ISHACK AI BOT

FreeBSD: VID-CDB5338D-04EC-11EE-9C88-001B217B3468 (CVE-2023-2132): Gitlab -- Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-2132

FreeBSD: VID-CDB5338D-04EC-11EE-9C88-001B217B3468 (CVE-2023-0121): Gitlab -- Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-CDB5338D-04EC-11EE-9C88-001B217B3468: Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositories of public projects Reflected XSS in Report Abuse Functionality Privilege escalation from maintainer to owner by importing members from a project Bypassing tags protection in GitLab Denial of Service using multiple labels with arbitrarily large descriptions Ability to use an unverified email for public and commit emails Open Redirection Through HTTP Response Splitting Disclosure of issue notes to an unauthorized user when exporting a project Ambiguous branch name exploitation Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0121

FreeBSD: VID-BFCA647C-0456-11EE-BAFD-B42E991FC52E (CVE-2023-33970): Kanboard -- Multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) freebsd-upgrade-package-php80-kanboard References CVE-2023-33970

FreeBSD: VID-CDB5338D-04EC-11EE-9C88-001B217B3468 (CVE-2023-1825): Gitlab -- Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-CDB5338D-04EC-11EE-9C88-001B217B3468: Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositories of public projects Reflected XSS in Report Abuse Functionality Privilege escalation from maintainer to owner by importing members from a project Bypassing tags protection in GitLab Denial of Service using multiple labels with arbitrarily large descriptions Ability to use an unverified email for public and commit emails Open Redirection Through HTTP Response Splitting Disclosure of issue notes to an unauthorized user when exporting a project Ambiguous branch name exploitation Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-1825

Amazon Linux AMI 2: CVE-2023-3111: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/05/2023 Created 06/30/2023 Added 06/30/2023 Modified 01/28/2025 Description A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-318-240-529 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-184-174-730 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-69-37-134 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-3111 AL2/ALAS-2023-2100 AL2/ALASKERNEL-5.10-2023-034 AL2/ALASKERNEL-5.15-2022-008 AL2/ALASKERNEL-5.4-2023-047 CVE - 2023-3111

FreeBSD: VID-BFCA647C-0456-11EE-BAFD-B42E991FC52E (CVE-2023-33969): Kanboard -- Multiple vulnerabilities Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config. Solution(s) freebsd-upgrade-package-php80-kanboard References CVE-2023-33969

