ISHACK AI BOT

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface Severity 5 CVSS (AV:N/AC:H/Au:M/C:C/I:N/A:N) Published 05/10/2023 Created 01/08/2025 Added 01/07/2025 Modified 01/16/2025 Description A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. Solution(s) palo-alto-networks-pan-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-0008 CVE - 2023-0008 https://security.paloaltonetworks.com/CVE-2023-0008

Debian: CVE-2023-32573: qt6-svg, qtsvg-opensource-src -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) debian-upgrade-qt6-svg debian-upgrade-qtsvg-opensource-src References https://attackerkb.com/topics/cve-2023-32573 CVE - 2023-32573 DLA-3539-1

MFSA2023-18 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.11 (CVE-2023-32205) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/10/2023 Created 05/11/2023 Added 05/11/2023 Modified 01/28/2025 Description In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-thunderbird-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32205 CVE - 2023-32205 http://www.mozilla.org/security/announce/2023/mfsa2023-18.html

MFSA2023-18 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.11 (CVE-2023-32207) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/10/2023 Created 05/11/2023 Added 05/11/2023 Modified 01/28/2025 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) mozilla-thunderbird-upgrade-102_11 References https://attackerkb.com/topics/cve-2023-32207 CVE - 2023-32207 http://www.mozilla.org/security/announce/2023/mfsa2023-18.html

