ISHACK AI BOT

Microsoft Windows: CVE-2023-29358: Windows GDI Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 09/06/2024 Description Windows GDI Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5027230 microsoft-windows-windows_10-1607-kb5027219 microsoft-windows-windows_10-1809-kb5027222 microsoft-windows-windows_10-21h2-kb5027215 microsoft-windows-windows_10-22h2-kb5027215 microsoft-windows-windows_11-21h2-kb5027223 microsoft-windows-windows_11-22h2-kb5027231 microsoft-windows-windows_server_2012-kb5027281 microsoft-windows-windows_server_2012_r2-kb5027282 microsoft-windows-windows_server_2016-1607-kb5027219 microsoft-windows-windows_server_2019-1809-kb5027222 microsoft-windows-windows_server_2022-21h2-kb5027225 microsoft-windows-windows_server_2022-22h2-kb5027225 msft-kb5027256-217a6141-d7e5-4eb3-bae3-fa31c30edc73 msft-kb5027277-121b55ee-2a81-4d6b-84ae-8d5ea84777fe msft-kb5027277-e5a5cbd0-acc8-43e0-964a-35aaad2f36a7 References https://attackerkb.com/topics/cve-2023-29358 CVE - 2023-29358 https://support.microsoft.com/help/5027215 https://support.microsoft.com/help/5027219 https://support.microsoft.com/help/5027222 https://support.microsoft.com/help/5027223 https://support.microsoft.com/help/5027225 https://support.microsoft.com/help/5027230 https://support.microsoft.com/help/5027231 https://support.microsoft.com/help/5027271 https://support.microsoft.com/help/5027281 https://support.microsoft.com/help/5027282 View more

Microsoft Windows: CVE-2023-32008: Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 08/07/2024 Description Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5027230 microsoft-windows-windows_10-1607-kb5027219 microsoft-windows-windows_10-1809-kb5027222 microsoft-windows-windows_10-21h2-kb5027215 microsoft-windows-windows_10-22h2-kb5027215 microsoft-windows-windows_11-21h2-kb5027223 microsoft-windows-windows_11-22h2-kb5027231 microsoft-windows-windows_server_2016-1607-kb5027219 microsoft-windows-windows_server_2019-1809-kb5027222 microsoft-windows-windows_server_2022-21h2-kb5027225 microsoft-windows-windows_server_2022-22h2-kb5027225 References https://attackerkb.com/topics/cve-2023-32008 CVE - 2023-32008 https://support.microsoft.com/help/5027215 https://support.microsoft.com/help/5027219 https://support.microsoft.com/help/5027222 https://support.microsoft.com/help/5027223 https://support.microsoft.com/help/5027225 https://support.microsoft.com/help/5027230 https://support.microsoft.com/help/5027231 View more

Microsoft Windows: CVE-2023-24938: Windows CryptoAPIDenial of Service Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 08/07/2024 Description Windows CryptoAPIDenial of Service Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5027222 microsoft-windows-windows_10-21h2-kb5027215 microsoft-windows-windows_10-22h2-kb5027215 microsoft-windows-windows_11-21h2-kb5027223 microsoft-windows-windows_11-22h2-kb5027231 microsoft-windows-windows_server_2019-1809-kb5027222 microsoft-windows-windows_server_2022-21h2-kb5027225 microsoft-windows-windows_server_2022-22h2-kb5027225 References https://attackerkb.com/topics/cve-2023-24938 CVE - 2023-24938 https://support.microsoft.com/help/5027215 https://support.microsoft.com/help/5027222 https://support.microsoft.com/help/5027223 https://support.microsoft.com/help/5027225 https://support.microsoft.com/help/5027231

Microsoft Windows: CVE-2023-29370: Windows Media Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 08/07/2024 Description Windows Media Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5027230 microsoft-windows-windows_10-1607-kb5027219 microsoft-windows-windows_10-1809-kb5027222 microsoft-windows-windows_10-21h2-kb5027215 microsoft-windows-windows_10-22h2-kb5027215 microsoft-windows-windows_11-21h2-kb5027223 microsoft-windows-windows_11-22h2-kb5027231 microsoft-windows-windows_server_2016-1607-kb5027219 microsoft-windows-windows_server_2019-1809-kb5027222 microsoft-windows-windows_server_2022-21h2-kb5027225 microsoft-windows-windows_server_2022-22h2-kb5027225 References https://attackerkb.com/topics/cve-2023-29370 CVE - 2023-29370 https://support.microsoft.com/help/5027215 https://support.microsoft.com/help/5027219 https://support.microsoft.com/help/5027222 https://support.microsoft.com/help/5027223 https://support.microsoft.com/help/5027225 https://support.microsoft.com/help/5027230 https://support.microsoft.com/help/5027231 View more