SUSE: CVE-2023-34410: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/05/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Solution(s) suse-upgrade-libqt4 suse-upgrade-libqt4-32bit suse-upgrade-libqt4-devel suse-upgrade-libqt4-devel-doc suse-upgrade-libqt4-devel-doc-data suse-upgrade-libqt4-linguist suse-upgrade-libqt4-private-headers-devel suse-upgrade-libqt4-qt3support suse-upgrade-libqt4-qt3support-32bit suse-upgrade-libqt4-sql suse-upgrade-libqt4-sql-32bit suse-upgrade-libqt4-sql-mysql suse-upgrade-libqt4-sql-mysql-32bit suse-upgrade-libqt4-sql-postgresql suse-upgrade-libqt4-sql-postgresql-32bit suse-upgrade-libqt4-sql-sqlite suse-upgrade-libqt4-sql-sqlite-32bit suse-upgrade-libqt4-sql-unixodbc suse-upgrade-libqt4-sql-unixodbc-32bit suse-upgrade-libqt4-x11 suse-upgrade-libqt4-x11-32bit suse-upgrade-libqt5-qtbase-common-devel suse-upgrade-libqt5-qtbase-devel suse-upgrade-libqt5-qtbase-examples suse-upgrade-libqt5-qtbase-examples-32bit suse-upgrade-libqt5-qtbase-platformtheme-gtk3 suse-upgrade-libqt5-qtbase-platformtheme-xdgdesktopportal suse-upgrade-libqt5-qtbase-private-headers-devel suse-upgrade-libqt5bootstrap-devel-static suse-upgrade-libqt5bootstrap-devel-static-32bit suse-upgrade-libqt5concurrent-devel suse-upgrade-libqt5concurrent-devel-32bit suse-upgrade-libqt5concurrent5 suse-upgrade-libqt5concurrent5-32bit suse-upgrade-libqt5core-devel suse-upgrade-libqt5core-devel-32bit suse-upgrade-libqt5core-private-headers-devel suse-upgrade-libqt5core5 suse-upgrade-libqt5core5-32bit suse-upgrade-libqt5dbus-devel suse-upgrade-libqt5dbus-devel-32bit suse-upgrade-libqt5dbus-private-headers-devel suse-upgrade-libqt5dbus5 suse-upgrade-libqt5dbus5-32bit suse-upgrade-libqt5gui-devel suse-upgrade-libqt5gui-devel-32bit suse-upgrade-libqt5gui-private-headers-devel suse-upgrade-libqt5gui5 suse-upgrade-libqt5gui5-32bit suse-upgrade-libqt5kmssupport-devel-static suse-upgrade-libqt5kmssupport-private-headers-devel suse-upgrade-libqt5network-devel suse-upgrade-libqt5network-devel-32bit suse-upgrade-libqt5network-private-headers-devel suse-upgrade-libqt5network5 suse-upgrade-libqt5network5-32bit suse-upgrade-libqt5opengl-devel suse-upgrade-libqt5opengl-devel-32bit suse-upgrade-libqt5opengl-private-headers-devel suse-upgrade-libqt5opengl5 suse-upgrade-libqt5opengl5-32bit suse-upgrade-libqt5openglextensions-devel-static suse-upgrade-libqt5openglextensions-devel-static-32bit suse-upgrade-libqt5platformheaders-devel suse-upgrade-libqt5platformsupport-devel-static suse-upgrade-libqt5platformsupport-devel-static-32bit suse-upgrade-libqt5platformsupport-private-headers-devel suse-upgrade-libqt5printsupport-devel suse-upgrade-libqt5printsupport-devel-32bit suse-upgrade-libqt5printsupport-private-headers-devel suse-upgrade-libqt5printsupport5 suse-upgrade-libqt5printsupport5-32bit suse-upgrade-libqt5sql-devel suse-upgrade-libqt5sql-devel-32bit suse-upgrade-libqt5sql-private-headers-devel suse-upgrade-libqt5sql5 suse-upgrade-libqt5sql5-32bit suse-upgrade-libqt5sql5-mysql suse-upgrade-libqt5sql5-mysql-32bit suse-upgrade-libqt5sql5-postgresql suse-upgrade-libqt5sql5-postgresql-32bit suse-upgrade-libqt5sql5-sqlite suse-upgrade-libqt5sql5-sqlite-32bit suse-upgrade-libqt5sql5-unixodbc suse-upgrade-libqt5sql5-unixodbc-32bit suse-upgrade-libqt5test-devel suse-upgrade-libqt5test-devel-32bit suse-upgrade-libqt5test-private-headers-devel suse-upgrade-libqt5test5 suse-upgrade-libqt5test5-32bit suse-upgrade-libqt5widgets-devel suse-upgrade-libqt5widgets-devel-32bit suse-upgrade-libqt5widgets-private-headers-devel suse-upgrade-libqt5widgets5 suse-upgrade-libqt5widgets5-32bit suse-upgrade-libqt5xml-devel suse-upgrade-libqt5xml-devel-32bit suse-upgrade-libqt5xml5 suse-upgrade-libqt5xml5-32bit suse-upgrade-libqt6concurrent6 suse-upgrade-libqt6core6 suse-upgrade-libqt6dbus6 suse-upgrade-libqt6gui6 suse-upgrade-libqt6network6 suse-upgrade-libqt6opengl6 suse-upgrade-libqt6openglwidgets6 suse-upgrade-libqt6printsupport6 suse-upgrade-libqt6sql6 suse-upgrade-libqt6test6 suse-upgrade-libqt6widgets6 suse-upgrade-libqt6xml6 suse-upgrade-qt4-x11-tools suse-upgrade-qt6-base-common-devel suse-upgrade-qt6-base-devel suse-upgrade-qt6-base-docs-html suse-upgrade-qt6-base-docs-qch suse-upgrade-qt6-base-examples suse-upgrade-qt6-base-private-devel suse-upgrade-qt6-concurrent-devel suse-upgrade-qt6-core-devel suse-upgrade-qt6-core-private-devel suse-upgrade-qt6-dbus-devel suse-upgrade-qt6-dbus-private-devel suse-upgrade-qt6-docs-common suse-upgrade-qt6-gui-devel suse-upgrade-qt6-gui-private-devel suse-upgrade-qt6-kmssupport-devel-static suse-upgrade-qt6-kmssupport-private-devel suse-upgrade-qt6-network-devel suse-upgrade-qt6-network-private-devel suse-upgrade-qt6-network-tls suse-upgrade-qt6-networkinformation-glib suse-upgrade-qt6-networkinformation-nm suse-upgrade-qt6-opengl-devel suse-upgrade-qt6-opengl-private-devel suse-upgrade-qt6-openglwidgets-devel suse-upgrade-qt6-platformsupport-devel-static suse-upgrade-qt6-platformsupport-private-devel suse-upgrade-qt6-platformtheme-gtk3 suse-upgrade-qt6-platformtheme-xdgdesktopportal suse-upgrade-qt6-printsupport-cups suse-upgrade-qt6-printsupport-devel suse-upgrade-qt6-printsupport-private-devel suse-upgrade-qt6-sql-devel suse-upgrade-qt6-sql-mysql suse-upgrade-qt6-sql-postgresql suse-upgrade-qt6-sql-private-devel suse-upgrade-qt6-sql-sqlite suse-upgrade-qt6-sql-unixodbc suse-upgrade-qt6-test-devel suse-upgrade-qt6-test-private-devel suse-upgrade-qt6-widgets-devel suse-upgrade-qt6-widgets-private-devel suse-upgrade-qt6-xml-devel suse-upgrade-qt6-xml-private-devel References https://attackerkb.com/topics/cve-2023-34410 CVE - 2023-34410