CentOS Linux: CVE-2023-32573: Moderate: qt5 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) centos-upgrade-adwaita-qt-debuginfo centos-upgrade-adwaita-qt-debugsource centos-upgrade-adwaita-qt5 centos-upgrade-adwaita-qt5-debuginfo centos-upgrade-libadwaita-qt5 centos-upgrade-libadwaita-qt5-debuginfo centos-upgrade-python-pyqt5-sip-debugsource centos-upgrade-python-qt5-debuginfo centos-upgrade-python-qt5-debugsource centos-upgrade-python-qt5-rpm-macros centos-upgrade-python3-pyqt5-sip centos-upgrade-python3-pyqt5-sip-debuginfo centos-upgrade-python3-qt5 centos-upgrade-python3-qt5-base centos-upgrade-python3-qt5-base-debuginfo centos-upgrade-python3-qt5-debuginfo centos-upgrade-qgnomeplatform centos-upgrade-qgnomeplatform-debuginfo centos-upgrade-qgnomeplatform-debugsource centos-upgrade-qt5 centos-upgrade-qt5-assistant centos-upgrade-qt5-assistant-debuginfo centos-upgrade-qt5-designer centos-upgrade-qt5-designer-debuginfo centos-upgrade-qt5-doctools centos-upgrade-qt5-doctools-debuginfo centos-upgrade-qt5-linguist centos-upgrade-qt5-linguist-debuginfo centos-upgrade-qt5-qdbusviewer centos-upgrade-qt5-qdbusviewer-debuginfo centos-upgrade-qt5-qt3d centos-upgrade-qt5-qt3d-debuginfo centos-upgrade-qt5-qt3d-debugsource centos-upgrade-qt5-qt3d-devel centos-upgrade-qt5-qt3d-devel-debuginfo centos-upgrade-qt5-qt3d-doc centos-upgrade-qt5-qt3d-examples centos-upgrade-qt5-qt3d-examples-debuginfo centos-upgrade-qt5-qt3d-tests-debuginfo centos-upgrade-qt5-qtbase centos-upgrade-qt5-qtbase-common centos-upgrade-qt5-qtbase-debuginfo centos-upgrade-qt5-qtbase-debugsource centos-upgrade-qt5-qtbase-devel centos-upgrade-qt5-qtbase-devel-debuginfo centos-upgrade-qt5-qtbase-doc centos-upgrade-qt5-qtbase-examples centos-upgrade-qt5-qtbase-examples-debuginfo centos-upgrade-qt5-qtbase-gui centos-upgrade-qt5-qtbase-gui-debuginfo centos-upgrade-qt5-qtbase-mysql centos-upgrade-qt5-qtbase-mysql-debuginfo centos-upgrade-qt5-qtbase-odbc centos-upgrade-qt5-qtbase-odbc-debuginfo centos-upgrade-qt5-qtbase-postgresql centos-upgrade-qt5-qtbase-postgresql-debuginfo centos-upgrade-qt5-qtbase-private-devel centos-upgrade-qt5-qtbase-tests-debuginfo centos-upgrade-qt5-qtconnectivity centos-upgrade-qt5-qtconnectivity-debuginfo centos-upgrade-qt5-qtconnectivity-debugsource centos-upgrade-qt5-qtconnectivity-devel centos-upgrade-qt5-qtconnectivity-doc centos-upgrade-qt5-qtconnectivity-examples centos-upgrade-qt5-qtconnectivity-examples-debuginfo centos-upgrade-qt5-qtconnectivity-tests-debuginfo centos-upgrade-qt5-qtdeclarative centos-upgrade-qt5-qtdeclarative-debuginfo centos-upgrade-qt5-qtdeclarative-debugsource centos-upgrade-qt5-qtdeclarative-devel centos-upgrade-qt5-qtdeclarative-devel-debuginfo centos-upgrade-qt5-qtdeclarative-doc centos-upgrade-qt5-qtdeclarative-examples centos-upgrade-qt5-qtdeclarative-examples-debuginfo centos-upgrade-qt5-qtdeclarative-tests-debuginfo centos-upgrade-qt5-qtdoc centos-upgrade-qt5-qtgraphicaleffects centos-upgrade-qt5-qtgraphicaleffects-debuginfo centos-upgrade-qt5-qtgraphicaleffects-debugsource centos-upgrade-qt5-qtgraphicaleffects-doc centos-upgrade-qt5-qtgraphicaleffects-tests-debuginfo centos-upgrade-qt5-qtimageformats centos-upgrade-qt5-qtimageformats-debuginfo centos-upgrade-qt5-qtimageformats-debugsource centos-upgrade-qt5-qtimageformats-doc centos-upgrade-qt5-qtimageformats-tests-debuginfo centos-upgrade-qt5-qtlocation centos-upgrade-qt5-qtlocation-debuginfo centos-upgrade-qt5-qtlocation-debugsource centos-upgrade-qt5-qtlocation-devel centos-upgrade-qt5-qtlocation-doc centos-upgrade-qt5-qtlocation-examples centos-upgrade-qt5-qtlocation-examples-debuginfo centos-upgrade-qt5-qtlocation-tests-debuginfo centos-upgrade-qt5-qtmultimedia centos-upgrade-qt5-qtmultimedia-debuginfo centos-upgrade-qt5-qtmultimedia-debugsource centos-upgrade-qt5-qtmultimedia-devel centos-upgrade-qt5-qtmultimedia-doc centos-upgrade-qt5-qtmultimedia-examples centos-upgrade-qt5-qtmultimedia-examples-debuginfo centos-upgrade-qt5-qtmultimedia-tests-debuginfo centos-upgrade-qt5-qtquickcontrols centos-upgrade-qt5-qtquickcontrols-debuginfo centos-upgrade-qt5-qtquickcontrols-debugsource centos-upgrade-qt5-qtquickcontrols-doc centos-upgrade-qt5-qtquickcontrols-examples centos-upgrade-qt5-qtquickcontrols-examples-debuginfo centos-upgrade-qt5-qtquickcontrols-tests-debuginfo