Microsoft CVE-2023-33137: Microsoft Excel Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 06/15/2023 Description Microsoft CVE-2023-33137: Microsoft Excel Remote Code Execution Vulnerability Solution(s) msft-kb5002401-dcc5af00-dd02-4a1e-b432-6642f72326af msft-kb5002414-2e2a2258-68ba-4fbb-a76b-9757a473cffd msft-kb5002414-4906e766-4086-4f4b-91d9-9ded7eac4d84 References https://attackerkb.com/topics/cve-2023-33137 CVE - 2023-33137 5002401 5002405 5002414

Zoom: CVE-2023-28599: HTML Injection vulnerability in Zoom Clients Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-28599 CVE - 2023-28599 https://explore.zoom.us/en/trust/security/security-bulletin

Oracle Linux: CVE-2023-20867: ELSA-2023-3949:open-vm-tools security update (LOW) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:H/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 07/04/2023 Added 06/30/2023 Modified 02/10/2025 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity. Solution(s) oracle-linux-upgrade-open-vm-tools oracle-linux-upgrade-open-vm-tools-desktop oracle-linux-upgrade-open-vm-tools-devel oracle-linux-upgrade-open-vm-tools-salt-minion oracle-linux-upgrade-open-vm-tools-sdmp oracle-linux-upgrade-open-vm-tools-test References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867 ELSA-2023-3949 ELSA-2023-3948 ELSA-2023-3944

Zoom: CVE-2023-28598: HTML injection in Zoom Linux Clients Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/13/2023 Created 02/20/2024 Added 02/19/2024 Modified 02/21/2024 Description Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.<br/><br/>Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from <a href="https://zoom.us/download">https://zoom.us/download</a>. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-28598 https://www.zoom.com/en/trust/security-bulletin/ CVE - 2023-28598

Zoom: CVE-2023-34122: Improper Input Validation Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:P) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-34122 CVE - 2023-34122 https://explore.zoom.us/en/trust/security/security-bulletin

Amazon Linux AMI 2: CVE-2020-22592: Security patch for webkitgtk4 (ALAS-2023-2088) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/13/2023 Created 06/14/2023 Added 06/13/2023 Modified 06/13/2023 Description Amazon Linux AMI 2: CVE-2020-22592: Security patch for webkitgtk4 (ALAS-2023-2088) Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2020-22592 AL2/ALAS-2023-2088 CVE - 2020-22592

Zoom: CVE-2023-28602: Improper Verification of Cryptographic Signature in Zoom Clients Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:N) Published 06/13/2023 Created 01/09/2025 Added 01/08/2025 Modified 01/08/2025 Description Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions. Solution(s) zoom-zoom-upgrade-latest References https://attackerkb.com/topics/cve-2023-28602 CVE - 2023-28602 https://explore.zoom.us/en/trust/security/security-bulletin

Adobe Animate: CVE-2023-29321: Security updates available for Adobe Animate (APSB23-36) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves a critical vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2023-29321 CVE - 2023-29321 https://helpx.adobe.com/security/products/animate/apsb23-36.html

Red Hat: CVE-2023-20867: authentication bypass vulnerability in the vgauth module (Multiple Advisories) Severity 3 CVSS (AV:L/AC:M/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 06/30/2023 Added 06/30/2023 Modified 01/28/2025 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) redhat-upgrade-open-vm-tools redhat-upgrade-open-vm-tools-debuginfo redhat-upgrade-open-vm-tools-debugsource redhat-upgrade-open-vm-tools-desktop redhat-upgrade-open-vm-tools-desktop-debuginfo redhat-upgrade-open-vm-tools-devel redhat-upgrade-open-vm-tools-salt-minion redhat-upgrade-open-vm-tools-sdmp redhat-upgrade-open-vm-tools-sdmp-debuginfo redhat-upgrade-open-vm-tools-test redhat-upgrade-open-vm-tools-test-debuginfo References CVE-2023-20867 RHSA-2023:3944 RHSA-2023:3947 RHSA-2023:3948 RHSA-2023:3949 RHSA-2023:3950

Alma Linux: CVE-2023-20867: Low: open-vm-tools security update (Multiple Advisories) Severity 3 CVSS (AV:L/AC:M/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/28/2025 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) alma-upgrade-open-vm-tools alma-upgrade-open-vm-tools-desktop alma-upgrade-open-vm-tools-salt-minion alma-upgrade-open-vm-tools-sdmp alma-upgrade-open-vm-tools-test References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867 https://errata.almalinux.org/8/ALSA-2023-3949.html https://errata.almalinux.org/9/ALSA-2023-3948.html

Debian: CVE-2023-3216: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3216 CVE - 2023-3216 DSA-5428-1

VMware Photon OS: CVE-2023-20867 Severity 2 CVSS (AV:L/AC:H/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867

