ISHACK AI BOT

Debian: CVE-2023-32205: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32205 CVE - 2023-32205 DLA-3417-1 DSA-5400-1

Debian: CVE-2023-32212: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32212 CVE - 2023-32212 DLA-3417-1 DSA-5400-1

Oracle Linux: CVE-2023-2680: ELSA-2023-6368:qemu-kvm security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 05/12/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/30/2024 Description This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. Solution(s) oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-audio-pa oracle-linux-upgrade-qemu-kvm-block-blkio oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu-pci oracle-linux-upgrade-qemu-kvm-device-display-virtio-vga oracle-linux-upgrade-qemu-kvm-device-usb-host oracle-linux-upgrade-qemu-kvm-device-usb-redirect oracle-linux-upgrade-qemu-kvm-docs oracle-linux-upgrade-qemu-kvm-tools oracle-linux-upgrade-qemu-kvm-ui-egl-headless oracle-linux-upgrade-qemu-kvm-ui-opengl oracle-linux-upgrade-qemu-pr-helper References https://attackerkb.com/topics/cve-2023-2680 CVE - 2023-2680 ELSA-2023-6368

Debian: CVE-2023-32215: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32215 CVE - 2023-32215 DLA-3417-1 DSA-5400-1

PostgreSQL: CVE-2023-2454: CREATE SCHEMA ... schema_element defeats protective search_path changes Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. Solution(s) postgres-upgrade-13_11 postgres-upgrade-14_8 postgres-upgrade-15_3 References https://attackerkb.com/topics/cve-2023-2454 CVE - 2023-2454

IBM WebSphere Application Server: CVE-2023-27554: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554) Severity 7 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:P) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185. Solution(s) ibm-was-install-8-5-0-0-ph53252 ibm-was-install-9-0-0-0-ph53252 ibm-was-upgrade-8-5-0-0-8-5-5-24 ibm-was-upgrade-9-0-0-0-9-0-5-16 References https://attackerkb.com/topics/cve-2023-27554 CVE - 2023-27554 https://exchange.xforce.ibmcloud.com/vulnerabilities/249185 https://www.ibm.com/support/pages/node/6989451

OS X update for WebKit (CVE-2022-32885) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution Solution(s) apple-osx-upgrade-12_5 References https://attackerkb.com/topics/cve-2022-32885 CVE - 2022-32885 https://support.apple.com/kb/HT213345

PostgreSQL: CVE-2023-2455: Row security policies disregard user ID changes after inlining Severity 6 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. Solution(s) postgres-upgrade-13_11 postgres-upgrade-14_8 postgres-upgrade-15_3 References https://attackerkb.com/topics/cve-2023-2455 CVE - 2023-2455

OS X update for PackageKit (CVE-2022-22646) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-12_2 References https://attackerkb.com/topics/cve-2022-22646 CVE - 2022-22646 https://support.apple.com/kb/HT213054

Debian: CVE-2023-32213: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-32213 CVE - 2023-32213 DLA-3417-1 DSA-5400-1

OS X update for Intel Graphics Driver (CVE-2022-46706) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/12/2023 Created 05/12/2023 Added 05/12/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-security-update-2022-003-catalina apple-osx-upgrade-11_6_5 apple-osx-upgrade-12_3 References https://attackerkb.com/topics/cve-2022-46706 CVE - 2022-46706 https://support.apple.com/kb/HT213183 https://support.apple.com/kb/HT213184 https://support.apple.com/kb/HT213185

Oracle Linux: CVE-2023-2454: ELSA-2023-4327: 15 security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/11/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/08/2025 Description schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. Solution(s) oracle-linux-upgrade-pgaudit oracle-linux-upgrade-pg-repack oracle-linux-upgrade-postgres-decoderbufs oracle-linux-upgrade-postgresql oracle-linux-upgrade-postgresql-contrib oracle-linux-upgrade-postgresql-docs oracle-linux-upgrade-postgresql-plperl oracle-linux-upgrade-postgresql-plpython3 oracle-linux-upgrade-postgresql-pltcl oracle-linux-upgrade-postgresql-private-devel oracle-linux-upgrade-postgresql-private-libs oracle-linux-upgrade-postgresql-server oracle-linux-upgrade-postgresql-server-devel oracle-linux-upgrade-postgresql-static oracle-linux-upgrade-postgresql-test oracle-linux-upgrade-postgresql-test-rpm-macros oracle-linux-upgrade-postgresql-upgrade oracle-linux-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2023-2454 CVE - 2023-2454 ELSA-2023-4327 ELSA-2023-5269 ELSA-2023-3714 ELSA-2023-4539 ELSA-2023-4527 ELSA-2023-4535 View more

Oracle Linux: CVE-2023-2855: ELSA-2023-6469:wireshark security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/11/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/22/2024 Description Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file A flaw was found in the Candump log file parser of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service. Solution(s) oracle-linux-upgrade-wireshark oracle-linux-upgrade-wireshark-cli oracle-linux-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-2855 CVE - 2023-2855 ELSA-2023-6469