centos-upgrade-qt5-qtquickcontrols2 centos-upgrade-qt5-qtquickcontrols2-debuginfo centos-upgrade-qt5-qtquickcontrols2-debugsource centos-upgrade-qt5-qtquickcontrols2-devel centos-upgrade-qt5-qtquickcontrols2-doc centos-upgrade-qt5-qtquickcontrols2-examples centos-upgrade-qt5-qtquickcontrols2-examples-debuginfo centos-upgrade-qt5-qtquickcontrols2-tests-debuginfo centos-upgrade-qt5-qtscript centos-upgrade-qt5-qtscript-debuginfo centos-upgrade-qt5-qtscript-debugsource centos-upgrade-qt5-qtscript-devel centos-upgrade-qt5-qtscript-doc centos-upgrade-qt5-qtscript-examples centos-upgrade-qt5-qtscript-examples-debuginfo centos-upgrade-qt5-qtscript-tests-debuginfo centos-upgrade-qt5-qtsensors centos-upgrade-qt5-qtsensors-debuginfo centos-upgrade-qt5-qtsensors-debugsource centos-upgrade-qt5-qtsensors-devel centos-upgrade-qt5-qtsensors-doc centos-upgrade-qt5-qtsensors-examples centos-upgrade-qt5-qtsensors-examples-debuginfo centos-upgrade-qt5-qtsensors-tests-debuginfo centos-upgrade-qt5-qtserialbus centos-upgrade-qt5-qtserialbus-debuginfo centos-upgrade-qt5-qtserialbus-debugsource centos-upgrade-qt5-qtserialbus-devel centos-upgrade-qt5-qtserialbus-doc centos-upgrade-qt5-qtserialbus-examples centos-upgrade-qt5-qtserialbus-examples-debuginfo centos-upgrade-qt5-qtserialbus-tests-debuginfo centos-upgrade-qt5-qtserialport centos-upgrade-qt5-qtserialport-debuginfo centos-upgrade-qt5-qtserialport-debugsource centos-upgrade-qt5-qtserialport-devel centos-upgrade-qt5-qtserialport-doc centos-upgrade-qt5-qtserialport-examples centos-upgrade-qt5-qtserialport-examples-debuginfo centos-upgrade-qt5-qtserialport-tests-debuginfo centos-upgrade-qt5-qtsvg centos-upgrade-qt5-qtsvg-debuginfo centos-upgrade-qt5-qtsvg-debugsource centos-upgrade-qt5-qtsvg-devel centos-upgrade-qt5-qtsvg-doc centos-upgrade-qt5-qtsvg-examples centos-upgrade-qt5-qtsvg-examples-debuginfo centos-upgrade-qt5-qtsvg-tests-debuginfo centos-upgrade-qt5-qttools centos-upgrade-qt5-qttools-common centos-upgrade-qt5-qttools-debuginfo centos-upgrade-qt5-qttools-debugsource centos-upgrade-qt5-qttools-devel centos-upgrade-qt5-qttools-devel-debuginfo centos-upgrade-qt5-qttools-doc centos-upgrade-qt5-qttools-examples centos-upgrade-qt5-qttools-examples-debuginfo centos-upgrade-qt5-qttools-libs-designer centos-upgrade-qt5-qttools-libs-designer-debuginfo centos-upgrade-qt5-qttools-libs-designercomponents centos-upgrade-qt5-qttools-libs-designercomponents-debuginfo centos-upgrade-qt5-qttools-libs-help centos-upgrade-qt5-qttools-libs-help-debuginfo centos-upgrade-qt5-qttools-tests-debuginfo centos-upgrade-qt5-qttranslations centos-upgrade-qt5-qtwayland centos-upgrade-qt5-qtwayland-debuginfo centos-upgrade-qt5-qtwayland-debugsource centos-upgrade-qt5-qtwayland-devel centos-upgrade-qt5-qtwayland-devel-debuginfo centos-upgrade-qt5-qtwayland-doc centos-upgrade-qt5-qtwayland-examples centos-upgrade-qt5-qtwayland-examples-debuginfo centos-upgrade-qt5-qtwayland-tests-debuginfo centos-upgrade-qt5-qtwebchannel centos-upgrade-qt5-qtwebchannel-debuginfo centos-upgrade-qt5-qtwebchannel-debugsource centos-upgrade-qt5-qtwebchannel-devel centos-upgrade-qt5-qtwebchannel-doc centos-upgrade-qt5-qtwebchannel-examples centos-upgrade-qt5-qtwebchannel-examples-debuginfo centos-upgrade-qt5-qtwebchannel-tests-debuginfo centos-upgrade-qt5-qtwebsockets centos-upgrade-qt5-qtwebsockets-debuginfo centos-upgrade-qt5-qtwebsockets-debugsource centos-upgrade-qt5-qtwebsockets-devel centos-upgrade-qt5-qtwebsockets-doc centos-upgrade-qt5-qtwebsockets-examples centos-upgrade-qt5-qtwebsockets-examples-debuginfo centos-upgrade-qt5-qtwebsockets-tests-debuginfo centos-upgrade-qt5-qtx11extras centos-upgrade-qt5-qtx11extras-debuginfo centos-upgrade-qt5-qtx11extras-debugsource centos-upgrade-qt5-qtx11extras-devel centos-upgrade-qt5-qtx11extras-doc centos-upgrade-qt5-qtx11extras-tests-debuginfo centos-upgrade-qt5-qtxmlpatterns centos-upgrade-qt5-qtxmlpatterns-debuginfo centos-upgrade-qt5-qtxmlpatterns-debugsource centos-upgrade-qt5-qtxmlpatterns-devel centos-upgrade-qt5-qtxmlpatterns-devel-debuginfo centos-upgrade-qt5-qtxmlpatterns-doc centos-upgrade-qt5-qtxmlpatterns-examples centos-upgrade-qt5-qtxmlpatterns-examples-debuginfo centos-upgrade-qt5-qtxmlpatterns-tests-debuginfo centos-upgrade-qt5-rpm-macros centos-upgrade-qt5-srpm-macros References CVE-2023-32573

