.0 alma-upgrade-dotnet-sdk-6.0 alma-upgrade-dotnet-sdk-6.0-source-built-artifacts alma-upgrade-dotnet-sdk-7.0 alma-upgrade-dotnet-sdk-7.0-source-built-artifacts alma-upgrade-dotnet-targeting-pack-6.0 alma-upgrade-dotnet-targeting-pack-7.0 alma-upgrade-dotnet-templates-6.0 alma-upgrade-dotnet-templates-7.0 alma-upgrade-netstandard-targeting-pack-2.1 References https://attackerkb.com/topics/cve-2023-29331 CVE - 2023-29331 https://errata.almalinux.org/8/ALSA-2023-3582.html https://errata.almalinux.org/8/ALSA-2023-3593.html https://errata.almalinux.org/9/ALSA-2023-3581.html https://errata.almalinux.org/9/ALSA-2023-3592.html

Google Chrome Vulnerability: CVE-2023-3215 Use after free in WebRTC Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/14/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3215 CVE - 2023-3215 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html https://crbug.com/1446274

Huawei EulerOS: CVE-2023-26965: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. Solution(s) huawei-euleros-2_0_sp5-upgrade-libtiff huawei-euleros-2_0_sp5-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-26965 CVE - 2023-26965 EulerOS-SA-2024-1148

Gentoo Linux: CVE-2023-33145: Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/14/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Solution(s) gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-33145 CVE - 2023-33145 202402-05

Strengthened security of Zimbra product by disallowing usage of some JVM arguments in mailbox manager. Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/15/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-24032 CVE - 2023-24032 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center

Strengthened PreAuth servlet to only redirect to admin configured url, which will prevent security issues related to open redirection vulnerabilities. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 06/15/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-24030 CVE - 2023-24030 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center

Multiple security issues related possibility of RXSS attack related to printing messages and appointments have been fixed. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 06/15/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-24031 CVE - 2023-24031 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center

Ubuntu: (Multiple Advisories) (CVE-2023-3138): libx11 vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/15/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. Solution(s) ubuntu-pro-upgrade-libx11-6 References https://attackerkb.com/topics/cve-2023-3138 CVE - 2023-3138 USN-6168-1 USN-6168-2

Jenkins Advisory 2023-06-14: CVE-2023-35146: Stored XSS vulnerability in Template Workflows Plugin Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35146 CVE - 2023-35146 https://jenkins.io/security/advisory/2023-06-14/

Amazon Linux 2023: CVE-2023-3138: Medium priority package update for libX11 Severity 8 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:C) Published 06/15/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. Solution(s) amazon-linux-2023-upgrade-libx11 amazon-linux-2023-upgrade-libx11-common amazon-linux-2023-upgrade-libx11-debuginfo amazon-linux-2023-upgrade-libx11-debugsource amazon-linux-2023-upgrade-libx11-devel amazon-linux-2023-upgrade-libx11-xcb amazon-linux-2023-upgrade-libx11-xcb-debuginfo References https://attackerkb.com/topics/cve-2023-3138 CVE - 2023-3138 https://alas.aws.amazon.com/AL2023/ALAS-2023-250.html

Jenkins Advisory 2023-06-14: CVE-2023-32261: Missing permission check in Dimensions Plugin allows enumerating credentials IDs Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details:* https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-32261 CVE - 2023-32261 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-32262: Exposure of system-scoped credentials in Dimensions Plugin Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details:* https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-32262 CVE - 2023-32262 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-35141: CSRF protection bypass vulnerability Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35141 CVE - 2023-35141 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-35143: Stored XSS vulnerability in Maven Repository Server Plugin Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35143 CVE - 2023-35143 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-35142: SSL/TLS certificate validation disabled by default in Checkmarx Plugin Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35142 CVE - 2023-35142 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-35147: Arbitrary file read vulnerability in AWS CodeCommit Trigger Plugin Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35147 CVE - 2023-35147 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-35148: CVE-2023-35149: CSRF vulnerability and missing permission checks in Digital.ai App Management Publisher Plugin Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 06/16/2023 Description A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35148 CVE - 2023-35148 CVE - 2023-35149 https://jenkins.io/security/advisory/2023-06-14/

Jenkins Advisory 2023-06-14: CVE-2023-35144: Stored XSS vulnerability in Maven Repository Server Plugin Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 06/15/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability. Solution(s) jenkins-lts-upgrade-2_401_1 jenkins-upgrade-2_400 References https://attackerkb.com/topics/cve-2023-35144 CVE - 2023-35144 https://jenkins.io/security/advisory/2023-06-14/

Microsoft CVE-2023-29356: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/15/2023 Created 08/09/2023 Added 08/08/2023 Modified 08/09/2023 Description Microsoft CVE-2023-29356: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5025808-7940e442-aeea-403f-ad7d-418be0b44ecd-x64 msft-kb5026806-fb778324-254d-4a54-8f61-7ca877082964-x64 References https://attackerkb.com/topics/cve-2023-29356 CVE - 2023-29356 5025808 5026806

Microsoft CVE-2023-32027: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/15/2023 Created 08/09/2023 Added 08/08/2023 Modified 08/09/2023 Description Microsoft CVE-2023-32027: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Solution(s) msft-kb5025808-7940e442-aeea-403f-ad7d-418be0b44ecd-x64 msft-kb5026806-fb778324-254d-4a54-8f61-7ca877082964-x64 References https://attackerkb.com/topics/cve-2023-32027 CVE - 2023-32027 5025808 5026806