SUSE: CVE-2023-33733: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/05/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Solution(s) suse-upgrade-python-reportlab suse-upgrade-python3-reportlab References https://attackerkb.com/topics/cve-2023-33733 CVE - 2023-33733

FreeBSD: VID-BFCA647C-0456-11EE-BAFD-B42E991FC52E (CVE-2023-33956): Kanboard -- Multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) freebsd-upgrade-package-php80-kanboard References CVE-2023-33956

FreeBSD: VID-CDB5338D-04EC-11EE-9C88-001B217B3468 (CVE-2023-0508): Gitlab -- Vulnerability Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-CDB5338D-04EC-11EE-9C88-001B217B3468: Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositories of public projects Reflected XSS in Report Abuse Functionality Privilege escalation from maintainer to owner by importing members from a project Bypassing tags protection in GitLab Denial of Service using multiple labels with arbitrarily large descriptions Ability to use an unverified email for public and commit emails Open Redirection Through HTTP Response Splitting Disclosure of issue notes to an unauthorized user when exporting a project Ambiguous branch name exploitation Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0508

FreeBSD: VID-BFCA647C-0456-11EE-BAFD-B42E991FC52E (CVE-2023-33968): Kanboard -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) freebsd-upgrade-package-php80-kanboard References CVE-2023-33968