Ubuntu: USN-7247-1 (CVE-2023-2617): OpenCV vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/10/2023 Created 02/05/2025 Added 02/04/2025 Modified 02/04/2025 Description A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547. Solution(s) ubuntu-pro-upgrade-libopencv-contrib4-5d ubuntu-pro-upgrade-libopencv-core3-2 ubuntu-pro-upgrade-libopencv-core4-5d ubuntu-pro-upgrade-libopencv-dev ubuntu-pro-upgrade-libopencv-dnn4-5d ubuntu-pro-upgrade-libopencv-flann4-5d ubuntu-pro-upgrade-libopencv-imgcodecs4-5d ubuntu-pro-upgrade-libopencv-objdetect4-5d ubuntu-pro-upgrade-opencv-data References https://attackerkb.com/topics/cve-2023-2617 CVE - 2023-2617 USN-7247-1

SUSE: CVE-2022-43507: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 05/10/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. Solution(s) suse-upgrade-qatengine References https://attackerkb.com/topics/cve-2022-43507 CVE - 2022-43507

Gentoo Linux: CVE-2023-31567: PoDoFo: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/10/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/28/2025 Description Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. Solution(s) gentoo-linux-upgrade-app-text-podofo References https://attackerkb.com/topics/cve-2023-31567 CVE - 2023-31567 202405-33

Gentoo Linux: CVE-2023-31566: PoDoFo: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/10/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/28/2025 Description Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). Solution(s) gentoo-linux-upgrade-app-text-podofo References https://attackerkb.com/topics/cve-2023-31566 CVE - 2023-31566 202405-33

Gentoo Linux: CVE-2023-32573: qtsvg: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 05/10/2024 Added 05/10/2024 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) gentoo-linux-upgrade-dev-qt-qtsvg References https://attackerkb.com/topics/cve-2023-32573 CVE - 2023-32573 202405-26

Gentoo Linux: CVE-2023-32570: dav1d: Denial of Service Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Solution(s) gentoo-linux-upgrade-media-libs-dav1d References https://attackerkb.com/topics/cve-2023-32570 CVE - 2023-32570 202310-05

Ubuntu: (CVE-2023-28410): linux-hwe-5.15 vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/10/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-oem-5-17 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-realtime References https://attackerkb.com/topics/cve-2023-28410 CVE - 2023-28410 https://www.cve.org/CVERecord?id=CVE-2023-28410 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html

Alma Linux: CVE-2023-32573: Low: qt5-qtsvg security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) alma-upgrade-qt5 alma-upgrade-qt5-devel alma-upgrade-qt5-qtbase alma-upgrade-qt5-qtbase-common alma-upgrade-qt5-qtbase-devel alma-upgrade-qt5-qtbase-examples alma-upgrade-qt5-qtbase-gui alma-upgrade-qt5-qtbase-mysql alma-upgrade-qt5-qtbase-odbc alma-upgrade-qt5-qtbase-postgresql alma-upgrade-qt5-qtbase-private-devel alma-upgrade-qt5-qtbase-static alma-upgrade-qt5-qtsvg alma-upgrade-qt5-qtsvg-devel alma-upgrade-qt5-qtsvg-examples alma-upgrade-qt5-rpm-macros alma-upgrade-qt5-srpm-macros References https://attackerkb.com/topics/cve-2023-32573 CVE - 2023-32573 https://errata.almalinux.org/8/ALSA-2023-6961.html https://errata.almalinux.org/9/ALSA-2023-6369.html

Oracle Linux: CVE-2023-3090: ELSA-2023-4377:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/10/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/23/2025 Description A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-&gt;cbinitialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-&gt;cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-3090 CVE - 2023-3090 ELSA-2023-4377 ELSA-2023-12688 ELSA-2023-5244