Alpine Linux: CVE-2023-20867: Improper Authentication Severity 3 CVSS (AV:L/AC:M/Au:M/C:P/I:P/A:N) Published 06/13/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Solution(s) alpine-linux-upgrade-open-vm-tools References https://attackerkb.com/topics/cve-2023-20867 CVE - 2023-20867 https://security.alpinelinux.org/vuln/CVE-2023-20867

Fortinet FortiAnalyzer: Server-Side Request Forgery (SSRF) (CVE-2023-25609) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/13/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests. Solution(s) fortinet-fortianalyzer-upgrade-latest References https://attackerkb.com/topics/cve-2023-25609 CVE - 2023-25609 https://fortiguard.com/psirt/FG-IR-22-493

FreeBSD: VID-B8A52E5A-483D-11EE-971D-3DF00E0F9020 (CVE-2023-36811): Borg (Backup) -- flaw in cryptographic authentication scheme in Borg allowed an attacker to fake archives and indirectly cause backup data loss. Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:C/A:N) Published 06/13/2023 Created 09/05/2023 Added 09/01/2023 Modified 01/28/2025 Description borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability. Solution(s) freebsd-upgrade-package-py310-borgbackup freebsd-upgrade-package-py311-borgbackup freebsd-upgrade-package-py312-borgbackup freebsd-upgrade-package-py37-borgbackup freebsd-upgrade-package-py38-borgbackup freebsd-upgrade-package-py39-borgbackup References CVE-2023-36811

Debian: CVE-2023-3214: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-3214 CVE - 2023-3214 DSA-5428-1

Oracle Linux: CVE-2023-33128: ELSA-2023-3581:.NET 6.0 security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/14/2023 Created 06/16/2023 Added 06/15/2023 Modified 01/07/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-runtime-7-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-7-0 oracle-linux-upgrade-dotnet oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-7-0 oracle-linux-upgrade-dotnet-host oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-hostfxr-7-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-runtime-7-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-sdk-7-0 oracle-linux-upgrade-dotnet-sdk-7-0-source-built-artifacts oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-targeting-pack-7-0 oracle-linux-upgrade-dotnet-templates-6-0 oracle-linux-upgrade-dotnet-templates-7-0 oracle-linux-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-33128 CVE - 2023-33128 ELSA-2023-3581 ELSA-2023-3593 ELSA-2023-3582 ELSA-2023-3592

Ubuntu: (Multiple Advisories) (CVE-2023-24936): .NET vulnerabilities Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 06/13/2023 Created 06/14/2023 Added 06/14/2023 Modified 01/28/2025 Description .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-6-0 ubuntu-upgrade-aspnetcore-runtime-7-0 ubuntu-upgrade-dotnet-host ubuntu-upgrade-dotnet-host-7-0 ubuntu-upgrade-dotnet-hostfxr-6-0 ubuntu-upgrade-dotnet-hostfxr-7-0 ubuntu-upgrade-dotnet-runtime-6-0 ubuntu-upgrade-dotnet-runtime-7-0 ubuntu-upgrade-dotnet-sdk-6-0 ubuntu-upgrade-dotnet-sdk-7-0 ubuntu-upgrade-dotnet6 ubuntu-upgrade-dotnet7 References https://attackerkb.com/topics/cve-2023-24936 CVE - 2023-24936 USN-6161-1 USN-6161-2

Red Hat: CVE-2023-29331: Denial of Service processing X509 Certificates (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-29331 RHSA-2023:3581 RHSA-2023:3582 RHSA-2023:3592 RHSA-2023:3593 RHSA-2023:4448 RHSA-2023:4449 View more

Red Hat: CVE-2023-29337: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 06/14/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description NuGet Client Remote Code Execution Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-6-0 redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-targeting-pack-6-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-6-0 redhat-upgrade-dotnet-apphost-pack-6-0-debuginfo redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-6-0 redhat-upgrade-dotnet-hostfxr-6-0-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-runtime-6-0 redhat-upgrade-dotnet-runtime-6-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-sdk-6-0 redhat-upgrade-dotnet-sdk-6-0-debuginfo redhat-upgrade-dotnet-sdk-6-0-source-built-artifacts redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-targeting-pack-6-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-templates-6-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet6-0-debuginfo redhat-upgrade-dotnet6-0-debugsource redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2023-29337 RHSA-2023:3581 RHSA-2023:3582 RHSA-2023:3592 RHSA-2023:3593 RHSA-2023:4448 RHSA-2023:4449 View more

Ubuntu: (Multiple Advisories) (CVE-2023-32665): GLib vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/14/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Solution(s) ubuntu-pro-upgrade-libglib2-0-0 ubuntu-pro-upgrade-libglib2-0-bin References https://attackerkb.com/topics/cve-2023-32665 CVE - 2023-32665 USN-6165-1 USN-6165-2