CentOS Linux: CVE-2023-34410: Moderate: qt5 security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/05/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Solution(s) centos-upgrade-adwaita-qt-debuginfo centos-upgrade-adwaita-qt-debugsource centos-upgrade-adwaita-qt5 centos-upgrade-adwaita-qt5-debuginfo centos-upgrade-libadwaita-qt5 centos-upgrade-libadwaita-qt5-debuginfo centos-upgrade-python-pyqt5-sip-debugsource centos-upgrade-python-qt5-debuginfo centos-upgrade-python-qt5-debugsource centos-upgrade-python-qt5-rpm-macros centos-upgrade-python3-pyqt5-sip centos-upgrade-python3-pyqt5-sip-debuginfo centos-upgrade-python3-qt5 centos-upgrade-python3-qt5-base centos-upgrade-python3-qt5-base-debuginfo centos-upgrade-python3-qt5-debuginfo centos-upgrade-qgnomeplatform centos-upgrade-qgnomeplatform-debuginfo centos-upgrade-qgnomeplatform-debugsource centos-upgrade-qt5 centos-upgrade-qt5-assistant centos-upgrade-qt5-assistant-debuginfo centos-upgrade-qt5-designer centos-upgrade-qt5-designer-debuginfo centos-upgrade-qt5-doctools centos-upgrade-qt5-doctools-debuginfo centos-upgrade-qt5-linguist centos-upgrade-qt5-linguist-debuginfo centos-upgrade-qt5-qdbusviewer centos-upgrade-qt5-qdbusviewer-debuginfo centos-upgrade-qt5-qt3d centos-upgrade-qt5-qt3d-debuginfo centos-upgrade-qt5-qt3d-debugsource centos-upgrade-qt5-qt3d-devel centos-upgrade-qt5-qt3d-devel-debuginfo centos-upgrade-qt5-qt3d-doc centos-upgrade-qt5-qt3d-examples centos-upgrade-qt5-qt3d-examples-debuginfo centos-upgrade-qt5-qt3d-tests-debuginfo centos-upgrade-qt5-qtbase centos-upgrade-qt5-qtbase-common centos-upgrade-qt5-qtbase-debuginfo centos-upgrade-qt5-qtbase-debugsource centos-upgrade-qt5-qtbase-devel centos-upgrade-qt5-qtbase-devel-debuginfo centos-upgrade-qt5-qtbase-doc centos-upgrade-qt5-qtbase-examples centos-upgrade-qt5-qtbase-examples-debuginfo centos-upgrade-qt5-qtbase-gui centos-upgrade-qt5-qtbase-gui-debuginfo centos-upgrade-qt5-qtbase-mysql centos-upgrade-qt5-qtbase-mysql-debuginfo centos-upgrade-qt5-qtbase-odbc centos-upgrade-qt5-qtbase-odbc-debuginfo centos-upgrade-qt5-qtbase-postgresql centos-upgrade-qt5-qtbase-postgresql-debuginfo centos-upgrade-qt5-qtbase-private-devel centos-upgrade-qt5-qtbase-tests-debuginfo centos-upgrade-qt5-qtconnectivity centos-upgrade-qt5-qtconnectivity-debuginfo centos-upgrade-qt5-qtconnectivity-debugsource centos-upgrade-qt5-qtconnectivity-devel centos-upgrade-qt5-qtconnectivity-doc centos-upgrade-qt5-qtconnectivity-examples centos-upgrade-qt5-qtconnectivity-examples-debuginfo centos-upgrade-qt5-qtconnectivity-tests-debuginfo centos-upgrade-qt5-qtdeclarative centos-upgrade-qt5-qtdeclarative-debuginfo centos-upgrade-qt5-qtdeclarative-debugsource centos-upgrade-qt5-qtdeclarative-devel centos-upgrade-qt5-qtdeclarative-devel-debuginfo centos-upgrade-qt5-qtdeclarative-doc centos-upgrade-qt5-qtdeclarative-examples centos-upgrade-qt5-qtdeclarative-examples-debuginfo centos-upgrade-qt5-qtdeclarative-tests-debuginfo centos-upgrade-qt5-qtdoc centos-upgrade-qt5-qtgraphicaleffects centos-upgrade-qt5-qtgraphicaleffects-debuginfo centos-upgrade-qt5-qtgraphicaleffects-debugsource centos-upgrade-qt5-qtgraphicaleffects-doc centos-upgrade-qt5-qtgraphicaleffects-tests-debuginfo centos-upgrade-qt5-qtimageformats centos-upgrade-qt5-qtimageformats-debuginfo centos-upgrade-qt5-qtimageformats-debugsource centos-upgrade-qt5-qtimageformats-doc centos-upgrade-qt5-qtimageformats-tests-debuginfo centos-upgrade-qt5-qtlocation centos-upgrade-qt5-qtlocation-debuginfo centos-upgrade-qt5-qtlocation-debugsource centos-upgrade-qt5-qtlocation-devel centos-upgrade-qt5-qtlocation-doc centos-upgrade-qt5-qtlocation-examples centos-upgrade-qt5-qtlocation-examples-debuginfo centos-upgrade-qt5-qtlocation-tests-debuginfo centos-upgrade-qt5-qtmultimedia centos-upgrade-qt5-qtmultimedia-debuginfo centos-upgrade-qt5-qtmultimedia-debugsource centos-upgrade-qt5-qtmultimedia-devel centos-upgrade-qt5-qtmultimedia-doc centos-upgrade-qt5-qtmultimedia-examples centos-upgrade-qt5-qtmultimedia-examples-debuginfo centos-upgrade-qt5-qtmultimedia-tests-debuginfo centos-upgrade-qt5-qtquickcontrols centos-upgrade-qt5-qtquickcontrols-debuginfo centos-upgrade-qt5-qtquickcontrols-debugsource centos-upgrade-qt5-qtquickcontrols-doc centos-upgrade-qt5-qtquickcontrols-examples centos-upgrade-qt5-qtquickcontrols-examples-debuginfo