Oracle Linux: CVE-2023-2455: ELSA-2023-4327: 15 security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:N) Published 05/11/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/08/2025 Description Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise forbidden reads and modifications. This only affects databases that have used CREATE POLICY to define a row security policy. Solution(s) oracle-linux-upgrade-pgaudit oracle-linux-upgrade-pg-repack oracle-linux-upgrade-postgres-decoderbufs oracle-linux-upgrade-postgresql oracle-linux-upgrade-postgresql-contrib oracle-linux-upgrade-postgresql-docs oracle-linux-upgrade-postgresql-plperl oracle-linux-upgrade-postgresql-plpython3 oracle-linux-upgrade-postgresql-pltcl oracle-linux-upgrade-postgresql-private-devel oracle-linux-upgrade-postgresql-private-libs oracle-linux-upgrade-postgresql-server oracle-linux-upgrade-postgresql-server-devel oracle-linux-upgrade-postgresql-static oracle-linux-upgrade-postgresql-test oracle-linux-upgrade-postgresql-test-rpm-macros oracle-linux-upgrade-postgresql-upgrade oracle-linux-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2023-2455 CVE - 2023-2455 ELSA-2023-4327 ELSA-2023-5269 ELSA-2023-3714 ELSA-2023-4539 ELSA-2023-4527 ELSA-2023-4535 View more

Amazon Linux AMI 2: CVE-2023-29400: Security patch for containerd, golang (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/30/2025 Description Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Solution(s) amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-race amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2023-29400 AL2/ALAS-2023-2163 AL2/ALASDOCKER-2023-029 AL2/ALASGOLANG1.19-2023-001 AL2/ALASNITRO-ENCLAVES-2023-026 CVE - 2023-29400

VMware Photon OS: CVE-2023-24539 Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-24539 CVE - 2023-24539

Ubuntu: USN-6695-1 (CVE-2023-32668): TeX Live vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/11/2023 Created 03/16/2024 Added 03/15/2024 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) ubuntu-upgrade-texlive-binaries References https://attackerkb.com/topics/cve-2023-32668 CVE - 2023-32668 USN-6695-1

Red Hat OpenShift: CVE-2023-29400: golang: html/template: improper handling of empty HTML attributes Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/30/2025 Description Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Solution(s) linuxrpm-upgrade-buildah linuxrpm-upgrade-cri-tools linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift-clients linuxrpm-upgrade-podman linuxrpm-upgrade-skopeo References https://attackerkb.com/topics/cve-2023-29400 CVE - 2023-29400 RHSA-2023:3318 RHSA-2023:3319 RHSA-2023:3323 RHSA-2023:3366 RHSA-2023:3367 RHSA-2023:3415 RHSA-2023:3435 RHSA-2023:3445 RHSA-2023:3540 RHSA-2023:3905 RHSA-2023:3918 RHSA-2023:4003 RHSA-2023:4093 RHSA-2023:4293 RHSA-2023:4335 RHSA-2023:4459 RHSA-2023:4470 RHSA-2023:4472 RHSA-2023:4627 RHSA-2023:4657 RHSA-2023:4664 RHSA-2023:5421 RHSA-2023:5442 RHSA-2023:5947 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6832 RHSA-2023:6938 RHSA-2023:6939 RHSA-2024:2944 View more

Amazon Linux 2023: CVE-2023-2454: Important priority package update for postgresql15 Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. Solution(s) amazon-linux-2023-upgrade-postgresql15 amazon-linux-2023-upgrade-postgresql15-contrib amazon-linux-2023-upgrade-postgresql15-contrib-debuginfo amazon-linux-2023-upgrade-postgresql15-debuginfo amazon-linux-2023-upgrade-postgresql15-debugsource amazon-linux-2023-upgrade-postgresql15-docs amazon-linux-2023-upgrade-postgresql15-docs-debuginfo amazon-linux-2023-upgrade-postgresql15-llvmjit amazon-linux-2023-upgrade-postgresql15-llvmjit-debuginfo amazon-linux-2023-upgrade-postgresql15-plperl amazon-linux-2023-upgrade-postgresql15-plperl-debuginfo amazon-linux-2023-upgrade-postgresql15-plpython3 amazon-linux-2023-upgrade-postgresql15-plpython3-debuginfo amazon-linux-2023-upgrade-postgresql15-pltcl amazon-linux-2023-upgrade-postgresql15-pltcl-debuginfo amazon-linux-2023-upgrade-postgresql15-private-devel amazon-linux-2023-upgrade-postgresql15-private-libs amazon-linux-2023-upgrade-postgresql15-private-libs-debuginfo amazon-linux-2023-upgrade-postgresql15-server amazon-linux-2023-upgrade-postgresql15-server-debuginfo amazon-linux-2023-upgrade-postgresql15-server-devel amazon-linux-2023-upgrade-postgresql15-server-devel-debuginfo amazon-linux-2023-upgrade-postgresql15-static amazon-linux-2023-upgrade-postgresql15-test amazon-linux-2023-upgrade-postgresql15-test-debuginfo amazon-linux-2023-upgrade-postgresql15-test-rpm-macros amazon-linux-2023-upgrade-postgresql15-upgrade amazon-linux-2023-upgrade-postgresql15-upgrade-debuginfo amazon-linux-2023-upgrade-postgresql15-upgrade-devel amazon-linux-2023-upgrade-postgresql15-upgrade-devel-debuginfo References https://attackerkb.com/topics/cve-2023-2454 CVE - 2023-2454 https://alas.aws.amazon.com/AL2023/ALAS-2023-241.html