SUSE: CVE-2023-32573: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) suse-upgrade-libqt4 suse-upgrade-libqt4-32bit suse-upgrade-libqt4-devel suse-upgrade-libqt4-devel-doc suse-upgrade-libqt4-devel-doc-data suse-upgrade-libqt4-linguist suse-upgrade-libqt4-private-headers-devel suse-upgrade-libqt4-qt3support suse-upgrade-libqt4-qt3support-32bit suse-upgrade-libqt4-sql suse-upgrade-libqt4-sql-32bit suse-upgrade-libqt4-sql-mysql suse-upgrade-libqt4-sql-mysql-32bit suse-upgrade-libqt4-sql-postgresql suse-upgrade-libqt4-sql-postgresql-32bit suse-upgrade-libqt4-sql-sqlite suse-upgrade-libqt4-sql-sqlite-32bit suse-upgrade-libqt4-sql-unixodbc suse-upgrade-libqt4-sql-unixodbc-32bit suse-upgrade-libqt4-x11 suse-upgrade-libqt4-x11-32bit suse-upgrade-libqt5-qtsvg-devel suse-upgrade-libqt5-qtsvg-devel-32bit suse-upgrade-libqt5-qtsvg-examples suse-upgrade-libqt5-qtsvg-private-headers-devel suse-upgrade-libqt5svg5 suse-upgrade-libqt5svg5-32bit suse-upgrade-libqt6svg6 suse-upgrade-libqt6svgwidgets6 suse-upgrade-qt4-x11-tools suse-upgrade-qt6-svg-devel suse-upgrade-qt6-svg-docs-html suse-upgrade-qt6-svg-docs-qch suse-upgrade-qt6-svg-examples suse-upgrade-qt6-svg-private-devel References https://attackerkb.com/topics/cve-2023-32573 CVE - 2023-32573

Alpine Linux: CVE-2023-32570: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Solution(s) alpine-linux-upgrade-dav1d References https://attackerkb.com/topics/cve-2023-32570 CVE - 2023-32570 https://security.alpinelinux.org/vuln/CVE-2023-32570

Debian: CVE-2023-28410: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/10/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-28410 CVE - 2023-28410

Alpine Linux: CVE-2023-32573: Divide By Zero Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) alpine-linux-upgrade-qt6-qtsvg References https://attackerkb.com/topics/cve-2023-32573 CVE - 2023-32573 https://security.alpinelinux.org/vuln/CVE-2023-32573

F5 Networks: CVE-2023-32573: K000148690: Qt vulnerability CVE-2023-32573 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/10/2023 Created 11/28/2024 Added 11/27/2024 Modified 01/28/2025 Description In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-32573 CVE - 2023-32573 https://my.f5.com/manage/s/article/K000148690

Alma Linux: CVE-2023-29400: Moderate: container-tools:4.0 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-29400 CVE - 2023-29400 https://errata.almalinux.org/8/ALSA-2023-6938.html https://errata.almalinux.org/8/ALSA-2023-6939.html https://errata.almalinux.org/9/ALSA-2023-6346.html https://errata.almalinux.org/9/ALSA-2023-6363.html https://errata.almalinux.org/9/ALSA-2023-6402.html https://errata.almalinux.org/9/ALSA-2023-6473.html https://errata.almalinux.org/9/ALSA-2023-6474.html View more

Ubuntu: USN-6140-1 (CVE-2023-24540): Go vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/11/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/30/2025 Description Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. Solution(s) ubuntu-upgrade-golang-1-19 ubuntu-upgrade-golang-1-19-go ubuntu-upgrade-golang-1-19-src ubuntu-upgrade-golang-1-20 ubuntu-upgrade-golang-1-20-go ubuntu-upgrade-golang-1-20-src References https://attackerkb.com/topics/cve-2023-24540 CVE - 2023-24540 USN-6140-1

Gentoo Linux: CVE-2023-24539: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 08/08/2024 Added 08/08/2024 Modified 01/30/2025 Description Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2023-24539 CVE - 2023-24539 202408-07

Gentoo Linux: CVE-2023-29400: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/11/2023 Created 08/08/2024 Added 08/08/2024 Modified 01/30/2025 Description Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2023-29400 CVE - 2023-29400 202408-07

Alpine Linux: CVE-2023-2664: Uncontrolled Recursion Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. Solution(s) alpine-linux-upgrade-xpdf References https://attackerkb.com/topics/cve-2023-2664 CVE - 2023-2664 https://security.alpinelinux.org/vuln/CVE-2023-2664

Alma Linux: CVE-2023-24540: Important: go-toolset:rhel8 security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/11/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/30/2025 Description Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-delve alma-upgrade-fuse-overlayfs alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-race alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-24540 CVE - 2023-24540 https://errata.almalinux.org/8/ALSA-2023-3319.html https://errata.almalinux.org/8/ALSA-2023-6938.html https://errata.almalinux.org/8/ALSA-2023-6939.html https://errata.almalinux.org/9/ALSA-2023-3318.html https://errata.almalinux.org/9/ALSA-2023-6346.html https://errata.almalinux.org/9/ALSA-2023-6363.html https://errata.almalinux.org/9/ALSA-2023-6402.html https://errata.almalinux.org/9/ALSA-2023-6473.html https://errata.almalinux.org/9/ALSA-2023-6474.html View more