centos-upgrade-qt5-qtquickcontrols-tests-debuginfo centos-upgrade-qt5-qtquickcontrols2 centos-upgrade-qt5-qtquickcontrols2-debuginfo centos-upgrade-qt5-qtquickcontrols2-debugsource centos-upgrade-qt5-qtquickcontrols2-devel centos-upgrade-qt5-qtquickcontrols2-doc centos-upgrade-qt5-qtquickcontrols2-examples centos-upgrade-qt5-qtquickcontrols2-examples-debuginfo centos-upgrade-qt5-qtquickcontrols2-tests-debuginfo centos-upgrade-qt5-qtscript centos-upgrade-qt5-qtscript-debuginfo centos-upgrade-qt5-qtscript-debugsource centos-upgrade-qt5-qtscript-devel centos-upgrade-qt5-qtscript-doc centos-upgrade-qt5-qtscript-examples centos-upgrade-qt5-qtscript-examples-debuginfo centos-upgrade-qt5-qtscript-tests-debuginfo centos-upgrade-qt5-qtsensors centos-upgrade-qt5-qtsensors-debuginfo centos-upgrade-qt5-qtsensors-debugsource centos-upgrade-qt5-qtsensors-devel centos-upgrade-qt5-qtsensors-doc centos-upgrade-qt5-qtsensors-examples centos-upgrade-qt5-qtsensors-examples-debuginfo centos-upgrade-qt5-qtsensors-tests-debuginfo centos-upgrade-qt5-qtserialbus centos-upgrade-qt5-qtserialbus-debuginfo centos-upgrade-qt5-qtserialbus-debugsource centos-upgrade-qt5-qtserialbus-devel centos-upgrade-qt5-qtserialbus-doc centos-upgrade-qt5-qtserialbus-examples centos-upgrade-qt5-qtserialbus-examples-debuginfo centos-upgrade-qt5-qtserialbus-tests-debuginfo centos-upgrade-qt5-qtserialport centos-upgrade-qt5-qtserialport-debuginfo centos-upgrade-qt5-qtserialport-debugsource centos-upgrade-qt5-qtserialport-devel centos-upgrade-qt5-qtserialport-doc centos-upgrade-qt5-qtserialport-examples centos-upgrade-qt5-qtserialport-examples-debuginfo centos-upgrade-qt5-qtserialport-tests-debuginfo centos-upgrade-qt5-qtsvg centos-upgrade-qt5-qtsvg-debuginfo centos-upgrade-qt5-qtsvg-debugsource centos-upgrade-qt5-qtsvg-devel centos-upgrade-qt5-qtsvg-doc centos-upgrade-qt5-qtsvg-examples centos-upgrade-qt5-qtsvg-examples-debuginfo centos-upgrade-qt5-qtsvg-tests-debuginfo centos-upgrade-qt5-qttools centos-upgrade-qt5-qttools-common centos-upgrade-qt5-qttools-debuginfo centos-upgrade-qt5-qttools-debugsource centos-upgrade-qt5-qttools-devel centos-upgrade-qt5-qttools-devel-debuginfo centos-upgrade-qt5-qttools-doc centos-upgrade-qt5-qttools-examples centos-upgrade-qt5-qttools-examples-debuginfo centos-upgrade-qt5-qttools-libs-designer centos-upgrade-qt5-qttools-libs-designer-debuginfo centos-upgrade-qt5-qttools-libs-designercomponents centos-upgrade-qt5-qttools-libs-designercomponents-debuginfo centos-upgrade-qt5-qttools-libs-help centos-upgrade-qt5-qttools-libs-help-debuginfo centos-upgrade-qt5-qttools-tests-debuginfo centos-upgrade-qt5-qttranslations centos-upgrade-qt5-qtwayland centos-upgrade-qt5-qtwayland-debuginfo centos-upgrade-qt5-qtwayland-debugsource centos-upgrade-qt5-qtwayland-devel centos-upgrade-qt5-qtwayland-devel-debuginfo centos-upgrade-qt5-qtwayland-doc centos-upgrade-qt5-qtwayland-examples centos-upgrade-qt5-qtwayland-examples-debuginfo centos-upgrade-qt5-qtwayland-tests-debuginfo centos-upgrade-qt5-qtwebchannel centos-upgrade-qt5-qtwebchannel-debuginfo centos-upgrade-qt5-qtwebchannel-debugsource centos-upgrade-qt5-qtwebchannel-devel centos-upgrade-qt5-qtwebchannel-doc centos-upgrade-qt5-qtwebchannel-examples centos-upgrade-qt5-qtwebchannel-examples-debuginfo centos-upgrade-qt5-qtwebchannel-tests-debuginfo centos-upgrade-qt5-qtwebsockets centos-upgrade-qt5-qtwebsockets-debuginfo centos-upgrade-qt5-qtwebsockets-debugsource centos-upgrade-qt5-qtwebsockets-devel centos-upgrade-qt5-qtwebsockets-doc centos-upgrade-qt5-qtwebsockets-examples centos-upgrade-qt5-qtwebsockets-examples-debuginfo centos-upgrade-qt5-qtwebsockets-tests-debuginfo centos-upgrade-qt5-qtx11extras centos-upgrade-qt5-qtx11extras-debuginfo centos-upgrade-qt5-qtx11extras-debugsource centos-upgrade-qt5-qtx11extras-devel centos-upgrade-qt5-qtx11extras-doc centos-upgrade-qt5-qtx11extras-tests-debuginfo centos-upgrade-qt5-qtxmlpatterns centos-upgrade-qt5-qtxmlpatterns-debuginfo centos-upgrade-qt5-qtxmlpatterns-debugsource centos-upgrade-qt5-qtxmlpatterns-devel centos-upgrade-qt5-qtxmlpatterns-devel-debuginfo centos-upgrade-qt5-qtxmlpatterns-doc centos-upgrade-qt5-qtxmlpatterns-examples centos-upgrade-qt5-qtxmlpatterns-examples-debuginfo centos-upgrade-qt5-qtxmlpatterns-tests-debuginfo centos-upgrade-qt5-rpm-macros centos-upgrade-qt5-srpm-macros References CVE-2023-34410