Gentoo Linux: CVE-2023-2663: Xpdf: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/11/2023 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Solution(s) gentoo-linux-upgrade-app-text-xpdf References https://attackerkb.com/topics/cve-2023-2663 CVE - 2023-2663 202409-25

Amazon Linux AMI: CVE-2023-29400: Security patch for golang ((Multiple Advisories)) Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 06/12/2023 Added 06/09/2023 Modified 01/28/2025 Description Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Solution(s) amazon-linux-upgrade-golang References ALAS-2023-1848 CVE-2023-29400

Gentoo Linux: CVE-2023-24540: Go: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/11/2023 Created 08/08/2024 Added 08/08/2024 Modified 01/30/2025 Description Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2023-24540 CVE - 2023-24540 202408-07

Amazon Linux 2023: CVE-2023-2455: Medium priority package update for postgresql15 Severity 4 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:N) Published 05/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise forbidden reads and modifications. This only affects databases that have used CREATE POLICY to define a row security policy. Solution(s) amazon-linux-2023-upgrade-postgresql15 amazon-linux-2023-upgrade-postgresql15-contrib amazon-linux-2023-upgrade-postgresql15-contrib-debuginfo amazon-linux-2023-upgrade-postgresql15-debuginfo amazon-linux-2023-upgrade-postgresql15-debugsource amazon-linux-2023-upgrade-postgresql15-docs amazon-linux-2023-upgrade-postgresql15-docs-debuginfo amazon-linux-2023-upgrade-postgresql15-llvmjit amazon-linux-2023-upgrade-postgresql15-llvmjit-debuginfo amazon-linux-2023-upgrade-postgresql15-plperl amazon-linux-2023-upgrade-postgresql15-plperl-debuginfo amazon-linux-2023-upgrade-postgresql15-plpython3 amazon-linux-2023-upgrade-postgresql15-plpython3-debuginfo amazon-linux-2023-upgrade-postgresql15-pltcl amazon-linux-2023-upgrade-postgresql15-pltcl-debuginfo amazon-linux-2023-upgrade-postgresql15-private-devel amazon-linux-2023-upgrade-postgresql15-private-libs amazon-linux-2023-upgrade-postgresql15-private-libs-debuginfo amazon-linux-2023-upgrade-postgresql15-server amazon-linux-2023-upgrade-postgresql15-server-debuginfo amazon-linux-2023-upgrade-postgresql15-server-devel amazon-linux-2023-upgrade-postgresql15-server-devel-debuginfo amazon-linux-2023-upgrade-postgresql15-static amazon-linux-2023-upgrade-postgresql15-test amazon-linux-2023-upgrade-postgresql15-test-debuginfo amazon-linux-2023-upgrade-postgresql15-test-rpm-macros amazon-linux-2023-upgrade-postgresql15-upgrade amazon-linux-2023-upgrade-postgresql15-upgrade-debuginfo amazon-linux-2023-upgrade-postgresql15-upgrade-devel amazon-linux-2023-upgrade-postgresql15-upgrade-devel-debuginfo References https://attackerkb.com/topics/cve-2023-2455 CVE - 2023-2455 https://alas.aws.amazon.com/AL2023/ALAS-2023-387.html

Amazon Linux 2023: CVE-2023-2857: Important priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/11/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file A flaw was found in the BLF file parser of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-2857 CVE - 2023-2857 https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Red Hat OpenShift: CVE-2023-24539: golang: html/template: improper sanitization of CSS values Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/30/2025 Description Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. Solution(s) linuxrpm-upgrade-cri-tools linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift-clients linuxrpm-upgrade-podman linuxrpm-upgrade-skopeo References https://attackerkb.com/topics/cve-2023-24539 CVE - 2023-24539 RHSA-2023:3318 RHSA-2023:3319 RHSA-2023:3323 RHSA-2023:3366 RHSA-2023:3367 RHSA-2023:3415 RHSA-2023:3435 RHSA-2023:3445 RHSA-2023:3540 RHSA-2023:3905 RHSA-2023:3918 RHSA-2023:4003 RHSA-2023:4093 RHSA-2023:4293 RHSA-2023:4335 RHSA-2023:4459 RHSA-2023:4470 RHSA-2023:4472 RHSA-2023:4627 RHSA-2023:4657 RHSA-2023:4664 RHSA-2023:5421 RHSA-2023:5442 RHSA-2023:5947 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6832 RHSA-2023:6938 RHSA-2023:6939 RHSA-2024:2944 View more