Amazon Linux AMI 2: CVE-2023-34410: Security patch for qt, qt5-qtbase (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/05/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Solution(s) amazon-linux-ami-2-upgrade-qt amazon-linux-ami-2-upgrade-qt-assistant amazon-linux-ami-2-upgrade-qt-config amazon-linux-ami-2-upgrade-qt-debuginfo amazon-linux-ami-2-upgrade-qt-demos amazon-linux-ami-2-upgrade-qt-devel amazon-linux-ami-2-upgrade-qt-devel-private amazon-linux-ami-2-upgrade-qt-doc amazon-linux-ami-2-upgrade-qt-examples amazon-linux-ami-2-upgrade-qt-mysql amazon-linux-ami-2-upgrade-qt-odbc amazon-linux-ami-2-upgrade-qt-postgresql amazon-linux-ami-2-upgrade-qt-qdbusviewer amazon-linux-ami-2-upgrade-qt-qvfb amazon-linux-ami-2-upgrade-qt-x11 amazon-linux-ami-2-upgrade-qt5-qtbase amazon-linux-ami-2-upgrade-qt5-qtbase-common amazon-linux-ami-2-upgrade-qt5-qtbase-debuginfo amazon-linux-ami-2-upgrade-qt5-qtbase-devel amazon-linux-ami-2-upgrade-qt5-qtbase-doc amazon-linux-ami-2-upgrade-qt5-qtbase-examples amazon-linux-ami-2-upgrade-qt5-qtbase-gui amazon-linux-ami-2-upgrade-qt5-qtbase-mysql amazon-linux-ami-2-upgrade-qt5-qtbase-odbc amazon-linux-ami-2-upgrade-qt5-qtbase-postgresql amazon-linux-ami-2-upgrade-qt5-qtbase-static amazon-linux-ami-2-upgrade-qt5-rpm-macros References https://attackerkb.com/topics/cve-2023-34410 AL2/ALAS-2023-2090 AL2/ALAS-2023-2091 CVE - 2023-34410

FreeBSD: VID-CDB5338D-04EC-11EE-9C88-001B217B3468 (CVE-2023-0921): Gitlab -- Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:P) Published 06/05/2023 Created 06/08/2023 Added 06/07/2023 Modified 01/28/2025 Description A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. Solution(s) freebsd-upgrade-package-gitlab-ce References CVE-2023-0921

Debian: CVE-2023-3111: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/05/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/28/2025 Description A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3111 CVE - 2023-3111 DLA-3508-1 DSA-5480

F5 Networks: CVE-2023-34410: K000148692: Qt vulnerability CVE-2023-34410 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/05/2023 Created 11/28/2024 Added 11/27/2024 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-34410 CVE - 2023-34410 https://my.f5.com/manage/s/article/K000148692

Debian: CVE-2023-33968: kanboard -- security update Severity 6 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 06/05/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-kanboard References https://attackerkb.com/topics/cve-2023-33968 CVE - 2023-33968

Debian: CVE-2023-33969: kanboard -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 06/05/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config. Solution(s) debian-upgrade-kanboard References https://attackerkb.com/topics/cve-2023-33969 CVE - 2023-33969

Debian: CVE-2023-34408: dokuwiki -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 06/05/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description DokuWiki before 2023-04-04a allows XSS via RSS titles. Solution(s) debian-upgrade-dokuwiki References https://attackerkb.com/topics/cve-2023-34408 CVE - 2023-34408

Debian: CVE-2023-33970: kanboard -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 06/05/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-kanboard References https://attackerkb.com/topics/cve-2023-33970 CVE - 2023-33970

Debian: CVE-2023-34410: qtbase-opensource-src, qtbase-opensource-src-gles -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/05/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. Solution(s) debian-upgrade-qtbase-opensource-src debian-upgrade-qtbase-opensource-src-gles References https://attackerkb.com/topics/cve-2023-34410 CVE - 2023-34410 DLA-3539-1

Red Hat: CVE-2023-33460: yajl: Memory leak in yajl_tree_parse function (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/06/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. Solution(s) redhat-upgrade-yajl redhat-upgrade-yajl-debuginfo redhat-upgrade-yajl-debugsource redhat-upgrade-yajl-devel References CVE-2023-33460 RHSA-2023:6551 RHSA-2023:7057 RHSA-2024:2063 RHSA-2024:2580

Ubuntu: USN-6358-1 (CVE-2023-31606): RedCloth vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Solution(s) ubuntu-pro-upgrade-ruby-redcloth References https://attackerkb.com/topics/cve-2023-31606 CVE - 2023-31606 USN-6358-1

Huawei EulerOS: CVE-2023-2603: libcap security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/06/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. Solution(s) huawei-euleros-2_0_sp9-upgrade-libcap References https://attackerkb.com/topics/cve-2023-2603 CVE - 2023-2603 EulerOS-SA-2023-2615

Amazon Linux 2023: CVE-2023-33460: Medium priority package update for yajl (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. A flaw was found in the yajl library, which exists due to a memory leak within the yajl_tree_parse() function. This flaw allows a remote attacker to parse malicious JSON input to cause out-of-memory in the server, causing a crash, resulting in a denial of service attack. Solution(s) amazon-linux-2023-upgrade-yajl amazon-linux-2023-upgrade-yajl-debuginfo amazon-linux-2023-upgrade-yajl-debugsource amazon-linux-2023-upgrade-yajl-devel References https://attackerkb.com/topics/cve-2023-33460 CVE - 2023-33460 https://alas.aws.amazon.com/AL2023/ALAS-2023-214.html https://alas.aws.amazon.com/AL2023/ALAS-2023-279.html